T R U S T A N D C O N F I D E N C E

21
T R U S T A N D C O N F I D E N C E I N C Y B E R S P A C E William McCrum Phone: +1 613-990-4493 Fax: +1 613-957-8845 Email: [email protected]

description

T R U S T A N D C O N F I D E N C E. I N C Y B E R S P A C E. William McCrum Phone:+1 613-990-4493 Fax:+1 613-957-8845 Email: [email protected]. TSACC - 2. T R U S T A N D C O N F I D E N C E. C a n a d a i s a N e t w o r k e d N a t i o n. - PowerPoint PPT Presentation

Transcript of T R U S T A N D C O N F I D E N C E

Page 1: T R U S T   A N D   C O N F I D E N C E

T R U S T A N D C O N F I D E N C ET R U S T A N D C O N F I D E N C E

I N C Y B E R S P A C EI N C Y B E R S P A C E

William McCrum

Phone: +1 613-990-4493

Fax: +1 613-957-8845

Email: [email protected]

Page 2: T R U S T   A N D   C O N F I D E N C E

TSACC -2

Page 3: T R U S T   A N D   C O N F I D E N C E

C i t i z e n s, B u s i n e s s e s a n d G o v e r n m e n t s a r e G o i n g O n – L i n e

• 100% of schools and libraries connected

• 400,000 computers to schools

• 12,000 volunteer organizations

• 7,000 CAP sites

• 12 Smart Communities

• CA*net3: World’s 1st research optical Internet backbone-40GHz

• CA*net4: Initial network capacity of 4-8 times CA*net3• 62% Households (HIUS 2003) & 75% SMEs Use the Internet (CFIB 2003)• Amongst lowest communications costs in the OECD (OECD, 2003)• # 1 in GOL (Accenture 2001, 2002, 2003)

• 100% of schools and libraries connected

• 400,000 computers to schools

• 12,000 volunteer organizations

• 7,000 CAP sites

• 12 Smart Communities

• CA*net3: World’s 1st research optical Internet backbone-40GHz

• CA*net4: Initial network capacity of 4-8 times CA*net3• 62% Households (HIUS 2003) & 75% SMEs Use the Internet (CFIB 2003)• Amongst lowest communications costs in the OECD (OECD, 2003)• # 1 in GOL (Accenture 2001, 2002, 2003)

C a n a d a i s a N e t w o r k e d N a t i o n

T R U S T A N D C O N F I D E N C E

TSACC-3

Page 4: T R U S T   A N D   C O N F I D E N C E

e-healthe-health

e-governmente-government

e-businesse-business

e-contente-contente-learninge-learning

e-researche-researche-meetinge-meeting

B r o a d b a n d, T h e N e x t C h a l l e n g e

B r o a d b a n d ,T h e N e x t O p p o r t u n I t y

T R U S T A N D C O N F I D E N C E

Platform for Innovation

and Inclusion

Platform for Innovation

and Inclusion

TSACC -4

Page 5: T R U S T   A N D   C O N F I D E N C E

South Korea

1000 km

Served Community 1584 (29%) Unserved Community 3842 (71%) Total 5426

TSACC -5

Broadband Access Uneven

T R U S T A N D C O N F I D E N C E

Page 6: T R U S T   A N D   C O N F I D E N C E

• Next Generation Networks• Voice Over IP• Peer to Peer• GPS • WiFi• Mesh Networks• 3G• Ultra Wide Band• Broadband Power Line (BPL)• Software Defined Radio

• Next Generation Networks• Voice Over IP• Peer to Peer• GPS • WiFi• Mesh Networks• 3G• Ultra Wide Band• Broadband Power Line (BPL)• Software Defined Radio

N e w T e c h n o l o g I e s . . .

T R U S T A N D C O N F I D E N C E

N e w V u l n e r a b i l i t y a n d S e c u r i t y I s s u e s

TSACC -6

• Smart Dust (RFID)• New Satellites• Satellite Radio• Digital Audio Broadcasts• DTV/HDTV• PVR• Video On Demand• Grid Computing• Quantum Computing• Bio Computing• Nanotechnology

• Smart Dust (RFID)• New Satellites• Satellite Radio• Digital Audio Broadcasts• DTV/HDTV• PVR• Video On Demand• Grid Computing• Quantum Computing• Bio Computing• Nanotechnology

Page 7: T R U S T   A N D   C O N F I D E N C E

PrivacyLegal Framework

Enforcement

C h a l l e n g e s o f C y b e r s p a c e

T R U S T A N D C O N F I D E N C E

I n c r e a s e d C o n n e c t i v i t y = D e c r e a s e d S e c u r i t y

TSACC -7

InfrastructureInfrastructure

UserUser

ContentContent

VulnerabilityVulnerabilityThreatsThreats

Page 8: T R U S T   A N D   C O N F I D E N C E

•Telecom Infrastructure•Information Security•Privacy•Spam•Illegal and Offensive Content•Extraterritoriality•“War Driving”•Black/Grey Market•Lawful Access•Cyber Attacks

•Telecom Infrastructure•Information Security•Privacy•Spam•Illegal and Offensive Content•Extraterritoriality•“War Driving”•Black/Grey Market•Lawful Access•Cyber Attacks

C h a l l e n g e s F o r G o v e r n m e n t

T R U S T A N D C O N F I D E N C E

TSACC -8

Page 9: T R U S T   A N D   C O N F I D E N C E

•Effects of Deregulation•Reduced trust

•Reduced profit margins

•Reduced investment

•Reduced security

•Vulnerable Architecture

•Effects of Deregulation•Reduced trust

•Reduced profit margins

•Reduced investment

•Reduced security

•Vulnerable Architecture

T e l e c o m I n f r a s t r u c t u r e C h a l l e n g e s

T R U S T A N D C O N F I D E N C E

S e c u r e T e l e c o m I n f r a s t r u c t u r e i s F u n d a m e n t a l t o S o c i e t y

TSACC -9

Page 10: T R U S T   A N D   C O N F I D E N C E

Privacy/Security tensions Ensure security, but minimize information collected, used and disclosed

International harmonization Promote global privacy standards such as OECD Privacy Guidelines

Privacy/Security tensions Ensure security, but minimize information collected, used and disclosed

International harmonization Promote global privacy standards such as OECD Privacy Guidelines

P r i v a c y C h a l l e n g e s

T R U S T A N D C O N F I D E N C E

D e l i c a t e B a l a n c e B e t w e e n P r i v a c y a n d S e c u r i t y

TSACC -10

Page 11: T R U S T   A N D   C O N F I D E N C E

T R U S T A N D C O N F I D E N C E

TSACC -11

A O L ‘ s D a i l y S p a m P r o b l e m s

Source: AOLSource: AOL

Spam e-mails blocked dailySpam e-mails blocked daily

E-mails delivered daily to subscribers

E-mails delivered daily to subscribers

780 Million780 Million

677 Million677 Million

00

100100

200200

300300

400400

500500

600600

700700

800800

900900

20002000 20012001 20022002 20032003

S p a m , T h e “ K I L L E R " A p p l i c a t i o n

Page 12: T R U S T   A N D   C O N F I D E N C E

• Hijacking of someone else’s Wi-Fi connection• Using hijacked connection for illegal activities (e.g. child pornography)

• November 24, 2003, Toronto• First Canadian Charges for Theft of Telecommunications

• This problem will only intensify:• 2002 revenue of Wi-Fi sales was $2 billion• Compounded annual growth rate of 30% is projected through to 2006.

Source: Infonetics Research, San Jose

• Hijacking of someone else’s Wi-Fi connection• Using hijacked connection for illegal activities (e.g. child pornography)

• November 24, 2003, Toronto• First Canadian Charges for Theft of Telecommunications

• This problem will only intensify:• 2002 revenue of Wi-Fi sales was $2 billion• Compounded annual growth rate of 30% is projected through to 2006.

Source: Infonetics Research, San Jose

“ W a r D r i v i n g ”

T R U S T A N D C O N F I D E N C E

W h o ’ s U s I n g Y o u r N e t w o r k . . .F o r W h a t ?

TSACC -12

Page 13: T R U S T   A N D   C O N F I D E N C E

0

50

100

150

200

250

300

350

400

Incidents ReportedIncidents Reported

AugJan2001

Mar May Jul Sep Nov Jan2002

Mar May Jul Sep Nov Jan2003

Mar May Jul Oct

Incidents Reported to CanCERTIncidents Reported to CanCERTApr 2000 - Oct 2003Apr 2000 - Oct 2003

This graph depicts the number of incidents reported to CanCERT (Canada’s Computer Emergency Response Team), per month, during the period 1 April 2000 to 31 October 2003. The majority of these incidents are reported to CanCERT by international incident response teams who are members of FIRST (Forum of Incident Response and Security Teams), or by Canadian businesses and schools.

TSACC -13

A t t a c k s O n O u r N e t w o r k s I n c r e a s i n g

T R U S T A N D C O N F I D E N C E

Page 14: T R U S T   A N D   C O N F I D E N C E

•Coordinated national strategies for cyber security

•Collaborate with industry to develop countermeasure strategies

•Develop plan to enable emergency response

•Develop education and prevention policy

•Coordinate international cooperation

•Coordinated national strategies for cyber security

•Collaborate with industry to develop countermeasure strategies

•Develop plan to enable emergency response

•Develop education and prevention policy

•Coordinate international cooperation

G o v e r n m e n t R o l e

T R U S T A N D C O N F I D E N C E

TSACC -14

L e a d e r s h i p

Page 15: T R U S T   A N D   C O N F I D E N C E

Established:•New Ministry of Public Safety and Emergency Preparedness• Office of Critical Infrastructure Protection and Emergency Preparedness (OCIPEP)

•Legal framework and enforcement capability

•Close co-operation with Industry

Established:•New Ministry of Public Safety and Emergency Preparedness• Office of Critical Infrastructure Protection and Emergency Preparedness (OCIPEP)

•Legal framework and enforcement capability

•Close co-operation with Industry

I n C a n a d a

T R U S T A N D C O N F I D E N C E

TSACC -15

N e w G o v e r n m e n tN e w A p p r o a c h

Page 16: T R U S T   A N D   C O N F I D E N C E

•Must have the right policy environment to ensure trust and confidence

•The road ahead includes engagement at:• OAS

• ITU

• WTSA 2004

• WSIS

• Other forums

•Must have the right policy environment to ensure trust and confidence

•The road ahead includes engagement at:• OAS

• ITU

• WTSA 2004

• WSIS

• Other forums

W e M u s t C o n t i n u e T o W o r k T o g e t h e r

T R U S T A N D C O N F I D E N C E

TSACC -16

M u s t D e m o n s t r a t e P r o g r e s sW o r l d S u m m i t o n t h e I n f o r m a t i o n S o c i e t y ( W S I S ) T u n i s 2 0 0 5

Page 17: T R U S T   A N D   C O N F I D E N C E

•Information sharing event on Cyber Security planned for 4th October, 2004: • Security and vulnerability issues in telecommunications and information interchange

•Raise awareness of the critical nature of these issues

•Sponsored by ITU-T

•Information sharing event on Cyber Security planned for 4th October, 2004: • Security and vulnerability issues in telecommunications and information interchange

•Raise awareness of the critical nature of these issues

•Sponsored by ITU-T

C y b e r S e c u r i t y S ymposium a t W T S A 2 0 0 4

T R U S T A N D C O N F I D E N C E

TSACC -17

C y b e r S e c u r i t y Symposium i n F l o r i a n o p o l i s i s an e x c e l l e n t o p p o r t u n i t y f o r C I T E L c o u n t r i e s t o p a r t i c i p a t e a n d s h a r e v i e w s f r o m t h e R e g i o n.

Page 18: T R U S T   A N D   C O N F I D E N C E

•Target audience: • Senior management responsible for telecom system design, deployment, operation, policy, regulation, standards and related matters

•Issues covered include:• Technical – networks architectures and protocols, telecom network infrastructure

• Policy, regulation, legal framework, user responsibilities, etc.

•Target audience: • Senior management responsible for telecom system design, deployment, operation, policy, regulation, standards and related matters

•Issues covered include:• Technical – networks architectures and protocols, telecom network infrastructure

• Policy, regulation, legal framework, user responsibilities, etc.

C y b e r S e c u r i t y Symposium a t W T S A 2 0 0 4 ( C o n t ‘ d )

T R U S T A N D C O N F I D E N C E

TSACC -18

S ymposium R e p o r t w i l l b e s u b m i t t ed t o t h e W T S A for information and action as appropriate.

Page 19: T R U S T   A N D   C O N F I D E N C E

Recognizing:

• The crucial importance of the telecommunications infrastructure to practically all forms of social and economic activity

• That the legacy PSTN network has a level of inherent security properties because of its hierarchical structure and built-in management systems

• That IP networks with their flat architecture provide much reduced separation between users and network components

• That the converged legacy network and IP networks is therefore potentially more vulnerable to intrusion

Recognizing:

• The crucial importance of the telecommunications infrastructure to practically all forms of social and economic activity

• That the legacy PSTN network has a level of inherent security properties because of its hierarchical structure and built-in management systems

• That IP networks with their flat architecture provide much reduced separation between users and network components

• That the converged legacy network and IP networks is therefore potentially more vulnerable to intrusion

R e s o l u t i o n o n C y b e r s e c u r i t y

T R U S T A N D C O N F I D E N C E

TSACC -19

Page 20: T R U S T   A N D   C O N F I D E N C E

Further recognizing:

• That the number of cyber attacks in terms of worms, viruses, malicious intrusion and thrill-seeker intrusions is on the increase

Resolves:

• To recommend to the ITU-T that current recommendations, and especially signaling and communications protocol Recommendations be evaluated with respect to their robustness of design and potential for exploitation by malicious parties to interfere destructively with their deployment in the global telecommunications infrastructure.

Further recognizing:

• That the number of cyber attacks in terms of worms, viruses, malicious intrusion and thrill-seeker intrusions is on the increase

Resolves:

• To recommend to the ITU-T that current recommendations, and especially signaling and communications protocol Recommendations be evaluated with respect to their robustness of design and potential for exploitation by malicious parties to interfere destructively with their deployment in the global telecommunications infrastructure.

R e s o l u t i o n o n C y b e r s e c u r i t y( C o n t ’ d )

T R U S T A N D C O N F I D E N C E

TSACC -20

Page 21: T R U S T   A N D   C O N F I D E N C E

Industry Canada - www.ic.gc.ca

Connecting Canadians - www.connect.gc.ca

Consumer Connection - www.strategis.gc.ca

Strategis - www.strategis.gc.ca

Electronic Commerce - www.e-com.ic.gc.ca

Innovation Strategy - www.innovationstrategy.gc.ca

Dot Force - www.dotforce.org

Broadband - broadband.gc.ca

Smart Communities - www.smartcommunities.ic.gc.ca

Investment Partnership Canada - www.investincanada.gc.ca

Cybertipline - www.cybertip.ca

Illegal and Offensive Content - www.cyberwise.gc.ca

Industry Canada - www.ic.gc.ca

Connecting Canadians - www.connect.gc.ca

Consumer Connection - www.strategis.gc.ca

Strategis - www.strategis.gc.ca

Electronic Commerce - www.e-com.ic.gc.ca

Innovation Strategy - www.innovationstrategy.gc.ca

Dot Force - www.dotforce.org

Broadband - broadband.gc.ca

Smart Communities - www.smartcommunities.ic.gc.ca

Investment Partnership Canada - www.investincanada.gc.ca

Cybertipline - www.cybertip.ca

Illegal and Offensive Content - www.cyberwise.gc.ca

F o r F u r t h e r I n f o r m a t i o n

T R U S T A N D C O N F I D E N C E

TSACC -21