Transcript Information Operations/Critical Infrastructure Protection

The Swedish Initiative on
Critical Infrastructure Protection
Presentation at ETH/ÖCB Workshop
Zurich 9 November 2001
Dir. Lars D. Nicander, National Office of IO/CIP-Studies, Swedish National Defence College
Secretary of The Cabinet Working-Group on IO-D/CIP
SNDC/IOS LN 0111
1
The Swedish Initiative on
Critical Infrastructure Protection
 Our view on IO/CIP
 Issues
 How to organize a National IO-D/CIP-Management
 Some proposals
 Time frame
 Possible areas of international co-operation
SNDC/IOS LN 0111
2
Cabinet Working Group on IW-D/CIP
(970101-000621)
CO
KK
DRE
DRE
NCP
SwSS
OMB
FI
State
PTS
DoJ
TCN
Information Warfare
- threats, security, protection
DoD
(chair)
ÖCB
NDC
(secr) DRI
GAO
JCS
Stkt
Sv
Kraftnät
?
SAF
SR
Psycdef AFHQ Mil.
I&S
SVT
Teracom
SNUS
LME
DMA
DoInd.
Telia
SNDC/IOS LN 0111
SJ/BV
Sv.Bf
3
Cabinet Working Group on IO-D/CIP
(000622-011231)
Council
MoFA (2) DoD (3) Do Fi DoJ (2) NCID SwSS PTS
NSD
ÖCB
CO/Adm
DoD
(chair
+ dep.)
Information Operations
- threats, security, protection
NDC
(secr)
FOA
DoI,E&C.
SwAAD PsycdefAF/OpsMil. DMA FRA FI SwBA
I&S
SNDC/IOS LN 0111
4
IO/IW Synergy
Strategic/Economic Environment
Joint
Operations
IO/
IW
Information,
Intelligence
Perceptions
Information Systems,
Infosec
SNDC/IOS LN 0111
5
Levels
Classes
(W. Schwartau)
Coalitions
Coalitions
III
Nations
II
Organisations
I
Individuals
Nations
Organisations
Individuals
SNDC/IOS LN 0111
6
Taxonomy
Defensive Information Operations (IO-D)/
Defensive Information Warfare (IW-D)
Critical Infrastructure Protection
Information Assurance
SNDC/IOS LN 0111
7
Threats
First strike attack for nations
 Means of diplomatic pressures
 Terrorists
 Corporate espionage
 Drug cartels, criminal organisations
 The disgruntled employee

SNDC/IOS LN 0111
8
FBI/CSI-Survey
 Interviews
with 634 companies on IT-
incidents
 $25 billion losses in year 2000
SNDC/IOS LN 0111
9
Some Weapons










Psychological Operations
Blackmail, extortion
Data manipulation
Cryptoanalysis
Virus
Logical bombs
Backdoors
Chipping
EMP; electromagnetic pulse
Physical destruction
SNDC/IOS LN 0111
10
Issues
Policy development
 “Sweden should be a safe marketplace!”
 Organisation/structure

– Focal point?
» Threat overview
» Setting security standards for government and recommend
standards for critical private infrastructure
– National CERT



Programs for awareness, education and training
Funding for security and redundancy incentives
International Co-operation and Regimes
SNDC/IOS LN 0111
11
Protective philosophy
- Report no 2
Protect-Detect-React (RM-perspective)
 Clarify the hidden statistics of ITincidents
 Define Minimal Essential Critical
Information Infrastructure
 ”Helpdesk” + responsive functions in
real time ---> GovCERT

SNDC/IOS LN 0111
12
Structures, responsibilities
- Report no 2

Problem
– ”Who´s in charge?”
» Need for a new bureaucratic syntesis

Character
– Intelligence or operational matter?

Organisational direction
– A new agency?
– A new function hosted by an established
agency?
SNDC/IOS LN 0111
13
Criteria for a ”lead agency”
Strong linkage threat-planning
 Far-reaching administrative and
operational responsibility
 Organic relations within the Total
Defense Community as well as with the
Private Sector (c.f. PCCIP)
 Law Enforcement Authorities
 Education, training and personal
development of a national Red Teamunit

SNDC/IOS LN 0111
14
National IO-D Management
Cabinet co-ordination group
”Joint Venture”
private/public
Private Sector
Threat/
IO-intel
Statistics unit
(Nat. ISAC)
ÖCB
Incident
analysis
Security
SwSS
Joint planning and
co-ordination
GAO
PTS
FI
AFHQ
NCID
CESG
GovCERT
PsyB
Red Team
SNDC/IOS LN 0111
Counter Psyops/Deception
I&W-unit
DRE
15
Cabinet WG - Report 2
- main proposals






Defense Bill March -99
Consensus
A co-ordination group within Cabinet Office
A new national IO-D co-ordination body on
the Agency-level (separate division within
ÖCB)
A GovCERT will be organised by PTS (LEA
support)
A National ISAC will be organised
Reporting duty within Government
SNDC/IOS LN 0111
Wait
Wait
OK
OK
OK
16
Cabinet WG - Report 2
- main proposals (cont.)
 Expanded Armed
Forces mandate for support of
vital National Information Systems
 An active IT-check function for the government
administration will be organised within the
Armed Forces
 Constitutional amendments
 Analysis of perception/desinformation methods
on Internet at The National Board of
Psychological Defence
 New forms of co-operation etc. concerning IC
SNDC/IOS LN 0111
OK
OK
OK
OK
OK
17
SWE c.f. US in CIP approaches
 More
emphasis on the top-down perspective
(IO-D) than on the infosec bottom-up
perspective (IA).
 More emphasis on the CIAO-equivalent and
less on the NIPC, due to the assessment of tight
linkage between threat and planning
 One stop-shop to the Private Sector through the
Private Sectors Security Delegation
– One Private-Government National ISAC
– GovCERT+ deals with private CERTs ---> NatCERT
SNDC/IOS LN 0111
18
The Committee on Vulnerability and Security in Civil Society
IT security and IO protection:
Presented to The Cabinet 11 May 2001
 Explicit IT security strategy
 Cross-boundary co-ordination centre
 Overall public IT security responsibility
within a new agency for civil planning
 National CERT
 A new technology competence centre
 Certification body

SNDC/IOS LN 0111
19
Structure
Co-ordination centre
Technology
Competence
Centre
Planning, risk
assessment
National
CERT
Certification
Body
SNDC/IOS LN 0111
20
Time frame







Parliament Decision I, May 1999
Swedish Defence Commission: White Paper 2,
September 1999 ”...of great importance to
security policy!”
Parliament Decision II, March 2000
Special Commissioner on Vulnerabilities in
Society, May 2001
Cabinet Bill to Parliament, September 2001
Parliament Decision III, November 2001
Implementation 2002-2003 (New agency etc.)
SNDC/IOS LN 0111
21
Three Challenges
International
law (”use of
force”) etc
International
Co-operation,
Regimes etc
International tasks
Domestic tasks
Management issues
(”bending pipes”)
SNDC/IOS LN 0111
22
Collective Security in
Cyberspace
There are no borders in Cyberspace!
 A cyber-intrusion could be routed from
country A through country B, C and D
before it ends up in country E.
 How can we trace back these intrusions?

– Today: International Law Enforcement or
private initiatives (FIRST etc)
– Tomorrow: ”Fishwebs” between national
CERT:s for tracing intrusions back in real time?
SNDC/IOS LN 0111
23
Building fishwebs in Cyberspace
Country Z
Country Y
Country A
Country B
Country C
Country D
UN, ITU
etc
Country E
Country X
SNDC/IOS LN 0111
24
Areas of international cooperation?
Doctrines concerning use of IO/IW under
UN or other international legal auspices
(international operations, upholding
sanctions etc.)
 Principles of building Regimes for
defensive actions taken in Cyberspace
(tracing, counterhacking etc.)

SNDC/IOS LN 0111
25
More info….
Website:
<www.fhs.mil.se>
SNDC/IOS LN 0111
26