cybersecurity: public sector threats and responses
DESCRIPTION
Presentation from Kim Andreasson, Managing Director, DAKA advisory AB in Indonesia Information Security Forum 2012TRANSCRIPT
![Page 1: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/1.jpg)
Kim AndreassonManaging DirectorDAKA advisory AB
Indonesia Information Security Forum (IISF)
Hotel Hilton Bandung, 10 October 2012
Cybersecurity: Public Sector Threats and Responses
![Page 2: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/2.jpg)
Presentation overview
An introduction to cyber security in the public sector Cyber threats Public sector responses Steps towards a more resilient organizational cyber
security strategy Conclusion
![Page 3: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/3.jpg)
Understanding cyber security in the public sectorA convergence of three trends:1. Globalization2. Connectivity3. E-government
![Page 4: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/4.jpg)
1. Globalization ICTs contribute strongly
to economic growth and better social outcomes
Benchmarking the information society is important in order for policy-makers to understand the factors behind it and how to achieve improved outcomes
Most benchmarks include a component of e-government
![Page 5: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/5.jpg)
2. Connectivity
The world will go from 2bn Internet users in 2010 to 5bn in 2015
An opportunity to improve service delivery
An opportunity to leapfrog
114.2
70.1
0
20
40
60
80
100
120
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010
Per 1
00 in
habi
tant
s
Mobi le subscriptions :Developed countries
Mobi le subscriptions :Developing countries
The developed/developing country classifications are based on the UN M49, see: http://www.itu.int/ITU-D/ict/definitions/regions/index.htmlSource: ITU World Telecommunication /ICT Indicators database
![Page 6: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/6.jpg)
3. E-government
Information and service delivery
Transparency and accountability
Link to broader development objectives
Digital by default
![Page 7: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/7.jpg)
3.1. Supply of e-government
Benchmarking global e-government development since 2003 to “inform and improve the understanding of policy makers’ choices to shape their e-government programs” (UN 2004)
The survey measures “the willingness and capacity of countries to use online and mobile technology in the execution of government functions” (UN 2010)
![Page 8: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/8.jpg)
3.2. E-government progress
http://www.archive.org
![Page 9: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/9.jpg)
3.3. Demand for e-government
In 1990, the American tax authority, the IRS, said 4m people used online tax filing (the first year such service was available)
In 2000, the number filing their taxes online had risen to 35m
In 2010, 100m Americans used e-file
![Page 10: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/10.jpg)
Enter cyber security
An increase in usage means an increase in dependency
About 75% of organizations suffer from a cyber attack every year
Attacks can compromise trust in e-government
![Page 11: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/11.jpg)
Categorizing cyber threatsPolitically motivated threats:
cyber warfare, cyber terrorism, espionage and hacktivism
Non-politically motivated threats: typically financially motivated, such as cyber crime, intellectual property theft, and fraud, but also hacking for fun or retribution, for example, from a disgruntled employee
![Page 12: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/12.jpg)
Understanding cyber threats
“When we first started this process… agencies didn’t know what they didn’t know.”
-Karen S. Evans Administrator for E-Government and Information Technology in testimony before the House Committee on Homeland Security, February 28, 2008
What is the risk? Is there control?Can you live with the residual risk?What is your response plan when services become
compromised?
![Page 13: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/13.jpg)
Public sector responses
The public sector is different as it must consider, for example:Tension between transparency and privacyCost optimization; agencies often only seek to meet minimum
standardsBuild closer relations with other stakeholders, including the
private sectorKey performance indicators (KPIs)But one thing remains the same: Cyber security is a global
phenomenon and a challenge for every organization. It must be dealt with at all levels, from the international arena to the regional, national and local levels
![Page 14: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/14.jpg)
Global cyber security agenda
1. Legal measures
2. Technical and procedural measures
3. Organizational structures
4. Capacity building
5. International cooperation
![Page 15: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/15.jpg)
The problem for organizational cyber securityPeople!According to the Data Breach
Investigations Report from Verizon, an American telecommunications firm, 85% of confirmed cyber breaches were not considered very difficult and 96% were avoidable
More work is needed to create and maintain comprehensive yet clearly communicated cyber security policies that are enforced
![Page 16: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/16.jpg)
Steps towards a more resilient organizational cyber security strategy
1. Close the gap between IT and management2. Improve awareness and education3. Capture technology trends, including the
move from e-government to m-government
![Page 17: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/17.jpg)
Step #1: Close the gap between IT and managementAssess underlying factor(s), e.g.
user awareness based on an internal survey
Translate results into KPIs, e.g. average user awareness
Communicate key message to management, e.g. the meaning of score(s) and their importance related to other issue(s)
![Page 18: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/18.jpg)
Step #2: Improve awareness and education
Make people SMART:SpecificMeasurableAttainableRelevantTime-bound
ICT skills divide Governments cannot go it
alone; a role for the private sector and NGOs
![Page 19: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/19.jpg)
Step #3: Track trends, such as mobility New threats: from spam to spim
and mobile malware New challenges: insecure
wireless connections, missing (stolen) devices, data loss, “always on” connections
Same answers: comprehensive and clearly communicated policies that are measurable
![Page 20: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/20.jpg)
Conclusion: measure cyber security at all levelsCompared with just a decade ago, governments have made
significant progress in expanding ICT access But just as crime have always been part of history, cyber
security is likely to continue well into the future, especially since the two are increasingly intertwined
There is a demand for measurement at all levels in order to give policy-makers and public sector managers data, tools and benchmarks to better understand cyber security from a policy perspective and to communicate that message
Every case is different, yet fundamentally the same
![Page 21: Cybersecurity: Public Sector Threats and Responses](https://reader036.vdocuments.site/reader036/viewer/2022070301/546c22a3af795980298b4ec6/html5/thumbnails/21.jpg)
Thank you
www.DAKAADVISORY.com