Working Internationally
in Cyber-Security –
Issues and Opportunities
Moderator – Dr Andrew Vallerand Canadian Centre for Security Science
Panelists - Mr. Josh Caplan SPAWAR
Dr. Peeter Lorents NATO CyberSecurity COE
Mr. Mitch Dembin Assistant US Attorney, San Diego Office
Important to work internationally?
• In an interdependent world, the risks faced by
any one agent depend not only on its choices but
also on the choice of all others.
• Failures of a weak link in an interdependent
system can have devastating impacts on all parts of
the system.
• Because interdependence does not require
proximity, the antecedents to catastrophes can be
quite distinct and distant from the actual disaster.
Cyber Security
• Like airline passenger flows, cyberspace has a
large number of entry points
• No one country or carrier can independently
secure the system or take effective unilateral
actions
• We must work collectively and collaboratively in a
variety of areas to close the gaps.
Interdependent Security
• Demands that we acknowledge others security
levels
• Suggests it is in our own best interests to share
–
–
–
–
–
Threat analysis
Security capability enhancements
Best Practices
Network contacts with Subject Matter Experts
Trans-Border Projects and S&T-based Exercises;
Today’s Panelists
Each Panelist is a Subject Matter Expert in one
of three distinct areas of international cyber security
1. Cyber Operations and Information Warfare
2. Cyber Security and Defence
3. The effective Prosecution of Cyber Crimes
• Some Canadian perspectives …
from the Centre for Security Science
9 Defence R&D Canada Centers
Weapons Effects
Vehicles
Autonomous Systems
Military Engineering
Chem & Bio Defence
Radar, EW
Space Systems
Information Operations
Communications
Synthetic Environment
Centre for
Security Science
Centre for Operations
Research and Analysis
Electro-optics
Combat Systems
Command & Control
Information Management
Systems Environment
Underwater Sensing
Materials
Air Vehicles
Marine Vehicles
Signature Mgt.
DG Mil Pers R&A
Human Factors
Decision Support
Command Effectiveness
Operational Medicine
Simulation & Modelling
ADM(S&T), DG S&T Ops
National Recognition
• Canada recognizes the importance of
interdependency in cyber security as we are about
to implement a “National Cyber Security Strategy”
• At the same time, we are continuing work with
Allies and like minded nations to ensure that
Canada cannot be used as a base for cyber attacks
on our friends and neighbours.
Cyber Objectives and Outcomes
1.
Secure Canadian
Federal digital
infrastructure;
2.
Secure Canadian
National digital
infrastructure; and,
3.
Combat cyber crime
& protect Canadians
online
S&T as a lead
investment
effectively
links
Objectives to
Outcomes
through
enhanced
capabilities
1.
Protect Canadians and
Canadian interests within
cyber space;
2.
Ensure Canada is not a
base for cyber threats to
friends and allies; and,
3.
Bring to Justice those
who breech Intl &
domestic Canadian laws
regarding the use of
cyber space.
Objectives & Outcomes are found in the 2004 National Security Policy,
International Policy Statement, the Speech from the Throne and other
sources
Crowded CyberSecurity Space
Canadian national landscape
•
Privy Council Office (White House in US)
– National Security Advisor to the Prime Minister
•
Public Safety Canada
– Government Operations Centre (GOC)
– Integrated Threat Assessment Centre (ITAC) / Canadian Cyber Incident Response
Centre (CCIRC; CERT in US)
– Royal Canadian Mounted Police (RCMP; FBI & US Marshall Serv in US)
– Canadian Security Intelligence Service (CIA in US)
– Canadian Border Services Agency (CBP in US)
•
Industry Canada
– Communications Research Centre (CRC)
– National Research Council (NRC)
– National Science and Engineering Research Council (NSERC)
•
Treasury Board Secretariat
– Chief Information Officer
•
National Defence
– Defence Research and Development Canada (DRDC; DDR&E in US)
– Communications Security Establishment Canada (CSEC: NSA in US)
– Assistant Deputy Minister (Information Management)
Consolidate S&T Goals & Efforts
Provide S&T support to federal & national efforts
in cyber security capability development,
generation and employment, specifically to :
1. Identify and understand evolving cyber threats;
2. Improve existing cyber security capabilities, based on gaps;
3. Lead the development of future national cyber security capabilities
using new, enhanced or emerging technologies and supporting
processes to prepare, prevent, respond and recover from cyber
attacks including advanced forensics to enable effective threat
identification, source and indication of malicious intent to aid in
successful prosecutions.
4. Facilitate the rapid transfer of new technologies and supporting
processes into the national digital infrastructure.
Summary of National Element
• To address threats, vulnerabilities, risks and gaps in
national capabilities, Canada is building a Whole of
Government Strategy for Cyber Security.
• To enable its implementation and to facilitate the linkage of
Objectives to Outcomes, a Whole of Government S&T
program is being initiated leveraging Govt, Industry,
Academia and Allied S&T as a potent Lead Investment.
• The value proposition of such a S&T program includes the:
– Delivery of trusted advice
– Risk identification and mitigation
Trusted
Risk
advisor
mitigator
– Integration of knowledge
– Open innovation
Knowledge
integrator
Open
innovator
International Space
• Public Security Technical Program (Can-US)
• NATO Cooperative Cyber Defence Centre of
Excellence (CCDCOE); NATO RTO IST panel,
• The Technical Cooperation Panel (5 eyes); TTCP
C3I panel
• Strategic Alliance Cyber Crime Working Group (5
eyes - Lead Law Enforcement Agencies)
• Europa 7th Framework Program (EU R&D on ICT)