1SNDC/IOS LN 0111

The Swedish Initiative on The Swedish Initiative on Critical Infrastructure ProtectionCritical Infrastructure Protection

Dir. Lars D. Nicander, National Office of IO/CIP-Studies, Swedish National Defence College Secretary of The Cabinet Working-Group on IO-D/CIP

Presentation at ETH/ÖCB WorkshopZurich 9 November 2001

2SNDC/IOS LN 0111

The Swedish Initiative on The Swedish Initiative on Critical Infrastructure ProtectionCritical Infrastructure Protection

Our view on IO/CIP Issues How to organize a National IO-D/CIP-Management Some proposals Time frame Possible areas of international co-operation

3SNDC/IOS LN 0111

Cabinet Working Group on IW-D/CIPCabinet Working Group on IW-D/CIP(970101-000621)(970101-000621)

DoD(chair)

NDC(secr)

DRE DRE NCP SwSS

DoInd. Psycdef AFHQ Mil. I&S

Information Warfare- threats, security, protection

CO

Telia

State

DoJ

OMB

Stkt

TCN

GAO

TeracomSR SVT SJ/BVLMESAF SNUS Sv.Bf

JCS

PTS

DMA

FI

KK

DRI

ÖCB

SvKraftnät?

4SNDC/IOS LN 0111

Cabinet Working Group on IO-D/CIPCabinet Working Group on IO-D/CIP(000622-011231)(000622-011231)

NDC(secr)

DoD(chair+ dep.)

Information Operations- threats, security, protection

DoI,E&C.

MoFA (2)

PsycdefAF/OpsMil. I&S

NCID SwSSDoJ (2) PTS

DMA FRA FI

NSD

SwBA

CO/Adm

FOA

ÖCB

SwAAD

Council

Do FiDoD (3)

5SNDC/IOS LN 0111

Strategic/Economic Environment

IO/IW SynergyIO/IW Synergy

Information Systems,Infosec

Information,IntelligencePerceptions

JointOperations

IO/IW

6SNDC/IOS LN 0111

LevelsLevels

Coalitions

Nations

Organisations

Individuals

Coalitions

Nations

Organisations

Individuals

Classes(W. Schwartau)

III

II

I

7SNDC/IOS LN 0111

TaxonomyTaxonomy

Defensive Information Operations (IO-D)/Defensive Information Warfare (IW-D)

Critical Infrastructure Protection

Information Assurance

8SNDC/IOS LN 0111

First strike attack for nationsFirst strike attack for nations Means of diplomatic pressuresMeans of diplomatic pressures TerroristsTerrorists Corporate espionageCorporate espionage Drug cartels, criminal organisationsDrug cartels, criminal organisations The disgruntled employeeThe disgruntled employee

ThreatsThreats

9SNDC/IOS LN 0111

FBI/CSI-SurveyFBI/CSI-Survey

Interviews with 634 companies on IT-Interviews with 634 companies on IT-incidents incidents

$25 billion losses in year 2000$25 billion losses in year 2000

10SNDC/IOS LN 0111

Some Weapons Psychological Operations Blackmail, extortion Data manipulation Cryptoanalysis Virus Logical bombs Backdoors Chipping EMP; electromagnetic pulse Physical destruction

11SNDC/IOS LN 0111

IssuesIssues Policy development Policy development “ “Sweden should be a safe marketplace!”Sweden should be a safe marketplace!” Organisation/structureOrganisation/structure

– Focal point?Focal point?» Threat overviewThreat overview» Setting security standards for government and recommend standards Setting security standards for government and recommend standards

for critical private infrastructurefor critical private infrastructure

– National CERTNational CERT Programs for awareness, education and trainingPrograms for awareness, education and training Funding for security and redundancy incentivesFunding for security and redundancy incentives International Co-operation and RegimesInternational Co-operation and Regimes

12SNDC/IOS LN 0111

Protective philosophyProtective philosophy- Report no 2- Report no 2

Protect-Detect-React (RM-perspective)Protect-Detect-React (RM-perspective) Clarify the hidden statistics of IT-Clarify the hidden statistics of IT-

incidents incidents Define Minimal Essential Critical Define Minimal Essential Critical

Information InfrastructureInformation Infrastructure ””Helpdesk” + responsive functions in Helpdesk” + responsive functions in

real time ---> GovCERT real time ---> GovCERT

13SNDC/IOS LN 0111

Structures, responsibilitiesStructures, responsibilities- Report no 2- Report no 2

ProblemProblem– ””Who´s in charge?”Who´s in charge?”

» Need for a new bureaucratic syntesisNeed for a new bureaucratic syntesis

CharacterCharacter– Intelligence or operational matter?Intelligence or operational matter?

Organisational directionOrganisational direction– A new agency?A new agency?– A new function A new function hostedhosted by an established agency? by an established agency?

14SNDC/IOS LN 0111

Criteria for a ”lead agency”Criteria for a ”lead agency” Strong linkage threat-planning Strong linkage threat-planning Far-reaching administrative and Far-reaching administrative and

operational responsibility operational responsibility Organic relations within the Total Organic relations within the Total

Defense Community as well as with the Defense Community as well as with the Private Sector (c.f. PCCIP)Private Sector (c.f. PCCIP)

Law Enforcement AuthoritiesLaw Enforcement Authorities Education, training and personal Education, training and personal

development of a national Red Team-development of a national Red Team-unitunit

15SNDC/IOS LN 0111

National IO-D ManagementNational IO-D Management

Cabinet co-ordination group

AFHQCESG

GovCERT

Threat/IO-intel

Joint planning and co-ordination

SecurityIncident analysis

Statistics unit (Nat. ISAC)

Red Team DRE

Private Sector

FIPTS

SwSS

NCID

GAO

”Joint Venture” private/public

ÖCB

PsyB

Counter Psyops/DeceptionI&W-unit

16SNDC/IOS LN 0111

Cabinet WG - Report 2Cabinet WG - Report 2- main proposals- main proposals

ConsensusConsensus A co-ordination group within Cabinet Office A co-ordination group within Cabinet Office A new national IO-D co-ordination body on the A new national IO-D co-ordination body on the

Agency-level (separate division within ÖCB) Agency-level (separate division within ÖCB) A GovCERT will be organised by PTS (LEA A GovCERT will be organised by PTS (LEA

support)support) A National ISAC will be organised A National ISAC will be organised Reporting duty within GovernmentReporting duty within Government

Defense Bill March -99

Wait

Wait

OK

OK

OK

17SNDC/IOS LN 0111

Cabinet WG - Report 2Cabinet WG - Report 2- main proposals (cont.)- main proposals (cont.)

Expanded Armed Forces mandate for support of vital Expanded Armed Forces mandate for support of vital National Information Systems National Information Systems

An active IT-check function for the government An active IT-check function for the government administration will be organised within the Armed administration will be organised within the Armed ForcesForces

Constitutional amendmentsConstitutional amendments Analysis of perception/desinformation methods on Analysis of perception/desinformation methods on

Internet at The National Board of Psychological DefenceInternet at The National Board of Psychological Defence New forms of co-operation etc. concerning ICNew forms of co-operation etc. concerning IC

OK

OK

OK

OK

OK

18SNDC/IOS LN 0111

SWE c.f. US in CIP approachesSWE c.f. US in CIP approaches More emphasis on the top-down perspective More emphasis on the top-down perspective

(IO-D) than on the infosec bottom-up perspective (IA).(IO-D) than on the infosec bottom-up perspective (IA). More emphasis on the CIAO-equivalent and less on the More emphasis on the CIAO-equivalent and less on the

NIPC, due to the assessment of tight linkage between NIPC, due to the assessment of tight linkage between threat and planningthreat and planning

One stop-shop to the Private Sector through the Private One stop-shop to the Private Sector through the Private Sectors Security DelegationSectors Security Delegation– One Private-Government National ISACOne Private-Government National ISAC– GovCERT+ deals with private CERTs ---> NatCERTGovCERT+ deals with private CERTs ---> NatCERT

19SNDC/IOS LN 0111

Presented to The Cabinet 11 May 2001Presented to The Cabinet 11 May 2001 Explicit IT security strategyExplicit IT security strategy Cross-boundary co-ordination centreCross-boundary co-ordination centre Overall public IT security responsibility Overall public IT security responsibility

within a new agency for civil planningwithin a new agency for civil planning National CERTNational CERT A new technology competence centreA new technology competence centre Certification bodyCertification body

The Committee on Vulnerability and Security in Civil The Committee on Vulnerability and Security in Civil

SocietySociety IT security and IO protection: IT security and IO protection:

20SNDC/IOS LN 0111

StructureStructure

Co-ordination centre

Technology Competence

CentreNational

CERT

Planning, risk assessment

Certification

Body

21SNDC/IOS LN 0111

Time frameTime frame Parliament Decision I, May 1999Parliament Decision I, May 1999 Swedish Defence Commission: White Paper 2, September Swedish Defence Commission: White Paper 2, September

1999 1999 ”...of great importance to security policy!””...of great importance to security policy!” Parliament Decision II, March 2000Parliament Decision II, March 2000 Special Commissioner on Vulnerabilities in Society, May Special Commissioner on Vulnerabilities in Society, May

20012001 Cabinet Bill to Parliament, September 2001Cabinet Bill to Parliament, September 2001 Parliament Decision III, November 2001Parliament Decision III, November 2001 Implementation 2002-2003 (New agency etc.)Implementation 2002-2003 (New agency etc.)

22SNDC/IOS LN 0111

Three ChallengesThree Challenges

Management issues (”bending pipes”)

InternationalCo-operation,Regimes etc

Internationallaw (”use of force”) etc

Domestic tasks

International tasks

23SNDC/IOS LN 0111

Collective Security in Collective Security in CyberspaceCyberspace

There are no borders in Cyberspace!There are no borders in Cyberspace! A cyber-intrusion could be routed from A cyber-intrusion could be routed from

country A through country B, C and D country A through country B, C and D before it ends up in country E. before it ends up in country E.

How can we trace back these intrusions?How can we trace back these intrusions?– Today: International Law Enforcement or Today: International Law Enforcement or

private initiatives (FIRST etc)private initiatives (FIRST etc)– Tomorrow: ”Fishwebs” between national Tomorrow: ”Fishwebs” between national

CERT:s for tracing intrusions back in real time?CERT:s for tracing intrusions back in real time?

24SNDC/IOS LN 0111

Country XCountry E

Country C Country D

Country A Country B

Country Y

Country Z

Building fishwebs in CyberspaceBuilding fishwebs in Cyberspace

UN, ITU etc

25SNDC/IOS LN 0111

Areas of international co-Areas of international co-operation?operation?

Doctrines concerning use of IO/IW under Doctrines concerning use of IO/IW under UN or other international legal auspices UN or other international legal auspices (international operations, upholding (international operations, upholding sanctions etc.) sanctions etc.)

Principles of building Regimes for Principles of building Regimes for defensive actions taken in Cyberspace defensive actions taken in Cyberspace (tracing, counterhacking etc.) (tracing, counterhacking etc.)

26SNDC/IOS LN 0111

More info….More info….

<www.fhs.mil.se>

Website: