working internationally in cyber-security – issues and opportunities moderator –dr andrew...

Working Internationally in Cyber-Security – Issues and Opportunities

Moderator – Dr Andrew Vallerand Canadian Centre for Security Science

Panelists - Mr. Josh Caplan SPAWAR

Dr. Peeter Lorents NATO CyberSecurity COE

Mr. Mitch Dembin Assistant US Attorney, San Diego Office

Important to work internationally?

•In an interdependent world, the risks faced by any one agent depend not only on its choices but also on the choice of all others.

•Failures of a weak link in an interdependent system can have devastating impacts on all parts of the system.

•Because interdependence does not require proximity, the antecedents to catastrophes can be quite distinct and distant from the actual disaster.

Cyber Security

• Like airline passenger flows, cyberspace has a large number of entry points

• No one country or carrier can independently secure the system or take effective unilateral actions

• We must work collectively and collaboratively in a variety of areas to close the gaps.

Interdependent Security

• Demands that we acknowledge others security levels

• Suggests it is in our own best interests to share – Threat analysis– Security capability enhancements– Best Practices– Network contacts with Subject Matter Experts– Trans-Border Projects and S&T-based Exercises;

Today’s Panelists

Each Panelist is a Subject Matter Expert in one of three distinct areas of international cyber security

1. Cyber Operations and Information Warfare

2. Cyber Security and Defence

3. The effective Prosecution of Cyber Crimes

• Some Canadian perspectives …

from the Centre for Security Science

Weapons EffectsVehicles

Autonomous SystemsMilitary EngineeringChem & Bio Defence

Human FactorsDecision Support

Command EffectivenessOperational Medicine

Simulation & Modelling

Radar, EWSpace Systems

Information OperationsCommunications

Synthetic Environment

Electro-opticsCombat Systems

Command & ControlInformation Management

Systems Environment

Underwater SensingMaterials

Air VehiclesMarine VehiclesSignature Mgt.

9 Defence R&D Canada Centers

Centre for Security Science

Centre for Operations Research and Analysis

DG Mil Pers R&A

ADM(S&T), DG S&T Ops

National Recognition

•Canada recognizes the importance of interdependency in cyber security as we are about to implement a “National Cyber Security Strategy”

•At the same time, we are continuing work with Allies and like minded nations to ensure that Canada cannot be used as a base for cyber attacks on our friends and neighbours.

Cyber Objectives and Outcomes

1. Secure Canadian Federal digital infrastructure;

2. Secure Canadian National digital infrastructure; and,

3. Combat cyber crime & protect Canadians online

1. Protect Canadians and Canadian interests within cyber space;

2. Ensure Canada is not a base for cyber threats to friends and allies; and,

3. Bring to Justice those who breech Intl & domestic Canadian laws regarding the use of cyber space.

S&T as a lead investment effectively

links Objectives to

Outcomes through

enhanced capabilities

Objectives & Outcomes are found in the 2004 National Security Policy, International Policy Statement, the Speech from the Throne and other sources

Crowded CyberSecurity Space

Canadian national landscape• Privy Council Office (White House in US)

– National Security Advisor to the Prime Minister• Public Safety Canada

– Government Operations Centre (GOC)– Integrated Threat Assessment Centre (ITAC) / Canadian Cyber Incident Response

Centre (CCIRC; CERT in US)– Royal Canadian Mounted Police (RCMP; FBI & US Marshall Serv in US) – Canadian Security Intelligence Service (CIA in US)– Canadian Border Services Agency (CBP in US)

• Industry Canada– Communications Research Centre (CRC)– National Research Council (NRC) – National Science and Engineering Research Council (NSERC)

• Treasury Board Secretariat– Chief Information Officer

• National Defence– Defence Research and Development Canada (DRDC; DDR&E in US)– Communications Security Establishment Canada (CSEC: NSA in US)– Assistant Deputy Minister (Information Management)

Consolidate S&T Goals & Efforts

Provide S&T support to federal & national efforts in cyber security capability development, generation and employment, specifically to :

1.Identify and understand evolving cyber threats;2.Improve existing cyber security capabilities, based on gaps;3.Lead the development of future national cyber security capabilities using new, enhanced or emerging technologies and supporting processes to prepare, prevent, respond and recover from cyber attacks including advanced forensics to enable effective threat identification, source and indication of malicious intent to aid in successful prosecutions. 4.Facilitate the rapid transfer of new technologies and supporting processes into the national digital infrastructure.

Summary of National Element

• To address threats, vulnerabilities, risks and gaps in national capabilities, Canada is building a Whole of Government Strategy for Cyber Security.

• To enable its implementation and to facilitate the linkage of Objectives to Outcomes, a Whole of Government S&T program is being initiated leveraging Govt, Industry, Academia and Allied S&T as a potent Lead Investment.

• The value proposition of such a S&T program includes the:– Delivery of trusted advice– Risk identification and mitigation– Integration of knowledge– Open innovation

Knowledgeintegrator

Trustedadvisor

Riskmitigator

Openinnovator

International Space

• Public Security Technical Program (Can-US)

• NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE); NATO RTO IST panel,

• The Technical Cooperation Panel (5 eyes); TTCP C3I panel

• Strategic Alliance Cyber Crime Working Group (5 eyes - Lead Law Enforcement Agencies)

• Europa 7th Framework Program (EU R&D on ICT)