Transcript Document 7210752

Identity Assurance and
Cyber Security:
Lessons Learned from the
Real World of Cyber Warfare
For C4ISR, Robot Platforms & Sensors, San Diego 2008
Lt.Gen. (retired) Johannes Kert
•
•
•
•
•
Information Society in Estonia
60% of population active internet users
Government working as e-cabinet
97% of all bank transactions made online
Numerous public services offered online
80% of people use ID-card for digital
signatures
• Every 4th company founded on-line
• More than 150 national major databases
share common information exchange layer
(X-road)
• Comprehensive IT-regulatory framework
Slide 2
2
Information Society in Georgia
• less than 10% of population
active internet users
• Information infrastructure
dependent on Russia
• No nation-wide information
society services
• weak IT-regulatory framework
3
Bronze Soldier Memorial in Estonia
4
Defacement of Georgian
websites as a matter of attack against
identity
5
Motives behind attacks against
websites.
• To close flow of information.
• To provide wrong or partly wrong
information.
• To provide demoralysing information.
6
What to do?
• To move critical servers out from country.
• To duplicate websides.
• Readiness to replace websides.
• To send attacks in to wrong directions.
7
“Hacked by Russia?”
X
X
X
X
X
X
X
8
NATO CD Document
• NATO Cyber Defence Policy (2008)
This new policy establishes the basic principles and provides direction to
NATO’s civil and military bodies in order to ensure a common and
coordinated approach to cyber defence and any response to cyber attacks.
It also contains recommendations for individual NATO countries on the
protection of their national systems.
• NATO Cyber Defence Concept (2008)
In line with the policy, NATO's Military Committee recently agreed on a
Cyber Defence Concept which adds practical action programmes to fit
within the overarching policy.
9
Estonian lessons learned
• Cooperation
– international
•
•
•
•
CERTs
Governments
NATO
Other organisations
– national
• public sector
• private sector
• Military
10
Legal Framework
• No instruments in the field of cyber defence as
(inter)national security issue
• Council of Europe Cybercrime convention
(2004)
– Ratified by 23 nations
(including Estonia and USA)
– Covers cyber crime aspects
and cross-border cooperation
http§://
11
Thank you!
For further information and contacts:
[email protected]
12