Working Internationally in Cyber-Security – Issues and Opportunities Moderator – Dr Andrew Vallerand Canadian Centre for Security Science Panelists - Mr. Josh Caplan SPAWAR Dr. Peeter Lorents NATO CyberSecurity COE Mr. Mitch Dembin Assistant US Attorney, San Diego Office Important to work internationally? • In an interdependent world, the risks faced by any one agent depend not only on its choices but also on the choice of all others. • Failures of a weak link in an interdependent system can have devastating impacts on all parts of the system. • Because interdependence does not require proximity, the antecedents to catastrophes can be quite distinct and distant from the actual disaster. Cyber Security • Like airline passenger flows, cyberspace has a large number of entry points • No one country or carrier can independently secure the system or take effective unilateral actions • We must work collectively and collaboratively in a variety of areas to close the gaps. Interdependent Security • Demands that we acknowledge others security levels • Suggests it is in our own best interests to share – – – – – Threat analysis Security capability enhancements Best Practices Network contacts with Subject Matter Experts Trans-Border Projects and S&T-based Exercises; Today’s Panelists Each Panelist is a Subject Matter Expert in one of three distinct areas of international cyber security 1. Cyber Operations and Information Warfare 2. Cyber Security and Defence 3. The effective Prosecution of Cyber Crimes • Some Canadian perspectives … from the Centre for Security Science 9 Defence R&D Canada Centers Weapons Effects Vehicles Autonomous Systems Military Engineering Chem & Bio Defence Radar, EW Space Systems Information Operations Communications Synthetic Environment Centre for Security Science Centre for Operations Research and Analysis Electro-optics Combat Systems Command & Control Information Management Systems Environment Underwater Sensing Materials Air Vehicles Marine Vehicles Signature Mgt. DG Mil Pers R&A Human Factors Decision Support Command Effectiveness Operational Medicine Simulation & Modelling ADM(S&T), DG S&T Ops National Recognition • Canada recognizes the importance of interdependency in cyber security as we are about to implement a “National Cyber Security Strategy” • At the same time, we are continuing work with Allies and like minded nations to ensure that Canada cannot be used as a base for cyber attacks on our friends and neighbours. Cyber Objectives and Outcomes 1. Secure Canadian Federal digital infrastructure; 2. Secure Canadian National digital infrastructure; and, 3. Combat cyber crime & protect Canadians online S&T as a lead investment effectively links Objectives to Outcomes through enhanced capabilities 1. Protect Canadians and Canadian interests within cyber space; 2. Ensure Canada is not a base for cyber threats to friends and allies; and, 3. Bring to Justice those who breech Intl & domestic Canadian laws regarding the use of cyber space. Objectives & Outcomes are found in the 2004 National Security Policy, International Policy Statement, the Speech from the Throne and other sources Crowded CyberSecurity Space Canadian national landscape • Privy Council Office (White House in US) – National Security Advisor to the Prime Minister • Public Safety Canada – Government Operations Centre (GOC) – Integrated Threat Assessment Centre (ITAC) / Canadian Cyber Incident Response Centre (CCIRC; CERT in US) – Royal Canadian Mounted Police (RCMP; FBI & US Marshall Serv in US) – Canadian Security Intelligence Service (CIA in US) – Canadian Border Services Agency (CBP in US) • Industry Canada – Communications Research Centre (CRC) – National Research Council (NRC) – National Science and Engineering Research Council (NSERC) • Treasury Board Secretariat – Chief Information Officer • National Defence – Defence Research and Development Canada (DRDC; DDR&E in US) – Communications Security Establishment Canada (CSEC: NSA in US) – Assistant Deputy Minister (Information Management) Consolidate S&T Goals & Efforts Provide S&T support to federal & national efforts in cyber security capability development, generation and employment, specifically to : 1. Identify and understand evolving cyber threats; 2. Improve existing cyber security capabilities, based on gaps; 3. Lead the development of future national cyber security capabilities using new, enhanced or emerging technologies and supporting processes to prepare, prevent, respond and recover from cyber attacks including advanced forensics to enable effective threat identification, source and indication of malicious intent to aid in successful prosecutions. 4. Facilitate the rapid transfer of new technologies and supporting processes into the national digital infrastructure. Summary of National Element • To address threats, vulnerabilities, risks and gaps in national capabilities, Canada is building a Whole of Government Strategy for Cyber Security. • To enable its implementation and to facilitate the linkage of Objectives to Outcomes, a Whole of Government S&T program is being initiated leveraging Govt, Industry, Academia and Allied S&T as a potent Lead Investment. • The value proposition of such a S&T program includes the: – Delivery of trusted advice – Risk identification and mitigation Trusted Risk advisor mitigator – Integration of knowledge – Open innovation Knowledge integrator Open innovator International Space • Public Security Technical Program (Can-US) • NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE); NATO RTO IST panel, • The Technical Cooperation Panel (5 eyes); TTCP C3I panel • Strategic Alliance Cyber Crime Working Group (5 eyes - Lead Law Enforcement Agencies) • Europa 7th Framework Program (EU R&D on ICT)