the swedish initiative on critical infrastructure protection
DESCRIPTION
The Swedish Initiative on Critical Infrastructure Protection. Presentation at ETH/ÖCB Workshop Zurich 9 November 2001. Dir. Lars D. Nicander, National Office of IO/CIP-Studies, Swedish National Defence College Secretary of The Cabinet Working-Group on IO-D/CIP. - PowerPoint PPT PresentationTRANSCRIPT
1SNDC/IOS LN 0111
The Swedish Initiative on The Swedish Initiative on Critical Infrastructure ProtectionCritical Infrastructure Protection
Dir. Lars D. Nicander, National Office of IO/CIP-Studies, Swedish National Defence College Secretary of The Cabinet Working-Group on IO-D/CIP
Presentation at ETH/ÖCB WorkshopZurich 9 November 2001
2SNDC/IOS LN 0111
The Swedish Initiative on The Swedish Initiative on Critical Infrastructure ProtectionCritical Infrastructure Protection
Our view on IO/CIP Issues How to organize a National IO-D/CIP-Management Some proposals Time frame Possible areas of international co-operation
3SNDC/IOS LN 0111
Cabinet Working Group on IW-D/CIPCabinet Working Group on IW-D/CIP(970101-000621)(970101-000621)
DoD(chair)
NDC(secr)
DRE DRE NCP SwSS
DoInd. Psycdef AFHQ Mil. I&S
Information Warfare- threats, security, protection
CO
Telia
State
DoJ
OMB
Stkt
TCN
GAO
TeracomSR SVT SJ/BVLMESAF SNUS Sv.Bf
JCS
PTS
DMA
FI
KK
DRI
ÖCB
SvKraftnät?
4SNDC/IOS LN 0111
Cabinet Working Group on IO-D/CIPCabinet Working Group on IO-D/CIP(000622-011231)(000622-011231)
NDC(secr)
DoD(chair+ dep.)
Information Operations- threats, security, protection
DoI,E&C.
MoFA (2)
PsycdefAF/OpsMil. I&S
NCID SwSSDoJ (2) PTS
DMA FRA FI
NSD
SwBA
CO/Adm
FOA
ÖCB
SwAAD
Council
Do FiDoD (3)
5SNDC/IOS LN 0111
Strategic/Economic Environment
IO/IW SynergyIO/IW Synergy
Information Systems,Infosec
Information,IntelligencePerceptions
JointOperations
IO/IW
6SNDC/IOS LN 0111
LevelsLevels
Coalitions
Nations
Organisations
Individuals
Coalitions
Nations
Organisations
Individuals
Classes(W. Schwartau)
III
II
I
7SNDC/IOS LN 0111
TaxonomyTaxonomy
Defensive Information Operations (IO-D)/Defensive Information Warfare (IW-D)
Critical Infrastructure Protection
Information Assurance
8SNDC/IOS LN 0111
First strike attack for nationsFirst strike attack for nations Means of diplomatic pressuresMeans of diplomatic pressures TerroristsTerrorists Corporate espionageCorporate espionage Drug cartels, criminal organisationsDrug cartels, criminal organisations The disgruntled employeeThe disgruntled employee
ThreatsThreats
9SNDC/IOS LN 0111
FBI/CSI-SurveyFBI/CSI-Survey
Interviews with 634 companies on IT-Interviews with 634 companies on IT-incidents incidents
$25 billion losses in year 2000$25 billion losses in year 2000
10SNDC/IOS LN 0111
Some Weapons Psychological Operations Blackmail, extortion Data manipulation Cryptoanalysis Virus Logical bombs Backdoors Chipping EMP; electromagnetic pulse Physical destruction
11SNDC/IOS LN 0111
IssuesIssues Policy development Policy development “ “Sweden should be a safe marketplace!”Sweden should be a safe marketplace!” Organisation/structureOrganisation/structure
– Focal point?Focal point?» Threat overviewThreat overview» Setting security standards for government and recommend standards Setting security standards for government and recommend standards
for critical private infrastructurefor critical private infrastructure
– National CERTNational CERT Programs for awareness, education and trainingPrograms for awareness, education and training Funding for security and redundancy incentivesFunding for security and redundancy incentives International Co-operation and RegimesInternational Co-operation and Regimes
12SNDC/IOS LN 0111
Protective philosophyProtective philosophy- Report no 2- Report no 2
Protect-Detect-React (RM-perspective)Protect-Detect-React (RM-perspective) Clarify the hidden statistics of IT-Clarify the hidden statistics of IT-
incidents incidents Define Minimal Essential Critical Define Minimal Essential Critical
Information InfrastructureInformation Infrastructure ””Helpdesk” + responsive functions in Helpdesk” + responsive functions in
real time ---> GovCERT real time ---> GovCERT
13SNDC/IOS LN 0111
Structures, responsibilitiesStructures, responsibilities- Report no 2- Report no 2
ProblemProblem– ””Who´s in charge?”Who´s in charge?”
» Need for a new bureaucratic syntesisNeed for a new bureaucratic syntesis
CharacterCharacter– Intelligence or operational matter?Intelligence or operational matter?
Organisational directionOrganisational direction– A new agency?A new agency?– A new function A new function hostedhosted by an established agency? by an established agency?
14SNDC/IOS LN 0111
Criteria for a ”lead agency”Criteria for a ”lead agency” Strong linkage threat-planning Strong linkage threat-planning Far-reaching administrative and Far-reaching administrative and
operational responsibility operational responsibility Organic relations within the Total Organic relations within the Total
Defense Community as well as with the Defense Community as well as with the Private Sector (c.f. PCCIP)Private Sector (c.f. PCCIP)
Law Enforcement AuthoritiesLaw Enforcement Authorities Education, training and personal Education, training and personal
development of a national Red Team-development of a national Red Team-unitunit
15SNDC/IOS LN 0111
National IO-D ManagementNational IO-D Management
Cabinet co-ordination group
AFHQCESG
GovCERT
Threat/IO-intel
Joint planning and co-ordination
SecurityIncident analysis
Statistics unit (Nat. ISAC)
Red Team DRE
Private Sector
FIPTS
SwSS
NCID
GAO
”Joint Venture” private/public
ÖCB
PsyB
Counter Psyops/DeceptionI&W-unit
16SNDC/IOS LN 0111
Cabinet WG - Report 2Cabinet WG - Report 2- main proposals- main proposals
ConsensusConsensus A co-ordination group within Cabinet Office A co-ordination group within Cabinet Office A new national IO-D co-ordination body on the A new national IO-D co-ordination body on the
Agency-level (separate division within ÖCB) Agency-level (separate division within ÖCB) A GovCERT will be organised by PTS (LEA A GovCERT will be organised by PTS (LEA
support)support) A National ISAC will be organised A National ISAC will be organised Reporting duty within GovernmentReporting duty within Government
Defense Bill March -99
Wait
Wait
OK
OK
OK
17SNDC/IOS LN 0111
Cabinet WG - Report 2Cabinet WG - Report 2- main proposals (cont.)- main proposals (cont.)
Expanded Armed Forces mandate for support of vital Expanded Armed Forces mandate for support of vital National Information Systems National Information Systems
An active IT-check function for the government An active IT-check function for the government administration will be organised within the Armed administration will be organised within the Armed ForcesForces
Constitutional amendmentsConstitutional amendments Analysis of perception/desinformation methods on Analysis of perception/desinformation methods on
Internet at The National Board of Psychological DefenceInternet at The National Board of Psychological Defence New forms of co-operation etc. concerning ICNew forms of co-operation etc. concerning IC
OK
OK
OK
OK
OK
18SNDC/IOS LN 0111
SWE c.f. US in CIP approachesSWE c.f. US in CIP approaches More emphasis on the top-down perspective More emphasis on the top-down perspective
(IO-D) than on the infosec bottom-up perspective (IA).(IO-D) than on the infosec bottom-up perspective (IA). More emphasis on the CIAO-equivalent and less on the More emphasis on the CIAO-equivalent and less on the
NIPC, due to the assessment of tight linkage between NIPC, due to the assessment of tight linkage between threat and planningthreat and planning
One stop-shop to the Private Sector through the Private One stop-shop to the Private Sector through the Private Sectors Security DelegationSectors Security Delegation– One Private-Government National ISACOne Private-Government National ISAC– GovCERT+ deals with private CERTs ---> NatCERTGovCERT+ deals with private CERTs ---> NatCERT
19SNDC/IOS LN 0111
Presented to The Cabinet 11 May 2001Presented to The Cabinet 11 May 2001 Explicit IT security strategyExplicit IT security strategy Cross-boundary co-ordination centreCross-boundary co-ordination centre Overall public IT security responsibility Overall public IT security responsibility
within a new agency for civil planningwithin a new agency for civil planning National CERTNational CERT A new technology competence centreA new technology competence centre Certification bodyCertification body
The Committee on Vulnerability and Security in Civil The Committee on Vulnerability and Security in Civil
SocietySociety IT security and IO protection: IT security and IO protection:
20SNDC/IOS LN 0111
StructureStructure
Co-ordination centre
Technology Competence
CentreNational
CERT
Planning, risk assessment
Certification
Body
21SNDC/IOS LN 0111
Time frameTime frame Parliament Decision I, May 1999Parliament Decision I, May 1999 Swedish Defence Commission: White Paper 2, September Swedish Defence Commission: White Paper 2, September
1999 1999 ”...of great importance to security policy!””...of great importance to security policy!” Parliament Decision II, March 2000Parliament Decision II, March 2000 Special Commissioner on Vulnerabilities in Society, May Special Commissioner on Vulnerabilities in Society, May
20012001 Cabinet Bill to Parliament, September 2001Cabinet Bill to Parliament, September 2001 Parliament Decision III, November 2001Parliament Decision III, November 2001 Implementation 2002-2003 (New agency etc.)Implementation 2002-2003 (New agency etc.)
22SNDC/IOS LN 0111
Three ChallengesThree Challenges
Management issues (”bending pipes”)
InternationalCo-operation,Regimes etc
Internationallaw (”use of force”) etc
Domestic tasks
International tasks
23SNDC/IOS LN 0111
Collective Security in Collective Security in CyberspaceCyberspace
There are no borders in Cyberspace!There are no borders in Cyberspace! A cyber-intrusion could be routed from A cyber-intrusion could be routed from
country A through country B, C and D country A through country B, C and D before it ends up in country E. before it ends up in country E.
How can we trace back these intrusions?How can we trace back these intrusions?– Today: International Law Enforcement or Today: International Law Enforcement or
private initiatives (FIRST etc)private initiatives (FIRST etc)– Tomorrow: ”Fishwebs” between national Tomorrow: ”Fishwebs” between national
CERT:s for tracing intrusions back in real time?CERT:s for tracing intrusions back in real time?
24SNDC/IOS LN 0111
Country XCountry E
Country C Country D
Country A Country B
Country Y
Country Z
Building fishwebs in CyberspaceBuilding fishwebs in Cyberspace
UN, ITU etc
25SNDC/IOS LN 0111
Areas of international co-Areas of international co-operation?operation?
Doctrines concerning use of IO/IW under Doctrines concerning use of IO/IW under UN or other international legal auspices UN or other international legal auspices (international operations, upholding (international operations, upholding sanctions etc.) sanctions etc.)
Principles of building Regimes for Principles of building Regimes for defensive actions taken in Cyberspace defensive actions taken in Cyberspace (tracing, counterhacking etc.) (tracing, counterhacking etc.)
26SNDC/IOS LN 0111
More info….More info….
<www.fhs.mil.se>
Website: