cross-border cii dependencies - tt · 11/29/2016 · cross-border cii dependencies regional...
TRANSCRIPT
![Page 1: Cross-Border CII Dependencies - TT · 11/29/2016 · Cross-Border CII Dependencies Regional Cybersecurity Forum Sofia, Bulgaria Kadri Kaska 29 November 2016 This briefing is a product](https://reader034.vdocument.in/reader034/viewer/2022042102/5e7fc5ccbd1f3360f940a5e9/html5/thumbnails/1.jpg)
Cross-Border CII Dependencies
Regional Cybersecurity Forum
Sofia, Bulgaria
Kadri Kaska
29 November 2016
This briefing is a product of the NATO CCD COE.
It does not represent the opinions or policies of NATO and is designed to provide an independent position.
![Page 2: Cross-Border CII Dependencies - TT · 11/29/2016 · Cross-Border CII Dependencies Regional Cybersecurity Forum Sofia, Bulgaria Kadri Kaska 29 November 2016 This briefing is a product](https://reader034.vdocument.in/reader034/viewer/2022042102/5e7fc5ccbd1f3360f940a5e9/html5/thumbnails/2.jpg)
About NATO CCD COE
2
Enhance cyber defence capability,
cooperation and information sharing
among NATO, Allies, and Partners
![Page 3: Cross-Border CII Dependencies - TT · 11/29/2016 · Cross-Border CII Dependencies Regional Cybersecurity Forum Sofia, Bulgaria Kadri Kaska 29 November 2016 This briefing is a product](https://reader034.vdocument.in/reader034/viewer/2022042102/5e7fc5ccbd1f3360f940a5e9/html5/thumbnails/3.jpg)
Introduction
• Increasing reliance of vital services on cross-border CII
– Potential source of instability even for countries that have addressed the issue domestically
• One of the least explored areas of cyber vulnerability
• Research
– Existing state of knowledge in academic and security research
– National awareness and remedies
– Open source + survey
3
![Page 4: Cross-Border CII Dependencies - TT · 11/29/2016 · Cross-Border CII Dependencies Regional Cybersecurity Forum Sofia, Bulgaria Kadri Kaska 29 November 2016 This briefing is a product](https://reader034.vdocument.in/reader034/viewer/2022042102/5e7fc5ccbd1f3360f940a5e9/html5/thumbnails/4.jpg)
National concept of CII
4
Other
Not addressed
specifically
As a distinct
critical sector
or service
CII approachin national law
Distinct
critical sector or
service
Part of or
supporting
a critical
service/object
Other
(both of
above)
Not
addressed
specifically
![Page 5: Cross-Border CII Dependencies - TT · 11/29/2016 · Cross-Border CII Dependencies Regional Cybersecurity Forum Sofia, Bulgaria Kadri Kaska 29 November 2016 This briefing is a product](https://reader034.vdocument.in/reader034/viewer/2022042102/5e7fc5ccbd1f3360f940a5e9/html5/thumbnails/5.jpg)
Critical sectors/services
5
IT and
communicationsEnergy
Health and
medical services
Finance
Food supplyWater
management
Public security
and public order
Transport
![Page 6: Cross-Border CII Dependencies - TT · 11/29/2016 · Cross-Border CII Dependencies Regional Cybersecurity Forum Sofia, Bulgaria Kadri Kaska 29 November 2016 This briefing is a product](https://reader034.vdocument.in/reader034/viewer/2022042102/5e7fc5ccbd1f3360f940a5e9/html5/thumbnails/6.jpg)
Cross-border dependency
6
IT and
communicationsEnergy
Health and
medical services
Finance
Food supplyWater
management
Public security
and public order
MediaGovernment
administration
Legend:
substantial to critical
minimal to substantial
none to minimal
Transport
![Page 7: Cross-Border CII Dependencies - TT · 11/29/2016 · Cross-Border CII Dependencies Regional Cybersecurity Forum Sofia, Bulgaria Kadri Kaska 29 November 2016 This briefing is a product](https://reader034.vdocument.in/reader034/viewer/2022042102/5e7fc5ccbd1f3360f940a5e9/html5/thumbnails/7.jpg)
Risks of cross-border dependency
7
Natural andman-made hazards
Funding of security
systems
Legal differences/
loopholes
Different threat
perceptions
TECHNOLOGICAL
Lack of
technical expertise
Sector-specific
concerns
FINANCIALLEGAL/
PROCEDURAL
Failure to take
an all-hazards
approach
SOCIAL/
CULTURAL
Different security
cultures
Lack of trust
and information
![Page 8: Cross-Border CII Dependencies - TT · 11/29/2016 · Cross-Border CII Dependencies Regional Cybersecurity Forum Sofia, Bulgaria Kadri Kaska 29 November 2016 This briefing is a product](https://reader034.vdocument.in/reader034/viewer/2022042102/5e7fc5ccbd1f3360f940a5e9/html5/thumbnails/8.jpg)
Remedial measures
• All have legal instruments that address CI
dependencies– Very few have specific, legally backed remedies related to cross-
border CII
• National cyber security strategy– Many objectives supporting indirectly
– Only one nation expressed a specific objective“Interdependencies between vital services,
including cross-border dependencies,
must be constantly mapped and managed”
• All-hazards threat and risk assessments
8
![Page 9: Cross-Border CII Dependencies - TT · 11/29/2016 · Cross-Border CII Dependencies Regional Cybersecurity Forum Sofia, Bulgaria Kadri Kaska 29 November 2016 This briefing is a product](https://reader034.vdocument.in/reader034/viewer/2022042102/5e7fc5ccbd1f3360f940a5e9/html5/thumbnails/9.jpg)
Operator responsibilities
9
0 2 4 6 8 10 12
Other
Submitting to specific security measures
Maintaining security documentation
Monitoring obligations
Implementing security measures
Notifying and reporting obligations
Legal obligations of responsible entities/individualsLegal obligations of
responsible entities/individuals
![Page 10: Cross-Border CII Dependencies - TT · 11/29/2016 · Cross-Border CII Dependencies Regional Cybersecurity Forum Sofia, Bulgaria Kadri Kaska 29 November 2016 This briefing is a product](https://reader034.vdocument.in/reader034/viewer/2022042102/5e7fc5ccbd1f3360f940a5e9/html5/thumbnails/10.jpg)
National authorities
• Coordinating authorities for CIIP
– NCSC or national CERT; occasionally,
sectoral regulators
– Functional relationship to national CIP
coordinator
– Role in crisis situations
• Relationship to operators
– Assist CI operators, provide guidelines, etc.
10
![Page 11: Cross-Border CII Dependencies - TT · 11/29/2016 · Cross-Border CII Dependencies Regional Cybersecurity Forum Sofia, Bulgaria Kadri Kaska 29 November 2016 This briefing is a product](https://reader034.vdocument.in/reader034/viewer/2022042102/5e7fc5ccbd1f3360f940a5e9/html5/thumbnails/11.jpg)
Publication
• Summary of findings
• PART I: 12 country delineation – National C(I)I process– Responsibilities of actors– Cross-border remedies– Contacts
• PART II: Annotated Bibliography
11
https://ccdcoe.org/
publication-library.html
![Page 12: Cross-Border CII Dependencies - TT · 11/29/2016 · Cross-Border CII Dependencies Regional Cybersecurity Forum Sofia, Bulgaria Kadri Kaska 29 November 2016 This briefing is a product](https://reader034.vdocument.in/reader034/viewer/2022042102/5e7fc5ccbd1f3360f940a5e9/html5/thumbnails/12.jpg)
CONTACT
Kadri Kaska
Lorena Trinberg
Filtri tee 12, 10132 Tallinn, Estonia +372 717 6800