the dos and don ts of national cybersecurity · support and development of cyber professionals...

UNCLASSIFIEDThis document contains proprietary information of Israel Aerospace Industries Ltd. and may not be reproduced, copied, disclosed or utilized in any way in whole or in part, without the prior written consent of Israel Aerospace Industries Ltd

The Dos and Don’ts of National Cybersecurity


National Challenge

The U.S. Government has

identified cybersecurity as “one

of the most serious economic and

national security challenges we

face as a nation”1

(U.S. White House Office)


Cyber Threat Landscape


What Has Changed?

Security Solutions The PerimeterVendor

Vulnerabilities

Standard IT Network

Security Solutions Aren’t

Enough

The Perimeter Is

Breached: Software

Updates, Technical

Support, Physical

Presence

Connectivity

OT and Mission Critical

Networks Are More

Connected Than Ever

Vendor Vulnerabilities

Leave Your Network

Exposed


The Solution – a Robust Cyber Eco-System


National Cyber Security Overview

Critical InfrastructureDefense

Independent Cyber Eco System(Indigenous Capabilities)

Bespoke Mission Critical Cyber Defense

National Level and Sectorial Cyber Defense


Infrastructure, Data and Processes

Scope of Cyber Space

Important Sectors

Military

HLSPrivate &

Public Enterprises SOEs Government

Agencies

Defense Industry

Ministries

Critical Infrastructure

IHLs


Level of Engagement

Dedicated Guidance

Mandatory Standards

Promoting Knowledge &

Awareness

Level of Risk to Public Interests

Critical Infrastructures

Essential Sectors &

Organizations

Entire Market & Public


MitigationPrevention Protection Response Recovery

InvestigationProactive Intelligence AttributionEnforcement

Collaborative Approach

CooperationInformation

Sharing


Should we adopt an established standard?

Different Models Different Lessons


Tailored to Specific National Needs

Overseas Partners CERT

Security agencies

Energy

A

B

C

D Military

A

B

C

D

Trusted Sharing

National level SOC

G-SOC

A

B

C

D

State Level Monitoring

State level Situational Awareness

Threat Intelligence

Information Sharing

Sectorial SOC

Situational Awareness

Forensics Abilities

Pro active Defense Arrays

State Level IR Abilities

Mission Critical

Hardening

• National strategy• Inter-Agency Co-operation• Regulation & legislation • Resilience• Organizational structure


Civilian

Sectors

Framework

National Cyber Security

National

Security

&

Law

Enforcement

Robustness Resilience Defense

National

Incidents

Management

National

CERT

Market

Regulation

Analysis & Investigation

Knowledge

and Guidance

Critical

Infrastructures

Early

Warning

Operations

&

Intelligence

12


National Cyber Roadmap

▪ Plan a “Road Map”

Phased approach

Most critical organizations

Best chances for success – quick wins

Needed lessons


CERT Operator

Cyber Studies in Universities

High School Cyber Program

ISSI

GRC Manager

CISO Cyber Defense Architect

Human Capital

Penetration Tester Forensic

s Expert

Malware Analyst

On Going Support and

Development of Cyber

Professionals

Cyber Core Professions Training Paths

• Education & training as a major part of National Cyber Security

• Professional training & infrastructure• International certifications• Courses & (core) Professions• Knowledge transfer• National independence


Who We Are?


National Challenges Require National Solutions

▪ Technology

▪ Methodology

▪ Constant Innovation

▪ Cooperation (national and international)

▪ Capacity Build-up and Maintenance


IAI - a Gate to Israel’s Cyber Eco-System and Innovation

▪ IAI leads the best and finest of Israel’s cyber eco-system & Innovation

▪ Reducing the risk of choosing novel technology and dealing with start-ups

▪ Israeli Cyber Companies Consortium (IC3)

../../../../../Dropbox/Public/EltaMovies/IC3 final en_w_sub.mp4


IAC3 – Israeli Aviation Cyber Companies Consortium

▪ IAI lead a diverse group of Israel's leading cyber & aviation companies

▪ Providing holistic, end to end, cyber solutions for commercial aviation

Custodio Pte Ltd

• Established in 2014 as Israel Aerospace Industries' (IAI) cyber early warning R&D centre in Singapore

• In late 2016, Custodio Technologies was spun-off from Custodio, taking on the mantle of continuing Custodio's pioneering cyber R&D work

• Custodio became IAI Cyber division’s holding and business development company in APAC

19


THANK YOU

the dos and don ts of national cybersecurity · support and development of cyber professionals...

Documents