ISSN 2055-6950 (Print) ISSN 2055-6969 (Online)
Cyber Security Review Summer 2014
THE CURRENT STATE OF CYBER WARFARE TOWARDS MULTINATIONAL CAPABILITY DEVELOPMENT IN CYBER DEFENCE CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION FROM THE ETHICS OF CYBER CONFLICT TO BOTNET MITIGATION TRAINING. THE NATO CCD COE CYBER SECURITY ATTRIBUTES FOR CRITICAL INFRASTRUCTURE SYSTEMS CYBER INSIDERS: A BOARD ISSUE SECURITY IN THE NEW CYBERSPACE FRONTIER
Presents a training workshop:
Main Conference: July 22-23, 2014
Focus Day: July 21, 2014
Chicago, IL
Planning and Executing Best Practice in Cyber Incident Management
High Profile Speakers: IDGA’s Cyber Incident Response Summit will be the ultimate setting for professionals across industries – finance, health, retail, government and more – to gather and examine the future of cyber security and disaster recovery. With speakers ranging from Chief Information Security Officers to Business Continuity Directors, CIR 2014 will comprehensively cover all aspects of cyber security planning from beginning to end.
Hear First Hand Sessions on: •
Carrying out best responses to the latest cyber security threats
•
Complying with federal standards and regulations for incident response
•
Addressing cyber attacks from a managerial perspective
•
Developing an efficient business continuity plan after an attack
Don’t Miss: •
Exclusive access to over 20 presentations outlining the cyber incident response efforts in various industries
•
Unlimited networking in our sponsor exhibit hall
•
Interactive pre-conference workshops
Arlan McMillan Chief Information Security Officer City of Chicago Joseph Robinson Director, Crisis Management and Business Continuity Abbott Laboratories Joseph Nocera Advisory Principal PricewaterhouseCoopers Kevin Novak Chief Information Security Officer Northern Trust Don Franke Senior IT Security Analyst GE Capital
“ If you are in fact serious about CSIRT, you need people that are fully dedicated to this…The fact is, what you’re doing to investigate incidents and to understand them, feeds back into how you protect your organization” Ponemon Institute, February 2014
For more information, including full speaker line up and sessions, visit www.CyberIncidentResponseEvent.com, call 1-800-882-8684 or email idga@idga.org.
ISSN 2055-6950 (Print) ISSN 2055-6969 (Online)
EDITORIAL CONTRIBUTORS Cyber Security Review Summer 2014
THE CURRENT STATE OF CYBER WARFARE TOWARDS MULTINATIONAL CAPABILITY DEVELOPMENT IN CYBER DEFENCE CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION FROM THE ETHICS OF CYBER CONFLICT TO BOTNET MITIGATION TRAINING. THE NATO CCD COE CYBER SECURITY ATTRIBUTES FOR CRITICAL INFRASTRUCTURE SYSTEMS CYBER INSIDERS: A BOARD ISSUE SECURITY IN THE NEW CYBERSPACE FRONTIER
Cyber Security Review
Published by Delta Business Media Limited 3rd floor 207 Regent Street London W1B 3HH United Kingdom Tel: +44 (0) 20 7193 2303 Fax: +44 (0) 20 3014 7659 info@deltabusinessmedia.com www.deltabusinessmedia.com www.cybersecurity-review.com
ISSN 2055-6950 (Print) ISSN 2055-6969 (Online) The opinions and views expressed in the editorial content in this report are those of the authors alone and do not necessarily represent the views of any organisation with which they may be associated. Material in advertisements and promotional features may be considered to represent the views of the advertisers and promoters. The views and opinions expressed in this report do not necessarily express the views of the publisher. While every care has been taken in the preparation of the report, the publisher is not responsible for such opinions and views or for any inaccuracies in the articles. Š 2014. The entire contents of this publication are protected by copyright. Full details are available from the publisher. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic,
mechanical
photocopying,
MEDIA PARTNERS
recording
or otherwise, without the prior permission of the copyright owner.
Quick Response Code Cyber Security Review website www.cybersecurity-review.com
cybersecurity-review.com
3
CONTENTS
CONTENTS IFC CYBER INCIDENT RESPONSE SUMMIT 2014 5 FOREWORD ‘FIGHTING A COMMON CHALLENGE COLLECTIVELY’
By Trevor Partridge, MBCI, NEBOSH, Consulting Editor, Cyber Security Review
6 13th EUROPEAN CONFERENCE ON CYBER WARFARE AND SECURITY ECCWS 2014
41 NIST’s ROLE IN IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY: PUBLIC/PRIVATE TEAMWORK
By William Barker, Cybersecurity Standards and Technology Advisor, Information Technology Laboratory at the National Institute of Standards and Technology (NIST)
46 INFORMATION SECURITY SOLUTION EUROPE – ISSE 2014
7 THE CURRENT STATE OF CYBER WARFARE
47 CYBER SECURITY ATTRIBUTES FOR CRITICAL INFRASTRUCTURE SYSTEMS
10 SECURING ASIA & AFRICA 2014
52 THAILAND’S PREMIER INTERNATIONAL SECURITY & SAFETY EXPO+FORUM - ISF 2014
By Lior Tabansky, Cyber Security Policy Expert, Tel Aviv University, the Yuval Ne’eman Workshop for Science, Technology and Security
By Hugh Boyes CEng FIET CISSP, Cyber Security Lead, Institution of Engineering and Technology (IET)
11 TOWARDS MULTINATIONAL CAPABILITY DEVELOPMENT IN CYBER DEFENCE
53 FIGHTING A COMMON CHALLENGE COLLECTIVELY
22 CYBER INTELLIGENCE EUROPE 2014
56 THE NCA’s NATIONAL CYBER CRIME UNIT WORKING IN COLLABORATION WITH INDUSTRY
By Frederic Jordan, Geir Hallingstad and Agata Szydełko, NCI Agency
23 CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES
By Wolfgang Röhrig, Programme Manager Cyber Defence at EDA and Wg Cdr Rob Smeaton, Cyber Defence Staff Officer at EUMS CIS Directorate
28 PUBLIC PRIVATE PARTNERSHIP IN CYBERSECURITY – THE HUNGARIAN COOPERATIVE MODEL AND EXPERIENCE
By Dr Réka Szemerkényi, Chief Advisor to the Prime Minister of Hungary and Dr Ferenc Suba, Vice-Chairman of the Management Board of the European Network and Information Security Agency
33 GLOBAL NATURE OF CYBER SECURITY THREAT: CZECH PERSPECTIVE, COOPERATION WITH INDUSTRY, ACADEMIA AND INTERNATIONAL STAKEHOLDERS
By Daniel P. Bagge, National Cyber Security Center, National Security Authority of the Czech Republic
38 FROM THE ETHICS OF CYBER CONFLICT TO BOTNET MITIGATION TRAINING. THE NATO CCD COE
4
By Lauri Lindström, Researcher, NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE)
CYBER SECURITY REVIEW, Summer 2014
By Troels Oerting, Assistant Director, Head of European Cybercrime Centre (EC3), Head of Counter Terrorist & Financial Intel Centre, EUROPOL
By Andy Archibald, Deputy Director of the National Cyber Crime Unit (NCCU) of the National Crime Agency
58 THE END OF REACTIVE SECURITY, AND THE MOVE TO A DOCTRINE OF CYBER DEFENCE?
By Dan Solomon, Advanced Cyber Defence Services at Optimal Risk
63 CYBER INSIDERS: A BOARD ISSUE
By Chris Hurran, OBE. Senior Associate Fellow of the Institute for Security and Resilience Studies at University College London
67 DATA PROTECTION AND PRIVACY LEARNING LESSONS FROM DATA BREACHES
By Piers Wilson, Head of Product Management, Tier-3
72 2nd INTERNATIONAL CONFERENCE ON CLOUD SECURITY MANAGEMENT - ICCSM 2014
By Aloysius Cheang, Managing Director APAC, Cloud Security Alliance
73 SECURITY IN THE NEW CYBERSPACE FRONTIER
78 TRUSTWORTHY SOFTWARE AS A FOUNDATION FOR UK CYBER SECURITY
By Professor Tim Watson, Director, Cyber Security Centre, WMG, University of Warwick
IBC THE UNIVERSITY OF WARWICK
FOREWORD
‘FIGHTING A COMMON CHALLENGE COLLECTIVELY’ By Trevor Partridge, MBCI, NEBOSH, Consulting Editor, Cyber Security Review.
W
elcome to the very first edition of Cyber Security Review, a publication designed to draw on the combined knowledge, skills and expertise of the cyber security community in order to identify emerging threats and facilitate the development of coherent policies and robust capabilities. We live in an age where the world is forever changing with businesses developing and totally reliant upon ICT systems. So where do we find businesses in their preparations for attacks? Whilst awareness has improved at the highest level in large companies, we continue to discover organisations being hacked and attacked from all angles, causing untold reputational and financial damage and yet responses appear to be reactionary rather than preparatory. Unfortunately, a high proportion of businesses are not prepared for a cyber security incident, with many directors remaining ignorant or, worse still, in denial to the risks. Costs and time pressures continue as excuses. Notwithstanding that, in my experience, unless you are able to report to the board the risks and their subsequent impacts using a realistic and pragmatic approach rather than sugar coat it, their rebuttal will continue with excuses not to invest. Therefore the challenge we are all faced with is what is the size of the problem? Our introduction article, from the University of Tel Aviv, is based on the position of cyber ‘warfare’ and where using warfare as a description may be an inappropriate analogy. It sets the parameters with useful definitions, descriptions of new and real risks, and current responses, concluding that cyber warfare, however you describe it, is correctly summarised as a strategic, political and social phenomenon. The University of London piece explores the subject of cyber ‘insiders’ and key measures all boards should take to ensure that their organisation is appropriately protected against such a
threat. Their 10 steps to cyber insider protection highlight very useful common themes for all organisations to follow, irrespective of size, sector or business model. We have an article providing a different view on what is described as complex ‘cyber–physical’ systems, where increasingly sophisticated controls are required to maintain and deliver critical services. In this, the Institution of Engineering and Technology draws on appropriate case studies and outlines an alternative model, summarised in 7 attributes that should enable greater functional safety and cyber security communities resulting in systems which are both safe and secure. The article on data protection from the Institute of Information Security Professionals (IISP) is one highlighting that, despite many breaches recently, including last month where 1.3 million Orange French customers’ personal data was stolen, consumers, by and large, remained loyal to the respective brand, primarily due to the hassle factor of jumping ship. IISP provide us with 7 key lessons learnt and trends and a view that the need for risk management is as important as ever. Many of the articles in this edition refer to terminology such as international warfare, defense, attacks, threats, espionage and terror, along with recognition from the military that cyber space is the 5th operational domain, pointing us to the fact there is a virtual Third World War out there! Whether you are a board director or an individual at the heart of cyber security, I urge you to review as many of these excellent articles as possible. You may not agree with them all; however, they are informative, thought provoking and provide our global ‘cyber security’ community with valuable direction, information and opinions, which, using a quote from the EUROPOL article, will help us in ‘fighting a common challenge collectively’. ■
Trevor Partridge biography
Trevor is a director of 2 b continued Ltd and the former Head of Business Continuity and Corporate Security at Marks & Spencer, with more than 35 years business experience. In M&S, he specialised in developing strategies and solutions in Business Continuity Management (BCM) and Corporate Security Internationally, influencing the board to invest considerable sums in the process. Trevor has first-hand experience on BCM and Security incidents around the world. These include the Fuel Crisis, Buncefield, London Bombings, Kidnaps, Mumbai shootings, ICT security, Fires, Floods and Demonstrations. He has played active parts in forums with London First, London Resilience and Civil Contingencies and has strong links with the Metropolitan Police Counter Terrorism unit and NaCTSO. Trevor regularly contributes to white papers, magazine articles and lectures on risk resilience at Cranfield University in Shrivenham. More recently, having retired from M&S, Trevor has worked as an independent consultant on several BCM projects across industries, including pharmaceutical, property, housing and retail.
cybersecurity-review.com
5
To receive a full version of the Cyber Security Review, please complete the Request Form. Please provide a valid corporate, government or academic email address. We reserve the right to refuse to accept any application at our discretion. If you have any queries please email to: editorial@deltabusinessmedia.com
www.cybersecurity-review.com
REQUEST YOUR COPY OF THE CYBER SECURITY REVIEW
Published by Delta Business Media 3rd floor, 207 Regent Street, London, W1B 3HH, United Kingdom Tel: +44 (0) 20 7193 2303 Fax: +44 (0) 20 3014 7659 info@deltabusinessmedia.com www.deltabusinessmedia.com