SlideShare ist ein Scribd-Unternehmen logo

Global Partnership Key to Cyber Security

Dominic Karunesudas
Dominic Karunesudas

The document discusses cyber security cooperation between India and the United States. It outlines how the two countries signed an MOU to promote closer cooperation on cyber security issues and the timely exchange of cyber threat information. This agreement establishes best practices for cooperation between the two governments on technical and operational cyber security issues. The document also examines some of the challenges to achieving global cooperation on cyber security, such as the lack of common terminology, legal frameworks, and dismantling the perception of cyber security as a domestic issue only.

1 von 3
Downloaden Sie, um offline zu lesen
Cover Story: InfoSecurity August 2011 Global Partnership Key to Cyber Security With increasing incidents of Web defacements and cyber assaults no nation or enterprise can choose to ignore cyber security. The only way out is to be highly prepared and take conclusive proactive steps for any eventuality. The United States and India signed a Memorandum of Understanding (MOU) on 19th July 2011 in New Delhi to promote closer cooperation and the timely exchange of information between the organizations of their respective governments responsible for cyber security. This kick starts a new beginning for India and United States and for the mutual co-operation for matters related to cyber security. A New Beginning This brings to us a significantly major partnership with the United State in the fight against cybercrime and all round concerns governing cyber security. The signed MoU according to press release establishes best practices for the exchange of critical cyber security information and expertise between the two governments through the Indian Computer Emergency Response Team (CERT-In), Department of Information Technology, Ministry of Communications and Information Technology, and DHS United States Computer Emergency Readiness Team (US-CERT). Through this arrangement, the respective governments and broader cyber security communities in both the United States and India will have the ability to co-ordinate with their counterparts on a broad range of technical and operational cyber issues. As declared recently by William Lynn, Deputy Defense Secretary, the United States already hold international partnerships, including those with Australia, Canada, the United Kingdom and NATO. The overarching US Department of Defence (DOD) strategy hinges on five strategic pillars, including: • The establishment of cyberspace as an operational domain like air, sea, land or space, and organize, train and equip forces accordingly to perform cyber missions. • The introduction and employment of new operating concepts on networks, including active defenses using sensors, software and signatures. • Partnership with the private sector and other government agencies, particularly the Homeland Security Department, which is responsible for civilian network protection, to protect critical infrastructure. • The build-up of collective cyber defenses in coordination with U.S. allies and international partners. • Capitalisation of U.S. technological and human resources, including an exceptional cyber workforce and rapid technological innovation. Challenges to Global Co-operation The MoU comes at a time when the Web is buzzing with multiple fringe hacktivists spread across the globe. These include the well-known and most publicised groups such as Anonymous
and the self-disbanded group LulSec, who apparently has now joined the Anonymous team. According to a report published by the East West Institute on International Pathways to Cyber security are nine areas that need to be addressed by the international private and public sectors in order to achieve international cooperation. The report states the following points worth considering by CISOs of all the enterprises and the government officials. • Education and Awareness: Awareness needs to reach “critical mass” in public perception in order for it to become a pragmatic item of private and public sector agendas. • Terminology: Defining and understanding various descriptions of the issues at hand, whether seen as Cyber security (U.S.), Information Security (Russia), or Internet Security (China). • Creation of a sense and system of responsibility: Responsibility needs to be imbedded at three levels (a) individual and corporate end users; (b) creators of technology and media; (c) government. • Understanding the end user as well as growth of new media and technology. • Constant battle between security, privacy and freedom: Such matters will not have a one-off solution. Decision makers will need to understand that in order to reach solutions some compromises need to be made and balances struck among these three important factors. • Lack of legal framework: Lack of domestic legal frameworks will impede international legal cooperation. • Challenging human nature: By nature we have consistently reacted to threats once they triggered specific actions. The decision-making and reaction mentality needs to keep changing where we pro-actively address vulnerabilities before they are exercised by threats. • Dismantle the perception of domestic boundaries: Many treat cyber security as a domestic issue, failing to understand that cyber security is a challenge that transcends all borders and requires strong international dialogue, trust and cooperation. • Economics: While the above aspects are considered, it is important to take into account the economics behind achieving cyber security co-operation. Who will pay for security? Can incentives be created for corporations and individuals? State Sponsored Cyber Assault The Pentagon recently disclosed of facing one of its largest losses ever of sensitive data in a cyber-attack by a foreign government. This adds to the reason and need for a dedicated cyber command unit. Just as India, the United States too has been assaulted and hacked multiple times by various state-sponsored agents for as long as there have been avenues to do so - the significance of this incident is the public acknowledgement of a state-player. It goes along with a general escalation in cyber war rhetoric that began in earnest this spring, and seems to be part of a strategy to dissuade such actions by tying cyber intrusions directly to kinetic military responses. In India we are yet to have dedicated Cyber command though there are multiple agencies and teams on passive and active monitoring. Telecom, BFSI, Power utility and other major engineering networks should achieve more active sensing and response is also a requirement. Where known threats are detected, it would be useful and strongly advisable to deploy responses in near real time to protect mission essential services.
We need to ensure mission essential networks and network delivered services are assured. Post hoc forensics, while important, cannot achieve that objective. Commercial IDS and IPS -- alongside detectors at network gateways and on other network attached devices must be integrated into perimeter and defense in depth solutions. Multiple Indian Government and private enterprise portals are defaced every month. It is yet to be known and assessed on how many of those machines are injected with malwares. Cyber awareness, situational awareness or any other way you put it, still boils down to creating new terms that do nothing to protect anything that they are meant to do. What we need is leadership instead of rhetoric. We need to raise the bar for educational institutes to begin pumping out the right knowledge people, instead of those officials that sit there and go “yeah, we know how to do it" and then continue to complicate things up. Attention must be paid to the resiliency of systems at both critical infrastructure and defense systems. First we need to agree on a definition of resiliency and then apply the management, engineering and process practices needed to achieve it with a national objective and yet with International partners. National Cyber Security Management There are some great lessons to be learned from some of the more tightly integrated system at Ministry of Defence. Engines being the same old Ps- People and Process to manage technology. Then in effect we may begin to synchronise our efforts across cyber intelligence and beyond. This type of mechanism can cater for new data attributes to be collected and only the collection hubs need modification. Also a vision is to have clustering hubs that collect all the data from the collection hubs for wide angle analysis covering many spectrums for specific need and objective. There are multiple ways of executing this but what is really needed is putting the right people together in the right place with the right ideas and for it to be objective. One of the things worth observing is whatever passive sensory equipment is deployed for monitoring security related, information needs to be 100 percent passive and invasive, that which cannot interfere with the equipment and or the machine being monitored. And high on the flag list is if there is any shift in the data patterns should be considered an alert condition to health check. Going into the technical details, it is also suggested to think of sensors on critical infrastructure should be one way only, absolutely no inbound polling for data. It is high time that the Government take proactive steps on various dimensions related to cyber security. With a booming economy, destabilising the economy has a much greater impact than someone trying to discern and decipher what the JSAP process is! —By: Dominic K, Deputy Editor 'InfoSecurity' Bureau.

Empfohlen

DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
msdee3362
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy
Mohit Kumar
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
William McBorrough
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014
 
Insa cyber intelligence_2011-1
Insa cyber intelligence_2011-1Insa cyber intelligence_2011-1
Insa cyber intelligence_2011-1
TechBiz Forense Digital
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
Eljay Robertson
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
sunnyjoshi88
 

Empfohlen

DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
msdee3362
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy
Mohit Kumar
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
William McBorrough
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014
 
Insa cyber intelligence_2011-1
Insa cyber intelligence_2011-1Insa cyber intelligence_2011-1
Insa cyber intelligence_2011-1
TechBiz Forense Digital
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
Eljay Robertson
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
sunnyjoshi88
 
2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...
2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...
2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...
sabrangsabrang
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass Houses
Paige Rasid
 
Final national cyber security strategy november 2014
Final national cyber security strategy november 2014Final national cyber security strategy november 2014
Final national cyber security strategy november 2014
vikawotar
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
inside-BigData.com
 
Technologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible CyberspaceTechnologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible Cyberspace
mark-smith
 
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature Review
Enow Eyong
 
Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...
Maurice Dawson
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
rrepko
 
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of ThingsBattlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Maurice Dawson
 
Cybersecurity Risk Perception and Communication
Cybersecurity Risk Perception and CommunicationCybersecurity Risk Perception and Communication
Cybersecurity Risk Perception and Communication
Stephen Cobb
 
Prof E Hewitt
Prof E HewittProf E Hewitt
Prof E Hewitt
Errol Hewitt. MSCP, BA
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through Cooperation
Mark Johnson
 
Managing High-Volume Cyber Attacks Through Effective Strategies in Indonesia
Managing High-Volume Cyber Attacks Through Effective Strategies in IndonesiaManaging High-Volume Cyber Attacks Through Effective Strategies in Indonesia
Managing High-Volume Cyber Attacks Through Effective Strategies in Indonesia
Yudhistira Nugraha
 
Major Essay_ US-China Relations_FINAL
Major Essay_ US-China Relations_FINALMajor Essay_ US-China Relations_FINAL
Major Essay_ US-China Relations_FINAL
Louise Collins
 
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASCCyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
David Sweigert
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
ICT Watch
 
Computers as weapons of war
Computers as weapons of warComputers as weapons of war
Computers as weapons of war
Mark Johnson
 
Introduction to National Critical Infrastructure Cyber Security: Background a...
Introduction to National Critical Infrastructure Cyber Security: Background a...Introduction to National Critical Infrastructure Cyber Security: Background a...
Introduction to National Critical Infrastructure Cyber Security: Background a...
Jack Whitsitt
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital Economy
Settapong_CyberSecurity
 
Presentación de proyecto final
Presentación de proyecto finalPresentación de proyecto final
Presentación de proyecto final
Alejandro Rey Ochoa
 
Argent
ArgentArgent
Argent
Ashley Hardin
 
My great movie
My great movieMy great movie
My great movie
Strizzy Streemz
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature Review
Enow Eyong
 
Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...
Maurice Dawson
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
rrepko
 
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of ThingsBattlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Maurice Dawson
 
Major Essay_ US-China Relations_FINAL
Major Essay_ US-China Relations_FINALMajor Essay_ US-China Relations_FINAL
Major Essay_ US-China Relations_FINAL
Louise Collins
 
Computers as weapons of war
Computers as weapons of warComputers as weapons of war
Computers as weapons of war
Mark Johnson
 

Was ist angesagt? (19)

2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...
2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...
2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass Houses
 
Final national cyber security strategy november 2014
Final national cyber security strategy november 2014Final national cyber security strategy november 2014
Final national cyber security strategy november 2014
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
 
Technologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible CyberspaceTechnologies and Policies for a Defensible Cyberspace
Technologies and Policies for a Defensible Cyberspace
 
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature Review
 
Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...Exploring Secure Computing for the Internet of Things, Internet of Everything...
Exploring Secure Computing for the Internet of Things, Internet of Everything...
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
 
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of ThingsBattlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
 
Cybersecurity Risk Perception and Communication
Cybersecurity Risk Perception and CommunicationCybersecurity Risk Perception and Communication
Cybersecurity Risk Perception and Communication
 
Prof E Hewitt
Prof E HewittProf E Hewitt
Prof E Hewitt
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through Cooperation
 
Managing High-Volume Cyber Attacks Through Effective Strategies in Indonesia
Managing High-Volume Cyber Attacks Through Effective Strategies in IndonesiaManaging High-Volume Cyber Attacks Through Effective Strategies in Indonesia
Managing High-Volume Cyber Attacks Through Effective Strategies in Indonesia
 
Major Essay_ US-China Relations_FINAL
Major Essay_ US-China Relations_FINALMajor Essay_ US-China Relations_FINAL
Major Essay_ US-China Relations_FINAL
 
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASCCyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 
Computers as weapons of war
Computers as weapons of warComputers as weapons of war
Computers as weapons of war
 
Introduction to National Critical Infrastructure Cyber Security: Background a...
Introduction to National Critical Infrastructure Cyber Security: Background a...Introduction to National Critical Infrastructure Cyber Security: Background a...
Introduction to National Critical Infrastructure Cyber Security: Background a...
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital Economy
 

Andere mochten auch

Vías aéreas superiores y ventilación
Vías aéreas superiores y ventilaciónVías aéreas superiores y ventilación
Vías aéreas superiores y ventilación
Mi rincón de Medicina
 
Weekly Epidemiological Report Combating typhoid fever 36 46
Weekly Epidemiological Report Combating typhoid fever 36 46Weekly Epidemiological Report Combating typhoid fever 36 46
Weekly Epidemiological Report Combating typhoid fever 36 46
Anura Jayasinghe
 
Body fitness & exercise basic theory for therapists 2ed mo rosser 2001
Body fitness & exercise basic theory for therapists 2ed mo rosser 2001Body fitness & exercise basic theory for therapists 2ed mo rosser 2001
Body fitness & exercise basic theory for therapists 2ed mo rosser 2001
trab22
 

Andere mochten auch (15)

Presentación de proyecto final
Presentación de proyecto finalPresentación de proyecto final
Presentación de proyecto final
 
Argent
ArgentArgent
Argent
 
My great movie
My great movieMy great movie
My great movie
 
C. Reid CV
C. Reid CVC. Reid CV
C. Reid CV
 
Vías aéreas superiores y ventilación
Vías aéreas superiores y ventilaciónVías aéreas superiores y ventilación
Vías aéreas superiores y ventilación
 
Bulletin 2068
Bulletin 2068Bulletin 2068
Bulletin 2068
 
Apresentação1
Apresentação1Apresentação1
Apresentação1
 
Weekly Epidemiological Report Combating typhoid fever 36 46
Weekly Epidemiological Report Combating typhoid fever 36 46Weekly Epidemiological Report Combating typhoid fever 36 46
Weekly Epidemiological Report Combating typhoid fever 36 46
 
Kertas kerja hari guru
Kertas kerja hari guruKertas kerja hari guru
Kertas kerja hari guru
 
Gost standards in english 1636
Gost standards in english 1636Gost standards in english 1636
Gost standards in english 1636
 
Social Network Crime on Rise
Social Network Crime on RiseSocial Network Crime on Rise
Social Network Crime on Rise
 
Writting
WrittingWritting
Writting
 
Проект "Паспорт профессий"
Проект "Паспорт профессий"Проект "Паспорт профессий"
Проект "Паспорт профессий"
 
Archivefee.com
Archivefee.comArchivefee.com
Archivefee.com
 
Body fitness & exercise basic theory for therapists 2ed mo rosser 2001
Body fitness & exercise basic theory for therapists 2ed mo rosser 2001Body fitness & exercise basic theory for therapists 2ed mo rosser 2001
Body fitness & exercise basic theory for therapists 2ed mo rosser 2001
 

Ähnlich wie Global Partnership Key to Cyber Security

SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
bagotjesusa
 
Brian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docxBrian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docx
hartrobert670
 
Institutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveInstitutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military Perspective
Government
 
Safeguarding the Digital Realm.pdf
Safeguarding the Digital Realm.pdfSafeguarding the Digital Realm.pdf
Safeguarding the Digital Realm.pdf
jasonuchiha2
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014
Silvia Cardona
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
Jessica Graf
 
Olaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative SecurityOlaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative Security
Internet Technology Matters (Internet Society)
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
Dr Lendy Spires
 
Running head CYBER SECURITY .docx
Running head CYBER SECURITY .docxRunning head CYBER SECURITY .docx
Running head CYBER SECURITY .docx
susanschei
 
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
greendigital
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
msdee3362
 

Ähnlich wie Global Partnership Key to Cyber Security (20)

SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
Brian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docxBrian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docx
 
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdfCYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
 
Institutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveInstitutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military Perspective
 
Cyber Security Conference - Msps cybersecurity whitepaper
Cyber Security Conference - Msps cybersecurity whitepaperCyber Security Conference - Msps cybersecurity whitepaper
Cyber Security Conference - Msps cybersecurity whitepaper
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
Safeguarding the Digital Realm.pdf
Safeguarding the Digital Realm.pdfSafeguarding the Digital Realm.pdf
Safeguarding the Digital Realm.pdf
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
 
Olaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative SecurityOlaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative Security
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
 
Running head CYBER SECURITY .docx
Running head CYBER SECURITY .docxRunning head CYBER SECURITY .docx
Running head CYBER SECURITY .docx
 
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...
 
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
 
Insa cyber intelligence 2011
Insa cyber intelligence 2011Insa cyber intelligence 2011
Insa cyber intelligence 2011
 
Io t whitepaper_5_15_17
Io t whitepaper_5_15_17Io t whitepaper_5_15_17
Io t whitepaper_5_15_17
 
The importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexThe importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity index
 

Global Partnership Key to Cyber Security

  • 1. Cover Story: InfoSecurity August 2011 Global Partnership Key to Cyber Security With increasing incidents of Web defacements and cyber assaults no nation or enterprise can choose to ignore cyber security. The only way out is to be highly prepared and take conclusive proactive steps for any eventuality. The United States and India signed a Memorandum of Understanding (MOU) on 19th July 2011 in New Delhi to promote closer cooperation and the timely exchange of information between the organizations of their respective governments responsible for cyber security. This kick starts a new beginning for India and United States and for the mutual co-operation for matters related to cyber security. A New Beginning This brings to us a significantly major partnership with the United State in the fight against cybercrime and all round concerns governing cyber security. The signed MoU according to press release establishes best practices for the exchange of critical cyber security information and expertise between the two governments through the Indian Computer Emergency Response Team (CERT-In), Department of Information Technology, Ministry of Communications and Information Technology, and DHS United States Computer Emergency Readiness Team (US-CERT). Through this arrangement, the respective governments and broader cyber security communities in both the United States and India will have the ability to co-ordinate with their counterparts on a broad range of technical and operational cyber issues. As declared recently by William Lynn, Deputy Defense Secretary, the United States already hold international partnerships, including those with Australia, Canada, the United Kingdom and NATO. The overarching US Department of Defence (DOD) strategy hinges on five strategic pillars, including: • The establishment of cyberspace as an operational domain like air, sea, land or space, and organize, train and equip forces accordingly to perform cyber missions. • The introduction and employment of new operating concepts on networks, including active defenses using sensors, software and signatures. • Partnership with the private sector and other government agencies, particularly the Homeland Security Department, which is responsible for civilian network protection, to protect critical infrastructure. • The build-up of collective cyber defenses in coordination with U.S. allies and international partners. • Capitalisation of U.S. technological and human resources, including an exceptional cyber workforce and rapid technological innovation. Challenges to Global Co-operation The MoU comes at a time when the Web is buzzing with multiple fringe hacktivists spread across the globe. These include the well-known and most publicised groups such as Anonymous
  • 2. and the self-disbanded group LulSec, who apparently has now joined the Anonymous team. According to a report published by the East West Institute on International Pathways to Cyber security are nine areas that need to be addressed by the international private and public sectors in order to achieve international cooperation. The report states the following points worth considering by CISOs of all the enterprises and the government officials. • Education and Awareness: Awareness needs to reach “critical mass” in public perception in order for it to become a pragmatic item of private and public sector agendas. • Terminology: Defining and understanding various descriptions of the issues at hand, whether seen as Cyber security (U.S.), Information Security (Russia), or Internet Security (China). • Creation of a sense and system of responsibility: Responsibility needs to be imbedded at three levels (a) individual and corporate end users; (b) creators of technology and media; (c) government. • Understanding the end user as well as growth of new media and technology. • Constant battle between security, privacy and freedom: Such matters will not have a one-off solution. Decision makers will need to understand that in order to reach solutions some compromises need to be made and balances struck among these three important factors. • Lack of legal framework: Lack of domestic legal frameworks will impede international legal cooperation. • Challenging human nature: By nature we have consistently reacted to threats once they triggered specific actions. The decision-making and reaction mentality needs to keep changing where we pro-actively address vulnerabilities before they are exercised by threats. • Dismantle the perception of domestic boundaries: Many treat cyber security as a domestic issue, failing to understand that cyber security is a challenge that transcends all borders and requires strong international dialogue, trust and cooperation. • Economics: While the above aspects are considered, it is important to take into account the economics behind achieving cyber security co-operation. Who will pay for security? Can incentives be created for corporations and individuals? State Sponsored Cyber Assault The Pentagon recently disclosed of facing one of its largest losses ever of sensitive data in a cyber-attack by a foreign government. This adds to the reason and need for a dedicated cyber command unit. Just as India, the United States too has been assaulted and hacked multiple times by various state-sponsored agents for as long as there have been avenues to do so - the significance of this incident is the public acknowledgement of a state-player. It goes along with a general escalation in cyber war rhetoric that began in earnest this spring, and seems to be part of a strategy to dissuade such actions by tying cyber intrusions directly to kinetic military responses. In India we are yet to have dedicated Cyber command though there are multiple agencies and teams on passive and active monitoring. Telecom, BFSI, Power utility and other major engineering networks should achieve more active sensing and response is also a requirement. Where known threats are detected, it would be useful and strongly advisable to deploy responses in near real time to protect mission essential services.
  • 3. We need to ensure mission essential networks and network delivered services are assured. Post hoc forensics, while important, cannot achieve that objective. Commercial IDS and IPS -- alongside detectors at network gateways and on other network attached devices must be integrated into perimeter and defense in depth solutions. Multiple Indian Government and private enterprise portals are defaced every month. It is yet to be known and assessed on how many of those machines are injected with malwares. Cyber awareness, situational awareness or any other way you put it, still boils down to creating new terms that do nothing to protect anything that they are meant to do. What we need is leadership instead of rhetoric. We need to raise the bar for educational institutes to begin pumping out the right knowledge people, instead of those officials that sit there and go “yeah, we know how to do it" and then continue to complicate things up. Attention must be paid to the resiliency of systems at both critical infrastructure and defense systems. First we need to agree on a definition of resiliency and then apply the management, engineering and process practices needed to achieve it with a national objective and yet with International partners. National Cyber Security Management There are some great lessons to be learned from some of the more tightly integrated system at Ministry of Defence. Engines being the same old Ps- People and Process to manage technology. Then in effect we may begin to synchronise our efforts across cyber intelligence and beyond. This type of mechanism can cater for new data attributes to be collected and only the collection hubs need modification. Also a vision is to have clustering hubs that collect all the data from the collection hubs for wide angle analysis covering many spectrums for specific need and objective. There are multiple ways of executing this but what is really needed is putting the right people together in the right place with the right ideas and for it to be objective. One of the things worth observing is whatever passive sensory equipment is deployed for monitoring security related, information needs to be 100 percent passive and invasive, that which cannot interfere with the equipment and or the machine being monitored. And high on the flag list is if there is any shift in the data patterns should be considered an alert condition to health check. Going into the technical details, it is also suggested to think of sensors on critical infrastructure should be one way only, absolutely no inbound polling for data. It is high time that the Government take proactive steps on various dimensions related to cyber security. With a booming economy, destabilising the economy has a much greater impact than someone trying to discern and decipher what the JSAP process is! —By: Dominic K, Deputy Editor 'InfoSecurity' Bureau.