Cybersecurity: Public Sector Threats and Responses
-
Upload
directorate-of-information-security-ditjen-aptika -
Category
Technology
-
view
1.302 -
download
0
description
Transcript of Cybersecurity: Public Sector Threats and Responses
Kim AndreassonManaging DirectorDAKA advisory AB
Indonesia Information Security Forum (IISF)
Hotel Hilton Bandung, 10 October 2012
Cybersecurity: Public Sector Threats and Responses
Presentation overview
An introduction to cyber security in the public sector Cyber threats Public sector responses Steps towards a more resilient organizational cyber
security strategy Conclusion
Understanding cyber security in the public sectorA convergence of three trends:1. Globalization2. Connectivity3. E-government
1. Globalization ICTs contribute strongly
to economic growth and better social outcomes
Benchmarking the information society is important in order for policy-makers to understand the factors behind it and how to achieve improved outcomes
Most benchmarks include a component of e-government
2. Connectivity
The world will go from 2bn Internet users in 2010 to 5bn in 2015
An opportunity to improve service delivery
An opportunity to leapfrog
114.2
70.1
0
20
40
60
80
100
120
2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010
Per 1
00 in
habi
tant
s
Mobi le subscriptions :Developed countries
Mobi le subscriptions :Developing countries
The developed/developing country classifications are based on the UN M49, see: http://www.itu.int/ITU-D/ict/definitions/regions/index.htmlSource: ITU World Telecommunication /ICT Indicators database
3. E-government
Information and service delivery
Transparency and accountability
Link to broader development objectives
Digital by default
3.1. Supply of e-government
Benchmarking global e-government development since 2003 to “inform and improve the understanding of policy makers’ choices to shape their e-government programs” (UN 2004)
The survey measures “the willingness and capacity of countries to use online and mobile technology in the execution of government functions” (UN 2010)
3.2. E-government progress
http://www.archive.org
3.3. Demand for e-government
In 1990, the American tax authority, the IRS, said 4m people used online tax filing (the first year such service was available)
In 2000, the number filing their taxes online had risen to 35m
In 2010, 100m Americans used e-file
Enter cyber security
An increase in usage means an increase in dependency
About 75% of organizations suffer from a cyber attack every year
Attacks can compromise trust in e-government
Categorizing cyber threatsPolitically motivated threats:
cyber warfare, cyber terrorism, espionage and hacktivism
Non-politically motivated threats: typically financially motivated, such as cyber crime, intellectual property theft, and fraud, but also hacking for fun or retribution, for example, from a disgruntled employee
Understanding cyber threats
“When we first started this process… agencies didn’t know what they didn’t know.”
-Karen S. Evans Administrator for E-Government and Information Technology in testimony before the House Committee on Homeland Security, February 28, 2008
What is the risk? Is there control?Can you live with the residual risk?What is your response plan when services become
compromised?
Public sector responses
The public sector is different as it must consider, for example:Tension between transparency and privacyCost optimization; agencies often only seek to meet minimum
standardsBuild closer relations with other stakeholders, including the
private sectorKey performance indicators (KPIs)But one thing remains the same: Cyber security is a global
phenomenon and a challenge for every organization. It must be dealt with at all levels, from the international arena to the regional, national and local levels
Global cyber security agenda
1. Legal measures
2. Technical and procedural measures
3. Organizational structures
4. Capacity building
5. International cooperation
The problem for organizational cyber securityPeople!According to the Data Breach
Investigations Report from Verizon, an American telecommunications firm, 85% of confirmed cyber breaches were not considered very difficult and 96% were avoidable
More work is needed to create and maintain comprehensive yet clearly communicated cyber security policies that are enforced
Steps towards a more resilient organizational cyber security strategy
1. Close the gap between IT and management2. Improve awareness and education3. Capture technology trends, including the
move from e-government to m-government
Step #1: Close the gap between IT and managementAssess underlying factor(s), e.g.
user awareness based on an internal survey
Translate results into KPIs, e.g. average user awareness
Communicate key message to management, e.g. the meaning of score(s) and their importance related to other issue(s)
Step #2: Improve awareness and education
Make people SMART:SpecificMeasurableAttainableRelevantTime-bound
ICT skills divide Governments cannot go it
alone; a role for the private sector and NGOs
Step #3: Track trends, such as mobility New threats: from spam to spim
and mobile malware New challenges: insecure
wireless connections, missing (stolen) devices, data loss, “always on” connections
Same answers: comprehensive and clearly communicated policies that are measurable
Conclusion: measure cyber security at all levelsCompared with just a decade ago, governments have made
significant progress in expanding ICT access But just as crime have always been part of history, cyber
security is likely to continue well into the future, especially since the two are increasingly intertwined
There is a demand for measurement at all levels in order to give policy-makers and public sector managers data, tools and benchmarks to better understand cyber security from a policy perspective and to communicate that message
Every case is different, yet fundamentally the same
Thank you
www.DAKAADVISORY.com