Lt Col Paulo Nunes Lisboa – GNS, 12Set13
Seminar ‘Cyber Security: An Action to Establish
the National Cyber Security Center’
GNS - Lisboa, 12 September 2013 Lisboa – GNS, 12Set13 Lt Col Paulo Nunes
Cyberspace Strategic Impact
Social Risk Management
Cyber Security and Cyber Defence
Cyber Defense: NATO Vision
National Cyber Security Strategic Concept
Conclusions
Agenda
Agenda
2
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 3
Cyberspace dual nature:
(social, economic, political and
cultural interactions);
(Internet).
Physical and Logic Infrastructure …
… Internet Connected!
Cyberspace dual nature:
(social, economic, political and
cultural interactions);
(Internet).
Physical and Logic Infrastructure …
… Internet Connected!
Lt Col Paulo Nunes Lisboa – GNS, 12Set13
Personal Access Networks …
Personal Access Networks …
Fonte: NNEC Abril 2011
Lt Col Paulo Nunes Lisboa – GNS, 12Set13
The
The ““Cloud
Cloud” …
” …
Lt Col Paulo Nunes Lisboa – GNS, 12Set13
Why?
Why?
(Commercial) Technology Evolution
(Commercial) Technology Evolution
6
Information
Information
Superiority
Superiority
Source:Transações Transações Comerciais
Comerciais ComércioComércio Sexual Sexual Hackers Hackers Redes Redes Terroristas Terroristas Autoridades Autoridades
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 8
Threat Spectrum
Threat Spectrum
Why are we attacked?
Why are we attacked?
Affect Functioning
Affect Functioning Information Theft Information Theft Money Extortion Money Extortion
-- SpamSpam
-- DDOS DDOS AtacksAtacks -- PhishingPhishing -- Sensitive InformationSensitive Information
ex: personal data ex: personal data and and home bankhome bankinging
-- BlackmailBlackmail -- SpearphishingSpearphishing
Destruction Destruction
-- HackitivismHackitivism -- CyberCyber--SabotageSabotage
Rustock
Zeus
Rogue AV
Rogue AV
Stuxnet
Stuxnet
Examples: Examples:
Adapted from Symantec (2011)
Mainly for:
Mainly for:
Information Theft Information Theft and Destruction and Destruction -- SpyingSpying -- Cyber WarfareCyber WarfareFlame
Flame
Cyber Arms Cyber Arms
More disruptive
and destructive Attacks
Lt Col Paulo Nunes Lisboa – GNS, 12Set13
Mobile Threats
Mobile Threats
SMiShing Goes Mainstream
15B, 6B
15B, 6B
All About APPS !
All About APPS !
Downloads de Apps do iTunes store e do Android Market, respectively Activações de Dispositivos Android TODOS os dias.
550K
550K
EXPLOSIVE
EXPLOSIVE Grouth
Grouth !!
Source: Symantec (2011)
9
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 10
Warfare
Warfare –– Dynamic Evolution …
Dynamic Evolution …
Warfare was always a question of “Threats vs. Security”
Technology and Maneuver interact to speed up the pace of Conflicts
Technology and Maneuver interact to speed up the pace of Conflicts
A da pte d fr om
: Cyber DefenseCyber Defense
Cyber Warfare Cyber Warfare “ClickzkriegClickzkrieg”
Military Cyber Impact: 4+1 Paradigm…
Military Cyber Impact: 4+1 Paradigm…
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 13
Cyber Threats are here to stay ...
Cyber Threats are here to stay ...
Cyber Attacks:
China, USA, Israel, Palestina, Estónia, Georgia, Radio Free Europe, Kyrgyzstão …
Armed Forces (20-30 Countries) with Cyber Warfare Units
(Soriano, Mar11)
Events:
Estonia Cyber Attack (April/May 2007); Georgia Invasion (August 2009);
US Cyber Command (IOC: May10, FOC: Nov10)
Cyber Arms (Stuxnet – 2011; Flame – 2012; etc. )
Documents:
NATO Cyber Defence Concept (2007) NATO Strategic Concept 2010 (Lisboa, 18-19 Nov 2010) NATO Cyber Defence Policy and Action Plan (2011) National Cyber Security and Cyber Defence Strategies
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 15
Fonte: WEF, Global Risks Report 2013
Global
Global Risks
Risks 2013
2013 –– Cyber
Cyber Impact
Impact
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 16
Fonte: WEF, Global Fonte: WEF, Global RisksRisks ReportReport 20132013
Global Risks
Global Risks 2013
2013 –– Cyberspace is a Global Risk!
Cyberspace is a Global Risk!
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 17
Low Risk – High Benefit!
High Exposure of most Countries
(including Portugal)
…
Cyber Threats: Value Preposition
Lt Col Paulo Nunes
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 19
Social Risk : What can we do about it?
Social Risk : What can we do about it?
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 20
Protection and Defense of NII
Protection and Defense of NII
Relevant Questions
Relevant Questions
Lt Col Paulo Nunes Lisboa – GNS, 12Set13
GLOBAL CYBER SECURITY
PT CYBER SECURITY
CYBER DEFENSE
(Computer Network Operations - CNO)
Global (Common) Cyberspace
National Cyberspace
National Defense and Security Missions
Cyber Security vs Cyber Defense
21 Lisboa – GNS, 12Set13 Lt Col Paulo Nunes
How to Articulate Different Operational Domains?
22 F o nt e: Li no S an to s , R o gé rio B ra vo e P au lo V ie ga s N un es ( 20 12 ), P ROTECÇÃO DO C IBERESPAÇO : V isã o A na lít ica
Criminal
Prossecution
National
Defence
Simple
Protection
Individual and Organizational Crisis Crisis Management Management Intelligence Mitigation Measures Evidence Colletion Alerts Intelligence Mitigation Measures Evidence Colletion Alerts Intelligence Mitigation Measures Evidence Colletion AlertsCyber Security and Cyber Defense:
“One House, several Pillars”
NATIONAL CERTS NETWORK (Civil and Military)
A RM E D F O RC E S A RM E D F O RC E S
NATIONAL AND INTERNACIONAL COOPERATION (Civil and Military)
Missão
Objectivos
Policy and Policy and Strategic Orientation Strategic Orientation Crisis Crisis Management Management L A W E N F O R C E M E N T L A W E N F O R C E M E N T L A W E N F O R C E M E N T L A W E N F O R C E M E N T IN T EL L IGEN C E A GEN C IES IN T EL L IGEN C E A GEN C IES I N T EL L IGEN C E A GEN C IES IN T EL L IGEN C E A GEN C IESLt Col Paulo Nunes Lisboa – GNS, 12Set13
Information
Information Assurance
Assurance:
:
NATO
NATO
Vision
Vision
Computer Network Operations (CNO) Computer Network Attack
(CNA)
Computer Network Defence(CND)
Computer Network Exploitation(CNE)
InformationInformation SecuritySecurity ((INFOSECINFOSEC)) Communications Security (COMSEC) Computer Security (COMPUSEC)
CYBER DEFENSE = CNO+ (COMPUSEC)
CYBER DEFENSE = CNO+ (COMPUSEC)
CYBER
CYBER
DEFENSE
DEFENSE
INFOSEC
INFOSEC
Cyber Defence Capability Framework Document
(Ver.2 -28Feb11)
25
INFORMATION ASSURANCE
INFORMATION ASSURANCE
25 Lisboa – GNS, 12Set13 Lt Col Paulo Nunes
NATO Cyber Defence Policy: Cyber Attacks Response
NCIRC Technical Centre (FOC)
NCIRC Technical Centre (FOC)
(NCSA/NIATC, Mons, Belgium)
(NCSA/NIATC, Mons, Belgium)
CD Coordination and Support Centre CD Coordination and Support Centre NCIRC CC + CD Threat Assessment Cell NCIRC CC + CD Threat Assessment Cell
(NOS & NHQC3S
(NOS & NHQC3S –– NATO HQ)NATO HQ)
NATO Cyber Defence
NATO Cyber Defence
Management Board
Management Board
(NATO HQ, BI-SCs, NCSA, NC3A, ACOS CIS&INT)
NATO Computer Networks
NATO Computer Networks
(~70.000 computers in 58 Locations in 30 Countries )
(~70.000 computers in 58 Locations in 30 Countries )
Support Request
Rapid Reaction Team National
CERT CERT (Cyber Defense)
NATO Cyber Defence Concept
26 Tactical Level Operational Level Political/Strategic Level
NATIONS
NATIONS
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 27 NOS/NC3Staff
Coordination
Centre
All NATO HQs and AgenciesNATO CIS
Operating Authorities
NITC / NCSA NITC / NCSANCIRC Technical Centre
27
1
2
3
Policy Strategic direction National level liaisonCERT services IDS Management Vulnerability Management Scientific services Local INFOSEC management
Cyber Security:
NATO vs National Model
Users Users Operational Operational Management Management Planning Planning and and Coordenation
Coordenation Crisis Management Crisis Management
Cyber Security
Cyber Security
National Counsel
National Counsel
Incidents Response
Incidents Response
National
National
Cyber Security Centre
Cyber Security Centre
Citizens, Enterprises,
Citizens, Enterprises,
Organizations
Organizations
Users
Users
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 28
CNC
CNC Operational
Operational View
View:: Principles
Principles
MULTIPURPOSE MULTIPURPOSE FLEXIBLEFLEXIBLE SIMPLESIMPLE SCALABLE SCALABLE COMPATIBLE COMPATIBLE COMPLEMENTARY COMPLEMENTARY
National
Cyber Security Structure
to face all kinds of attacks (different level of threats);
to adapt and cope with threat scenarios dynamics
to provide a gradual response, proportionally applying resources to the situation requirements (be more efficient) to be interoperable with systems of allied
countries and organizations that Portugal is part of (NATO, EU and UN ...);
to ensure a more comprehensive and complete response as possible, integrating more areas and sectors concerning
the National Cybersecurity. to be easily understood, eliminate
malfunctions and promote an efficient inter-ministerial coordination.
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 29
Conceptual
Conceptual Model
Model :
: National vs International Framework
Political Level Strategic Level Operational Level Cyber Security National Counsel National Conselho Nacional de Segurança e Defesa (...) International EU CIIP EFMS (...) National Cyber Security Centre National Rede de CISRT Academia Indústria International EGP FIRST EU CIIP E3PR Government of Portugal Armed Forces
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 30
National Cyber Security and Defence
National Cyber Security and Defence –– Value Chain
Value Chain
Primary Activities
Development Development and and Management of Management of Competencies Competencies and Skills and Skills Information Information Security Security IntelligenceIntelligence Cyber CyberCyberspace Cyberspace Operations Operations (CNO (CNO)) National National Synergies Synergies International International Cooperation Cooperation
Supporting Activities
Human Resources Management Human Resources Management Finantial Resourses Management Finantial Resourses Management Specific Legislation and Norms Specific Legislation and Norms
Education & Courses Education & Courses Doctrine & Training Doctrine & Training Research & Development Research & Development
Security and Defense of
National Cyberspace
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 31
FROM VISION TO ACTION
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 33
Strategic
Strategic Approach
Approach::
From
From Vision
Vision to
to Action
Action
National Interests
Aim
Objectives
Measures
Promote and Reinforce National Strategic
Potential
Principles and Strategic Goals
(Level of Ambition)
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 34
National
National Cyber
Cyber Security
Security Strategy
Strategy::
Aim
Aim,
, Objectives
Objectives and
and Measures
Measures
Information
Assurance
Secure and efficient useof Cyberspace; Protection and Defense
of National Critical Information Infrastructure
Information Security and Cyber Defense
Secure use of Cyberspace
(Generate and Protect Value)
Analyse Information environment and anticipate attacks; • Detect and block attacks, alert and support potential victims; • Enhance R&D to promote National technological independence; • Adapt Legal framework and fight Cybercrime; • Develop international cooperation initiatives • Communicate, raise awareness and inform citizens Reinforce
Cyber Security of National Critical Infraestruturas
(Reduce Social Risk)
• Reinforce Governmental Networks ICT Security;
• Reinforce Government and Critical Infrastructures IS Security (Resilience and Survival);
Defend National Interests and Freedom of Action
in Cyberspace
(ReaffirmNational Identity
and Defend National
Sovereignty)
• “Knowledge and Information Society” initiatives; • Protect and Defend National E-Gov; • National Cyber Security and Cyber Defense Structures; • National Synergies and International Cooperation
Objectives
Aim
Measures
Lt Col Paulo Nunes
Lisboa – GNS, 12Set13 35