Information Operations/Critical Infrastructure Protection
Download
Report
Transcript Information Operations/Critical Infrastructure Protection
The Swedish Initiative on
Critical Infrastructure Protection
Presentation at ETH/ÖCB Workshop
Zurich 9 November 2001
Dir. Lars D. Nicander, National Office of IO/CIP-Studies, Swedish National Defence College
Secretary of The Cabinet Working-Group on IO-D/CIP
SNDC/IOS LN 0111
1
The Swedish Initiative on
Critical Infrastructure Protection
Our view on IO/CIP
Issues
How to organize a National IO-D/CIP-Management
Some proposals
Time frame
Possible areas of international co-operation
SNDC/IOS LN 0111
2
Cabinet Working Group on IW-D/CIP
(970101-000621)
CO
KK
DRE
DRE
NCP
SwSS
OMB
FI
State
PTS
DoJ
TCN
Information Warfare
- threats, security, protection
DoD
(chair)
ÖCB
NDC
(secr) DRI
GAO
JCS
Stkt
Sv
Kraftnät
?
SAF
SR
Psycdef AFHQ Mil.
I&S
SVT
Teracom
SNUS
LME
DMA
DoInd.
Telia
SNDC/IOS LN 0111
SJ/BV
Sv.Bf
3
Cabinet Working Group on IO-D/CIP
(000622-011231)
Council
MoFA (2) DoD (3) Do Fi DoJ (2) NCID SwSS PTS
NSD
ÖCB
CO/Adm
DoD
(chair
+ dep.)
Information Operations
- threats, security, protection
NDC
(secr)
FOA
DoI,E&C.
SwAAD PsycdefAF/OpsMil. DMA FRA FI SwBA
I&S
SNDC/IOS LN 0111
4
IO/IW Synergy
Strategic/Economic Environment
Joint
Operations
IO/
IW
Information,
Intelligence
Perceptions
Information Systems,
Infosec
SNDC/IOS LN 0111
5
Levels
Classes
(W. Schwartau)
Coalitions
Coalitions
III
Nations
II
Organisations
I
Individuals
Nations
Organisations
Individuals
SNDC/IOS LN 0111
6
Taxonomy
Defensive Information Operations (IO-D)/
Defensive Information Warfare (IW-D)
Critical Infrastructure Protection
Information Assurance
SNDC/IOS LN 0111
7
Threats
First strike attack for nations
Means of diplomatic pressures
Terrorists
Corporate espionage
Drug cartels, criminal organisations
The disgruntled employee
SNDC/IOS LN 0111
8
FBI/CSI-Survey
Interviews
with 634 companies on IT-
incidents
$25 billion losses in year 2000
SNDC/IOS LN 0111
9
Some Weapons
Psychological Operations
Blackmail, extortion
Data manipulation
Cryptoanalysis
Virus
Logical bombs
Backdoors
Chipping
EMP; electromagnetic pulse
Physical destruction
SNDC/IOS LN 0111
10
Issues
Policy development
“Sweden should be a safe marketplace!”
Organisation/structure
– Focal point?
» Threat overview
» Setting security standards for government and recommend
standards for critical private infrastructure
– National CERT
Programs for awareness, education and training
Funding for security and redundancy incentives
International Co-operation and Regimes
SNDC/IOS LN 0111
11
Protective philosophy
- Report no 2
Protect-Detect-React (RM-perspective)
Clarify the hidden statistics of ITincidents
Define Minimal Essential Critical
Information Infrastructure
”Helpdesk” + responsive functions in
real time ---> GovCERT
SNDC/IOS LN 0111
12
Structures, responsibilities
- Report no 2
Problem
– ”Who´s in charge?”
» Need for a new bureaucratic syntesis
Character
– Intelligence or operational matter?
Organisational direction
– A new agency?
– A new function hosted by an established
agency?
SNDC/IOS LN 0111
13
Criteria for a ”lead agency”
Strong linkage threat-planning
Far-reaching administrative and
operational responsibility
Organic relations within the Total
Defense Community as well as with the
Private Sector (c.f. PCCIP)
Law Enforcement Authorities
Education, training and personal
development of a national Red Teamunit
SNDC/IOS LN 0111
14
National IO-D Management
Cabinet co-ordination group
”Joint Venture”
private/public
Private Sector
Threat/
IO-intel
Statistics unit
(Nat. ISAC)
ÖCB
Incident
analysis
Security
SwSS
Joint planning and
co-ordination
GAO
PTS
FI
AFHQ
NCID
CESG
GovCERT
PsyB
Red Team
SNDC/IOS LN 0111
Counter Psyops/Deception
I&W-unit
DRE
15
Cabinet WG - Report 2
- main proposals
Defense Bill March -99
Consensus
A co-ordination group within Cabinet Office
A new national IO-D co-ordination body on
the Agency-level (separate division within
ÖCB)
A GovCERT will be organised by PTS (LEA
support)
A National ISAC will be organised
Reporting duty within Government
SNDC/IOS LN 0111
Wait
Wait
OK
OK
OK
16
Cabinet WG - Report 2
- main proposals (cont.)
Expanded Armed
Forces mandate for support of
vital National Information Systems
An active IT-check function for the government
administration will be organised within the
Armed Forces
Constitutional amendments
Analysis of perception/desinformation methods
on Internet at The National Board of
Psychological Defence
New forms of co-operation etc. concerning IC
SNDC/IOS LN 0111
OK
OK
OK
OK
OK
17
SWE c.f. US in CIP approaches
More
emphasis on the top-down perspective
(IO-D) than on the infosec bottom-up
perspective (IA).
More emphasis on the CIAO-equivalent and
less on the NIPC, due to the assessment of tight
linkage between threat and planning
One stop-shop to the Private Sector through the
Private Sectors Security Delegation
– One Private-Government National ISAC
– GovCERT+ deals with private CERTs ---> NatCERT
SNDC/IOS LN 0111
18
The Committee on Vulnerability and Security in Civil Society
IT security and IO protection:
Presented to The Cabinet 11 May 2001
Explicit IT security strategy
Cross-boundary co-ordination centre
Overall public IT security responsibility
within a new agency for civil planning
National CERT
A new technology competence centre
Certification body
SNDC/IOS LN 0111
19
Structure
Co-ordination centre
Technology
Competence
Centre
Planning, risk
assessment
National
CERT
Certification
Body
SNDC/IOS LN 0111
20
Time frame
Parliament Decision I, May 1999
Swedish Defence Commission: White Paper 2,
September 1999 ”...of great importance to
security policy!”
Parliament Decision II, March 2000
Special Commissioner on Vulnerabilities in
Society, May 2001
Cabinet Bill to Parliament, September 2001
Parliament Decision III, November 2001
Implementation 2002-2003 (New agency etc.)
SNDC/IOS LN 0111
21
Three Challenges
International
law (”use of
force”) etc
International
Co-operation,
Regimes etc
International tasks
Domestic tasks
Management issues
(”bending pipes”)
SNDC/IOS LN 0111
22
Collective Security in
Cyberspace
There are no borders in Cyberspace!
A cyber-intrusion could be routed from
country A through country B, C and D
before it ends up in country E.
How can we trace back these intrusions?
– Today: International Law Enforcement or
private initiatives (FIRST etc)
– Tomorrow: ”Fishwebs” between national
CERT:s for tracing intrusions back in real time?
SNDC/IOS LN 0111
23
Building fishwebs in Cyberspace
Country Z
Country Y
Country A
Country B
Country C
Country D
UN, ITU
etc
Country E
Country X
SNDC/IOS LN 0111
24
Areas of international cooperation?
Doctrines concerning use of IO/IW under
UN or other international legal auspices
(international operations, upholding
sanctions etc.)
Principles of building Regimes for
defensive actions taken in Cyberspace
(tracing, counterhacking etc.)
SNDC/IOS LN 0111
25
More info….
Website:
<www.fhs.mil.se>
SNDC/IOS LN 0111
26