Of Citadels And Sentinels: State Strategies For Contesting - - PowerPoint PPT Presentation

of citadels and sentinels state strategies for contesting
SMART_READER_LITE
LIVE PREVIEW

Of Citadels And Sentinels: State Strategies For Contesting - - PowerPoint PPT Presentation

Sep 28, 2022 405 likes •623 views

Of Citadels And Sentinels: State Strategies For Contesting Cyber-terror Strategies For Contesting Cyber-terror Tim Legrand and Jeff Malone 4 key issues and challenges 1. A cyber architecture designed for efficiency, not security 2. Private

slide-1
SLIDE 1

Of Citadels And Sentinels: State Strategies For Contesting Cyber-terror Strategies For Contesting Cyber-terror Tim Legrand and Jeff Malone

slide-2
SLIDE 2

4 key issues and challenges

  • 1. A cyber architecture designed for efficiency,

not security

  • 2. Private ownership/operation of critical

infrastructure infrastructure

  • 3. Evolving and ambiguous threats
  • 4. Changing use of and reliance on the cyber

realm

slide-3
SLIDE 3
  • 1. A cyber architecture designed for

efficiency, not security

  • The internet and ‘cyber-structure’ has evolved

anarchically:

– Development of cyber realm occurred beyond the control of governments control of governments – Digital architecture designed by private/social entities to increase efficiency, not security

slide-4
SLIDE 4
  • 2. Private ownership/operation of

critical infrastructure

  • Since the 1980s, under the purview of New

Public Management, critical national infrastructure has gradually moved into private operation and ownership: private operation and ownership:

– UK: ~80% of CIP owned/operated privately – US: ~85% to 90% of CIP owned/operated privately – Australia ~ 80% of CIP owned/operated privately

slide-5
SLIDE 5
  • 3. Evolving and ambiguous threats
  • The architecture of the cyber realm makes

threat origins difficult to discern:

– State-sponsored/state-endorsed cyber attacks increasing in frequency increasing in frequency – Issue-motivate groups growing in technical sophistication – Spectre of cyberterrorism growing with calls for ‘cyber-Jihad’

slide-6
SLIDE 6
  • 4. Changing use of and reliance on the

cyber realm

  • Gradual transfer of data and digital services

into the cloud

– Allows for greater efficiency and scalability – Sovereign ownership/control of data – Sovereign ownership/control of data

  • Increased uptake of and access to the internet

in Australia and worldwide

  • National Broadband Network (NBN) and the

digital economy

slide-7
SLIDE 7

New Public Management

  • Era of privatisation: 1980s

– Sell-off of critical infrastructure – Coincided with development of networked interoperability – Onus of responsibility now placed in corporate sphere – cyberspace constructed anarchically: no central direction (yet highly resilient and redundant) characterized by increased push towards efficiency in data access/interchange

slide-8
SLIDE 8

Critical infrastructure Sector Matrix

Overlapping and interdependent critical infrastructure/essential services

  • Communications (Data Communications, Fixed Voice Communications, Mail, Public

Information, Wireless Communications),

  • Emergency Services (Ambulance, Fire and Rescue, Coastguard, Police),
  • Energy (Electricity, Natural Gas, Petroleum),
  • Finance (Asset Management, Financial Facilities, Investment Banking, Markets,

Retail Banking), Finance (Asset Management, Financial Facilities, Investment Banking, Markets, Retail Banking),

  • Food (Produce, Import, Process, Distribute, Retail),
  • Government and Public Services (Central, Regional, and Local Government;

Parliaments and Legislatures; Justice; National Security),

  • Public Safety (Chemical, Biological, Radiological, and Nuclear (CBRN) Terrorism;

Crowds and Mass Events),

  • Health (Health Care, Public Health),
  • Transport (Air, Marine, Rail, Road),
  • Water (Mains Water, Sewerage).
slide-9
SLIDE 9

The ambiguous, yet gathering, storm

  • All these different groups – criminals,

terrorists, foreign intelligence services and militaries – are active today against the UK’s interests in cyberspace. But with the interests in cyberspace. But with the borderless and anonymous nature of the internet, precise attribution is often difficult and the distinction between adversaries is increasingly blurred (UK Cyber Security Strategy, 2011)

slide-10
SLIDE 10

The cyber-terror threat

  • “Cyberspace is already used by terrorists to

spread propaganda, radicalise potential supporters, raise funds, communicate and plan. While terrorists can be expected to continue to favour high-profile physical attacks, the threat favour high-profile physical attacks, the threat that they might also use cyberspace to facilitate

  • r to mount attacks against the UK is growing. We

judge that it will continue to do so, especially if terrorists believe that our national infrastructure may be vulnerable” (UK Cyber Security Strategy)

slide-11
SLIDE 11

Government strategy (UK)

  • Strategic Defence and Security Review in 2010

the Government put in place a £650 million, four-year National Cyber Security Programme (NCSP). (NCSP).

  • Managed Government by the Office of Cyber

Security and Information Assurance in the Cabinet Office

  • UK Cyber Security Strategy (2011)
slide-12
SLIDE 12

Government strategy (AS)

  • E-Security National Agenda(s) promulgated in

2001 and 2008

  • Cyber-Security Strategy 2009

Defence White Paper 2009

  • Defence White Paper 2009
  • Critical Infrastructure Resilience Strategy 2010
  • Cyber White Paper 2012 (to be released)
slide-13
SLIDE 13

Issues in delivering cyber protection

“The digital architecture on which we now rely was built to be efficient and

  • interoperable. When the internet first started to grow, security was less of a

consideration” (UK Cyber Security Strategy)

  • AMBIGUITY AND THE RISK-BASED APPROACH: “We will therefore apply a risk-

based approach to prioritising our response”. LIMITED CAPACITY: “Government cannot act alone. It must recognise the limits of

  • LIMITED CAPACITY: “Government cannot act alone. It must recognise the limits of

its competence in cyberspace. Much of the infrastructure we need to protect is

  • wned and operated by the private sector”
  • TRANSNATIONAL COLLABORATION: “Threats are cross-border. Not all the

infrastructure on which we rely is UK-based. So the UK cannot make all the progress it needs to on its own. We will seek partnership with other countries that share our views, and reach out where we can to those who do not”

  • CLOUD COMPUTING VECTOR: Increased reliance on cloud computing- rollout of
  • nline public services based in the cloud next year.
slide-14
SLIDE 14

Public-private cyber security (UK)

  • CPNI hosts Information Exchanges (general intel) and

Warning Advice and Reporting Points (WARPs) (Specific)

– Also hosts: Combined Security Incident Response Team (CSIRTUK) which works with private sector to identify and manage cyber-threats manage cyber-threats

  • GCHQ advises the public sector via The

Communications-Electronics Security Group (CESG) which runs GovCertUK (emergency response)

– Single Intelligence Account, building cross cutting capabilities, including Information Assurance 59% of £650m: will ‘strengthen and upgrade the sovereign capability the UK needs to confront the high-end threat’

slide-15
SLIDE 15

Public-private cyber security (AS)

  • AGD hosts TISN arrangements, enables

information sharing and development of good practice guidance (via sectoral groups, ITSEAG and SCADA COI). and SCADA COI).

– Also hosts CERT Australia – assists CI owners with response

  • DSD advises public sector via CSOC

– Hosted by DSD, but integrates activities undertaken by other agencies (AFP, ASIO)

slide-16
SLIDE 16

Threat to the individual

  • Direct threat to individuals: criminal groups

(Actual) cyber-based sabotage on physical architecture (potential) causing physical harm

  • Indirect threat: disruption of key public
  • Indirect threat: disruption of key public

services and/or utilities (actual/potential)

  • Exploitation: botnets (actual)
  • Response: educating individuals on staying

safe online

slide-17
SLIDE 17

Threat to cyber-communities

  • Direct threat: Indirect threat: government

CT/IP legislation might restrict cyber- community interaction and freedoms

  • Exploitation: exploitation of cyber-
  • Exploitation: exploitation of cyber-

communities to foment criminal behaviour (cf. Darknet)

  • Response: transnational agreements?
slide-18
SLIDE 18

Threat to commercial (non-CI) sector

  • Threat to commercial (non-CI) sector Direct

threat: industrial espionage/IP theft (actual), criminal groups (actual)

  • Indirect threat: disruption to commercial
  • Indirect threat: disruption to commercial

systems/loss of customer confidence

  • Exploitation of commercial sector?
  • Response: development of TISN (Aus) &

CSIRTUK, Cleanfeed (IP)

slide-19
SLIDE 19

Threat to commercial (CI) sector

  • Direct: attacks to SCADA systems/disabling of

critical elements

  • Indirect: exploitation of CI in commission of

physical attack/loss of government contracts physical attack/loss of government contracts (for non-compliance)

  • Responses: Sovereign responses,

internatinonal agreements

slide-20
SLIDE 20

Threat to the state

  • Direct: state-sponsored attacks/cyber

espionage/cyber warfare

  • Indirect: loss of dominion/state revenues

associated with diminished cyber-economy associated with diminished cyber-economy

  • Exploitation of the state: ?
  • Response: sovereign institutions/transnational

agreements

slide-21
SLIDE 21

Policy dilemmas

  • Reliance on a digital architecture, designed for efficiency, that is

clearly not fit for purpose.

  • Simultaneously diffuse and aggregated cyber-threats
  • Much of critical infrastructure is overseas and thus beyond
  • Much of critical infrastructure is overseas and thus beyond

traditional power of the state to intervene/influence

  • Tensions between public and private imperatives in cyber security
  • Inherent difficulty in establishing metrics – and collecting good

data – to evaluate effectiveness of policy