Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Protection of Classified Information & Cyber Security

advertisement 
Bruno VERMEIRE
Belgian NSA INFOSEC
Competent PRS Authority
Federal Public Service Foreign Affairs
Bruno.vermeire@diplobel.fed.be
++32.2.501 4573
•
•
•
•
•
•
•
Legal Principles
Classified Information (CI) a target?
The BEL NSA
Belgian Cyber Security Strategy
Protecting CIS handling CI
Outsourcing
Challenges
• National Security Authority : Preventive
• Police : Proactive, Reactive
• Justice : Repressive
• Paper world thinking  Cyber thinking
• CI = protection of national assets + assets of
other states on the territory
• CI = targeted with sophisticated tools, even
when not connected
Are we target ?
yes,
all CIS handling CI are targeted
• 8 administrations:
– Includes all principles
– Collegial decisions
• Cyber is not within the legal framework for
protecting CI
• Legal framework cyber includes the protection
of CI
– BEL CERT, limited services
• Mil CERT
• BELNIS
– All BEL administrations with cyber security responsibility,
includes BEL NSA
• Strategy approved by the government
– Includes
•
•
•
•
Mechanism for approving security products
Accreditation of systems beyond protection of CI only
Implementation probably next Government
Strong focus on centralised approach, awareness & education
• Appropriate cyber crime regulation
– Includes adaption of Budapest Convention on Cybercrime
• Pro’s
– Appropriate security installed
– Appropriate separation
– Very good documented
– trusted users
• Contra
– data exchange high risk (MemStick, DVD, …)
– patch policy not easy to implement
– Off line, direct assessment difficult
– Wireless (3G, 4G, WiFi, …)
• Focus on
– Vulnerability assessment
– Protection
– Trusted products
• Creating technical legal framework (cyber
security standards for CIS handling CI)
– Civil accredited evaluators
– Government accreditors (BELAC - NSA)
Electronic Surveillance
Cyber Terrorism
Information Assurance
COMPUSEC
Cyber Defense
Electronic Warfare
Electronic Defense
Computer Network Exploitation
Information Operations
Infosec
COMSEC
Computer Network Defense
Cyber Security
Cyber Warfare
Emanation security (EMSEC)
Electronic Attack
ISTAR
Cyber Network Operations
Computer Network Attack
Information Deception
SIGINT
OSINT
Computer Network Offensive
Operations Security (OPSEC)
Cyber Monitoring
•
•
•
•
Gov evolution speed  Internet revolution
No global legal framework
Identification of responsibilities
Recognition as an armed attack/military
domain
• It takes two to tango
– Win/Win  minimal level & equality requirement
• Exposure risk
– If you know what I can detect, …
you also know what I can’t …
– Technology advantage
• People
• Knowledge & Training
• Computers & networks
Cyber Capabilities must be developed during
personnel and budget cuts…
Thank
You !!
Related documents
Cyber-Security Awareness PowerPoint
Cyber-Security Awareness PowerPoint
RADM Day (USCG Cyber) - Feb 2013
RADM Day (USCG Cyber) - Feb 2013
Cyber Complo and Operations
Cyber Complo and Operations
Slide 1 - 1citizen
Slide 1 - 1citizen
Dean Phillips_ATP Cyber Education Project (CEP).
Dean Phillips_ATP Cyber Education Project (CEP).
Information Security Awareness and Training Program: Taking your
Information Security Awareness and Training Program: Taking your
Information Systems and Internet Security (ISIS) Lab Some Recent
Information Systems and Internet Security (ISIS) Lab Some Recent
October 2013 – ACPO Regional Cyber Crime Units, Capability Build
October 2013 – ACPO Regional Cyber Crime Units, Capability Build
Open - AdamDell.com
Open - AdamDell.com
Cyber Safety Assessment Review
Cyber Safety Assessment Review
Current State of the Cyber Security in Czech Republic
Current State of the Cyber Security in Czech Republic
Why important? - Continuity Insights
Why important? - Continuity Insights
Download
advertisement