Transcript Document
Finland’s Cyber Security Strategy Dr. Antti Sillanpää Sr. Researcher, Secretariat of the Security Committee 27-28 November 2014, Ankara, Turkey 17.7.2015 www.turvallisuuskomitea.fi 1 Changing threat landscape Natural resources Climate change Technology Interdependence Global economy Population growth Non-governmental actors Terrorism www.turvallisuuskomitea.fi Comprehensive approach www.turvallisuuskomitea.fi Cyber Security Strategy Government resolution 24.1.2013 Compiled by the Security Committee 17.7.2015 www.turvallisuuskomitea.fi 4 Strategy Vision www.turvallisuuskomitea.fi PPP - the Finnish way • National Emergency Supply Agency (NESA) • NESA activating critical companies • Creating and transforming Cyber Strategy 17.7.2015 www.turvallisuuskomitea.fi 6 Ten Cyber Security Guidelines www.turvallisuuskomitea.fi 7 VALHA13, TIETO13 www.turvallisuuskomitea.fi Roadmap Strategy Introduction Vision National Approach Strategic guidelines Memorandum Cyber domain Threats Principles Securing the vital functions Regulation Implementation Implementation plan Action items Cyber security tasks Implementation, plans in the ministeries Strategy is a living document www.turvallisuuskomitea.fi National implementation programme 74 Action items , main focus areas: National Cyber Security Center (NCSC) Government 24/7 Information Security Operations Security network for encrypted data transfer and administration Police capabilities for responding to cybercrime Research and education programmes, and the improvement of other competence Changes in legislation and if development of capabilities www.turvallisuuskomitea.fi 10 Focus of NCSC Technical threats Non-technical threats: Scams, frauds etc. Actions ISPs take ”Cleanest networks in the world” APT General threats HAVARO Unknown threats End user controls Citizens Government CIP www.turvallisuuskomitea.fi 11 First line – ISPs Malware, DDOS, APT… Technical threats Non-technical threats: Scams, frauds etc. Communications market act, cleaning and disconnecting infected computers Actions ISPs take ”Cleanest networks in the world” APT General threats HAVARO Unknown threats End user controls Citizens Government CIP www.turvallisuuskomitea.fi 12 Result Technical threats Non-technical threats: Scams, frauds etc. Actions ISPs take Based on Microsoft Security Intelligence Report 16 ”Cleanest networks in the world” APT General threats HAVARO Unknown threats End user controls Citizens Government CIP www.turvallisuuskomitea.fi 13 Second line – HAVARO Technical threats Non-technical threats: Scams, frauds etc. Actions ISPs take ”Cleanest networks in the world” APT General threats Network Monitoring and Early Warning System HAVARO Unknown threats End user controls Citizens Government CIP www.turvallisuuskomitea.fi 14 Third line Technical threats Non-technical threats: Scams, frauds etc. Actions ISPs take ”Cleanest networks in the world” APT General threats HAVARO Unknown threats End user controls Every stakeholder is a security actor! Citizens Government CIP www.turvallisuuskomitea.fi 15 Points from the process • • • • • Everyone on board! Clear roles! Communication! Cyber is +/Strategy as a loop! 17.7.2015 www.turvallisuuskomitea.fi 16 Finnish success factors Comprehensive concept Co-operation among authorities, business, NGO’s Cost- effectiveness Well functioning nexus Shared awareness on the importance Technology skills and knowledge www.turvallisuuskomitea.fi Turvallisuuskomitea Eteläinen Makasiinikatu 8 PL 31, 00131 HELSINKI Tel: +358 295 16001 Thank you! [email protected] www.turvallisuuskomitea.fi 17.7.2015 www.turvallisuuskomitea.fi 18