SlideShare ist ein Scribd-Unternehmen logo

Cybersecurity Challenges and National Security Implications

T
Tughral Yamin
1 von 53
Downloaden Sie, um offline zu lesen
CYBER WARFARE & NATIONAL SECURITY: IMPLICATIONS AND CHALLENGES DR TUGHRAL YAMIN ASSOCIATE DEAN CIPS, NUST
AIM TO HIGHLIGHT THE STRUCTURAL & POLICY SHORTCOMINGS WITH REGARDS TO CYBER SECURITY IN THE OVERALL FRAMEWORK OF PAKISTAN’S NATIONAL SECURITY
NATIONAL SECURITY CONCEPT • NATIONAL SECURITY CALLS UPON A GOVERNMENT, ALONG WITH ITS PARLIAMENT TO PROTECT THE STATE AND ITS CITIZENS AGAINST ALL KIND OF THREATS THROUGH A VARIETY OF POWER PROJECTION MEANS, SUCH AS – POLITICAL POWER – DIPLOMATIC INFLUENCE – ECONOMIC CAPACITY – MILITARY MIGHT • MANY COUNTRIES INCLUDING PAKISTAN ARROGATE THE RESPONSIBILITY OF COORDINATING NATIONAL SECURITY MATTERS TO THE NATIONAL SECURITY COUNCIL (NSC) SLICES OF NATIONAL SECURITYTERRITORIAL POLITICAL ECONOMIC ENERGY & NATURAL RESOURCES HOMELAND HUMAN ENVIRONMENTAL CYBER FOOD
ESSENTIAL ELEMENTS OF A COMPREHENSIVE SECURITY FRAMEWORK • STRONG LEADERSHIP TO PROVIDE – VISION – ACROSS THE BOARD COORDINATION • CLEAR CUT POLICY & STRATEGY WITH PRECISE MISSION STATEMENT • ADEQUATE FUNDS & HUMAN/MATERIAL RESOURCES • UNAMBIGIOUS SET OF LAWS & LAW ENFORCEMENT CAPACITY LEADERSHIP RESOURCES POLICY & STRATEGY LAWS
CYBER SECURITY REFERS TO PROTECTION OF OFFICIAL AND PERSONAL COMPUTER AND DATA PROCESSING INFRASTRUCTURE AND OPERATING SYSTEMS (OS) FROM HARMFUL INTERFERENCE, FROM OUTSIDE OR INSIDE THE COUNTRY INVOLVES NOT ONLY NATIONAL DEFENSE & HOMELAND SECURITY BUT ALSO LAW ENFORCEMENT
CYBER WARFARE & CYBER ATTACKS DEFINITION AN INTERNET-BASED CONFLICT INVOLVING ATTACKS ON THE ADVERSAY’S INFORMATION & INFORMATION SYSTEMS PURPOSE OF CYBER ATTACKS DEFACE WEBSITES DISABLE NETWORKS DIRUPT/ DISABLE ESSENTIAL SERVICES STEAL OR ALTER DATA CRIPPLE FINANCIAL SYSTEMS
MANIFESTATION OF CYBER ATTACK • SECURITY BREACHES • ECONOMIC LOSSES • PSYCHOLOG ICAL TRAUMA • PHYSICAL DAMAGE DISRUPTION OF COMPUTER SYSTEMS – LONG DOWN TIME FEAR & PANIC FLIGHT KNEEJERK REACTION SMALLSCALE ID THEFTS MASSIVE DATA BREACHES FRAUD LARGESCALE MONETARY THEFT
HOW CAN CYBER ATTACKS HURT NATIONAL SECURITY? CYBER ATTACKS CAN: • PARALYSE THE GOVERNMENT’S DECISION MAKING SYSTEMS • CRIPPLE A NATION’S CRITICAL INFRASTRUCTURE • CAUSE MASSIVE PANIC & TRIGGER INADVERTENT WARS PARALYSIS COLLAPSE PANIC
TYPES OF CYBER ATTACKS • VIRUSES • WORMS • TROJAN HORSES SYNTACTIC ATTACKS • MISLEADING INFORMATION TO DISTRACT OR COVER OWN TRACKS SEMANTIC ATTACKS
CYBER TARGETS • PERSONAL COMPUTERS • COMPUTER NETWORKS MANAGING THE INFORMATION SYSTEMS OF ORGANIZATIONS, BUSINESSES, FINANCIAL INSTITUTIONS ETC • CRITICAL INFRASTRUCTURE (VITAL ASSETS OF A NATION – VIRTUALLY/PHYSICALLY) CONTROLLED BY SUPERVISORY CONTROL & DATA ACQUISITION (SCADA) CRITICAL INFRASTRUCTURE COMPUTER NETWORKS PERSONAL COMPUTERS
HOW DOES A TYPICAL CYBER ATTACK TAKES PLACE? MALICIOUS ACTS ORIGINATING FROM AN ANONYMOUS SOURCES HACKING INTO A SUSCEPTIBLE SYSTEM TO EITHER • STEAL • ALTER OR • DESTROY A SPECIFIED TARGET
WHO CAN LAUNCH CYBER ATTACKS? • STATE ACTORS • NON STATE ACTORS • CRIMINALS • HACKTIVISTS • FREELANCERS • KID IN THE BASEMENT • INSIDERS
PROBLEMS WITH CYBER RESPONSES NO RULES OF ENGAGEMENT PROBLEM IN DETERMINING A PROPORTIONATE RESPONSE DIFFICULTY IN ATTRIBUTION
BROAD SPECTRUM OF CYBER ATTACKS
US CYBER SECURITY AGENCIES • OFFICE OF THE CYBER SECURITY COORDINATOR • DEPARTMENT OF HOMELAND SECURITY (DHS) • NATIONAL SECURITY AGENCY (NSA) • CYBER COMMAND (CYBERCOM)
DEPARTMENT OF HOMELAND SECURITY (DHS)
NATIONAL SECURITY AGENCY (NSA)
LEVEL AUSTRALIA UK STRAT CYBER SECURITY POLICY & COORD COMMITTEE (LEAD AGENCY: THE ATTORNEY GENERAL’S DEPARTMENT) FUNCTION: INTERDEPARTMENTAL COMMITTEE THAT COORDS DEVELOPMENT OF CYBER SECURITY POLICY FOR THE GOVT OFFICE OF THE CYBER SECURITY (OCS) FUNCTION: PROVIDES STRAT LEADERSHIP & COHERENCE ACROSS ALL DEPTS OF THE GOVT TAC CYBER SECURITY OPERATIONS CENTRE (UNDER DEFENCE SIGNALS DIRECTORATE) FUNCTION: PROVIDES GOVET WITH ALL SOURCE CYBER SITREP CYBER SECURITY OPS CENTRE (CSOC) FUNCTION: ACTIVELY MONITORS THE HEALTH OF CYBERSPACE & COORDS INCIDENCE RESPONSE OP CERT AUSTRALIA GOVCERTUK
PM OFFICE/ CABINET SECY (PMO/ CAB SEC) MINISTRY OF HOME AFFAIRS (MHA) MINISTRY OF EXTERNAL AFFAIRS (MEA) MINISTRY OF DEFENCE (MOD) MINISTRY OF COMMON INFO TECHNOLOGY (MCIT) NON GOVT ORGANISATION (NGO) NATIONAL SECURITY COUNCIL (NSC) NATIONAL CYBER COORD CENTRE (NCCC) AMBASSADORS & MINISTERS TRI SERVICE CYBER COMMAND DEPARTMENT OF INFORMATION TECHNOLOGY (DIT) CYBER SECURITY AND ANTI HACKING ORGANISATION (CSAHO) National Technical Research Org (NTRO) Directorate of Forensic Science (DFS) Defence Attaches Army (MI) Department of Telecom (DoT) Cyber Society of India (CySI) National Critical Info Infrastructure Protection Centre(NCIIPC) National Disaster Mgt Authority (NDMA) Joint Secretary (IT) Navy (NI) Indian Computer Emergency Response Team CERT-IN Centre of Excellence for Cyber Security Research & Development In India (CECSRDI) Joint Intelligence Group (JIG) Central Forensic Science Lab (CFSLs) Air Force (AFI) Education Research Network (ERNET) Cyber Security of India(CSI) National Crisis Management Committee (NCMC) Intelligence Bureau (IB) Def Info Assurance & Research Agency (DIARA) Informatics Center (NIC) National Cyber Security of India (NCS) Research & Analysis Wing (RAW) Defence Intelligence Agency (DIA) Centre for Development of Advanced Computing C-DAC Cyber Attacks Crisis Management Plan of India (CACMP) Multi Agency Center (MAC) Defence Research Dev Authority (DRDO) Standardisation, Testing and Quality Certification (STQC) National Information Board (NIB) CYBER SECURITY HIERARCHY IN INDIA
USFOCUSONITSECURITY COMPUTERS/ICT FORM THE FOUNDATION OF US ECONOMY AND DRIVE THE TECHNOLOGICAL CHANGE THAT ALLOWS SMALL AND MEDIUM-SIZED BUSINESSES TO COMPETE IN THE GLOBAL MARKETPLACE ECONOMIC GROWTH IS THREATENED BY A CORRESPONDING GROWTH IN CYBER THREATS INCREASING DATA BREACHES, THEFT OF INTELLECTUAL PROPERTY THROUGH CYBER MEANS, AND CYBER ATTACKS ARE RESULTING IN REAL COSTS AND CONSEQUENCES FOR THE AMERICAN ECONOMY US GOVERNMENT IS TAKING ACTIONS TO BETTER PREPARE ITSELF, ITS ECONOMY, AND THE NATION AS A WHOLE TO DEFEND AGAINST GROWING CYBER THREATS CYBER THREATS POSE ONE OF THE GRAVEST NATIONAL SECURITY DANGERS TO THE US
US BUDGETARY STRATEGY FOR CYBERSECURITY SEVERAL BUDGETARY, PROGRAMMATIC & LEGISLATIVE STRATEGIES TO IMPROVE THE CYBERSECURITY INFRASTRUCTURE AND COMBAT GROWING CYBER THREAT DOMESTICALLY AND GLOBALLY UPDATED CYBERSECURITY LEGISLATIVE PROPOSAL THAT WILL PROVIDE THE FEDERAL GOVERNMENT AND PRIVATE SECTOR THE NECESSARY TOOLS TO IMPROVE NATIONAL CYBERSECURITY IN FY 2016, THE PRESIDENT'S BUDGET PROPOSES $14 BILLION IN CYBERSECURITY FUNDING FOR CRITICAL INITIATIVES AND RESEARCH
US STRATEGIC INVESTMENTS IN CYBER SECURITY DHS TO LEAD IMPLEMENTATION OF THE CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) NATIONAL CYBERSECURITY PROTECTION SYSTEM BETTER KNOWN AS EINSTEIN CYBERSECURITY CROSS-AGENCY PRIORITY GOAL AND IMPLEMENT POSTWIKILEAKS SECURITY IMPROVEMENTS ON CLASSIFIED NETWORKS, PURSUANT TO E.O. 13587 $582 MILLION
US PRESIDENT’S BUDGET FY 2016 OUTREACH TO PRIVATE SECTOR SHAPING THE FUTURE CYBER ENVIRONMENT NATIONAL SECURITY AND CYBER THREATS $149 MILLION $243 MILLION $514 MILLION
CYBERCOM XXXX TO BE BROUGHT TO FULL STRENGTH US DEPARTMENT OF DEFENSE BUDGET FEDERAL CIVILIAN CYBER CAMPUS $227 MILLION TO FUND THE 1ST PHASE OF CONSTRUC TION CYBER INTELLIGENCE INTEGRATION, ANALYSIS & PLANNING WITHIN THE FEDERAL GOVERNMENT $35 MILLION
2015 US CYBERSECURITY LEGISLATIVE PROPOSAL THREE CENTRAL ELEMENTS AIM AT ENSURING NATIONAL SECURITY, WHILE ALSO PROTECTING THE PERSONAL DATA AND PRIVACY OF CITIZENS BY: • FACILITATING GREATER VOLUNTARY SHARING OF CYBER THREAT INFORMATION BETWEEN THE GOVERNMENT AND PRIVATE SECTOR • INCENTIVIZING FURTHER DEVELOPMENT OF INFORMATION SHARING AND ANALYSIS ORGANIZATIONS TO IMPROVE THE VOLUNTARY SHARING OF CYBER THREAT INFORMATION WITHIN THE PRIVATE SECTOR AND BETWEEN THE PRIVATE SECTOR AND THE GOVERNMENT. PROTECTS THE PRIVACY OF AMERICANS BY REQUIRING PRIVATE ENTITIES THAT SHARE VOLUNTARILY UNDER THE PROPOSAL'S AUTHORITY, TO COMPLY WITH CERTAIN PRIVACY RESTRICTIONS, SUCH AS REMOVING UNNECESSARY PERSONAL INFORMATION IN ORDER TO QUALIFY FOR LIABILITY PROTECTION ESTABLISH DATA BREACH STANDARDS • ESTABLISHING A SINGLE FEDERAL STANDARD FOR NOTIFYING INDIVIDUALS IN A TIMELY, CONSISTENT WAY WHEN PRIVATE SECTOR DATA BREACHES OCCUR; THIS HELPS BUSINESSES AND CONSUMERS BY SIMPLIFYING AND STANDARDIZING THE EXISTING PATCHWORK OF 47 STATE LAWS THAT CONTAIN DATA BREACH REPORT REQUIREMENTS INTO ONE FEDERAL STATUTE. THIS IS PART OF OUR COMMITMENT TO BALANCE SECURITY AND PRIVACY, ENSURING CITIZENS RECEIVE TIMELY INFORMATION ON THEIR DATA IN THE EVENT OF A BREACH. THIS WILL: – PROVIDE A SINGLE THRESHOLD FOR NOTIFICATION – ESTABLISH DEADLINES FOR NOTIFICATION OF CYBER INCIDENTS
US POLICY TO MODERNIZE LAW ENFORCEMENT AUTHORITIES • ENSURE LAW ENFORCEMENT HAS THE TOOLS TO INVESTIGATE, DISRUPT & PROSECUTE CYBERCRIME • ALLOW PROSECUTION FOR THE SALE OF BOTNETS • ENABLE LAW ENFORCEMENT TO PROSECUTE THE OVERSEAS SALE OF STOLEN FINANCIAL INFORMATION LIKE CREDIT CARD AND BANK ACCOUNT NUMBERS • EXPANDS FEDERAL LAW ENFORCEMENT AUTHORITY TO DETER THE SALE OF SPYWARE USED TO STALK OR COMMIT ID THEFT • COURTS TO BE GIVEN THE AUTHORITY TO SHUT DOWN BOTNETS ENGAGED IN DISTRIBUTED DENIAL OF SERVICE ATTACKS AND OTHER CRIMINAL ACTIVITY
INTERNATIONAL CYBER BUDGETS
INDIA’S CYBER-SECURITY BUDGET ‘WOEFULLY INADEQUATE’: EXPERTS • INDIA'S CYBER-SECURITY BUDGET WAS MORE THAN DOUBLED LAST YEAR. YET, IT IS “WOEFULLY INADEQUATE” IN THE WAKE OF REVELATIONS MADE BY US NATIONAL SECURITY AGENCY CONTRACTOR EDWARD SNOWDEN AND INCREASING CYBER-ATTACKS ON GOVERNMENT INFRASTRUCTURE, ACCORDING TO EXPERTS. • IN 2014-15, THE DEPARTMENT OF IT HAS SET ASIDE RS 116 CRORE FOR CYBER SECURITY. THE COUNTRY HAS PROPOSED TO SET UP A NATIONAL CYBER COORDINATION CENTRE (NCCC) WITH A SEPARATE BUDGET OF RS 1,000 CRORE. THE COORDINATION CENTRE IS STILL AWAITING CABINET CLEARANCE. “ALLOCATION IS WOEFULLY INADEQUATE GIVEN SNOWDEN'S REVELATIONS - WE NEED AT LEAST 10 TIMES THAT AMOUNT,” SAID SUNIL ABRAHAM, EXECUTIVE DIRECTOR AT CENTER FOR INTERNET AND SOCIETY. THE ECONOMIC TIMES 28 JANUARY 2015
CYBER SECURITY ARCHITECTURE & COORD MECHANISM CYBER SECURITY POLICY CYBER LAW CYBER EMERGENCY RESPONSE SLOW PROGRESS LITTLE OR NO PROGRESS SURROUNDED BY CONTROVERSY LITTLE PROGRESS CYBER FUNDS ????????? WHITHERCYBERSECURITYINPAKISTAN?
WHO IS RESPONSIBLE FOR CYBER SECURITY IN PAKISTAN? NO DESIGNATED LEAD AGENCY MULTIPLE STAKEHOLDERS GOVERNMENT INDUSTRY ACADEMIA CIVIL SOCIETY PUBLIC
CYBERSECURITY STAKEHOLDERS GOVERNMENT • CABINET COMMITTEE ON NATIONAL SECURITY • NATIONAL SECURITY COUNCIL (NSA: LTG N.K. JANJUA) • SENATE COMMITTEE ON DEFENCE (CHAIR: SEN. M.H. SAYED) • SENATE COMMITTEE ON TECH & IT (CHAIR: SEN. SHAHI SAYED) • NA STANDING COMMITTEE ON TECH & IT (CHAIR: CAPT SAFDAR) • MINISTRY OF DEFENCE • MINISTRY OF INTERIOR • MINISTRY OF FOREIGN AFFAIRS • MINISTRY OF IT • JS HQ • INTELLIGENCE AGENCIES PUBLIC • PAKISTAN SOFTWARE HOUSES ASSOCIATION (PASHA) • INTERNET SERVICE PROVIDERS ASSOCIATION OF PAKISTAN (ISPAK) • PAKISTAN INFORMATION SECURITY ASSOCIATION (PISA) • E COMMERCE ENTREPRENEURS • DIGITAL RIGHTS ACTIVISTS (BOLO BHI) • SOCIAL MEDIA ACTIVISTS • ORDINARY CITIZENS
SENATE COMMITTEE FOR DEFENCE ACTION PLAN FOR CYBER SECURE PAKISTAN (JULY 2013) • POINT 1. RELEVANT LEGISLATION TO PRESERVE, PROTECT AND PROMOTE PAKISTAN’S CYBER SECURITY • POINT 2. CYBER SECURITY THREAT TO BE ACCEPTED AND RECOGNIZED AS NEW, EMERGING NATIONAL SECURITY THREAT BY THE GOVERNMENT OF PAKISTAN, SIMILAR TO THREATS LIKE TERRORISM AND MILITARY AGGRESSION • POINT 3. ESTABLISH A NATIONAL COMPUTER EMERGENCY RESPONSE TEAM (PKCERT). • POINT 4. ESTABLISH A CYBER-SECURITY TASK FORCE WITH AFFILIATION WITH MINISTRY OF DEFENCE, MINISTRY OF IT, MINISTRY OF INTERIOR, MINISTRY OF FOREIGN AFFAIRS, MINISTRY OF INFORMATION AND OUR SECURITY ORGANIZATIONS PLUS RELEVANT AND LEADING PROFESSIONALS FROM THE PRIVATE SECURITY SO THAT PAKISTAN CAN TAKE STEPS TO COMBAT THIS NEW EMERGING THREAT AND FORMULATE CYBER SECURITY STRATEGY FOR PAKISTAN. • POINT 5. UNDER THE OFFICE OF THE CHAIRMAN JOINT CHIEFS OF STAFF COMMITTEE, AN INTER- SERVICES CYBER COMMAND SHOULD BE ESTABLISHED TO COORDINATE CYBER SECURITY AND CYBER DEFENCE FOR THE PAKISTAN ARMED FORCES. • POINT 6. WITHIN THE FRAMEWORK OF SAARC, PAKISTAN SHOULD TAKE THE INITIATIVE TO INITIATE TALKS AMONG THE 8-MEMBER STATES PARTICULARLY INDIA TO ESTABLISH ACCEPTABLE NORMS OF BEHAVIOR IN CYBER SECURITY AMONG THE SAARC COUNTRIES SO THAT THESE COUNTRIES ARE NOT ENGAGED IN CYBER WARFARE AGAINST EACH OTHER. • POINT 7. SPECIAL MEDIA WORKSHOPS ON CYBER SECURITY AWARENESS
NATIONAL CYBER SECURITY COUNCIL BILL (INTRODUCED 14.04.2014) • WITHIN SIXTY DAYS OF THE ENACTMENT OF THIS ACT, THE SENATE STANDING COMMITTEE ON DEFENCE SHALL CONSTITUTE THE NATIONAL CYBER SECURITY COUNCIL • NO ACT OF THE COUNCIL SHALL BE INVALID BY REASON ONLY OF THE EXISTENCE OF ANY VACANCY AMONG ITS MEMBERS OR ANY DEFECT IN ITS CONSTITUTION DISCOVERED AFTER SUCH ACT OR PROCEEDING OF THE COUNCIL: PROVIDED THAT AS SOON AS SUCH DEFECT HAS BEEN DISCOVERED, THE MEMBER SHALL NOT EXERCISE THE FUNCTIONS OR POWERS OF HIS MEMBERSHIP UNTIL THE DEFECT HAS BEEN RECTIFIED • THE COUNCIL SHALL MEET AT LEAST ONCE IN EACH QUARTER OF A YEAR • THE COUNCIL MAY FROM TIME TO TIME DELEGATE ONE OR MORE OF ITS FUNCTIONS AND POWERS TO ONE OR MORE OF ITS MEMBERS, HOWEVER, UNDER NO CIRCUMSTANCE SHALL BE FURTHER DELEGATED. • DECISIONS OF THE COUNCIL SHALL BE TAKEN BY A MAJORITY OF THE MEMBERS. • SAVE AS PROVIDED HEREIN, THE TERMS AND CONDITIONS OF SERVICE OF THE MEMBERS OF THE COUNCIL SHALL BE SUCH AS MAY BE PRESCRIBED. • CHAIR. CHAIRMAN SENATE STANDING COMMITTEE ON DEFENCE • MEMBERS – FEDERAL GOVT (21) – PRIVATE SECTOR (9)
MANDATE OF THE NATIONAL CYBER SECURITY COUNCIL • DEVELOP POLICY, RENDER ADVICE, CONDUCT RESEARCH AND ESTABLISH START UP INITIATIVES • ESTABLISH A NATIONAL CYBER SECURITY STRATEGY WHICH MAY BE UPDATED FROM TIME TO TIME, AS AND WHEN DEEMED APPROPRIATE, BUT NOT LATER THAN EVERY THREE YEARS • ESTABLISH AN INTERNATIONAL CYBER SECURITY STRATEGY WHICH MAY BE UPDATED FROM TIME TO TIME, AS AND WHEN DEEMED APPROPRIATE BUT NOT LATER THAN EVERY THREE YEARS • UNDERTAKE INITIATIVES AS PROVIDED FOR UNDER SECTION 6; • DEVELOP AND DRAFT POLICY, GUIDELINES AND GOVERNANCE MODELS RELATED TO EVER EMERGING CYBER SECURITY THREATS; • ADVISE AND MAKE RECOMMENDATIONS TO THE SENATE AND THE NATIONAL ASSEMBLY, JUDICIARY AND ALL MINISTRIES, DEPARTMENTS AND BRANCHES OF GOVERNMENT ON POLICY AND LEGISLATION WITH RESPECT TO CYBER SECURITY; • MONITOR LEGISLATION AND PROVIDE ADVICE AND RECOMMENDATIONS WITH THE OBJECTIVE OF ENSURING THAT LEGISLATION REFLECTS INTERNATIONAL BEST PRACTICES WITH RESPECT TO CYBER SECURITY; • ADVISE AND MAKE RECOMMENDATIONS TO GOVERNMENT DEPARTMENTS ON MECHANISMS TO IMPLEMENT POLICIES RELATED TO CYBER SECURITY AND MONITOR AND HAVE PERFORMANCE AUDIT CONDUCTED THEREOF; • MAKE RECOMMENDATIONS TO THE GOVERNMENT FOR ADOPTION EITHER THROUGH POLICIES AND REGULATORY MEANS OF STANDARDIZATION, HARMONIZATION AND ACCREDITATION WITH REGARDS TO CRITICAL INFORMATION INFRASTRUCTURE; • COORDINATE AND CONSULT WITH ALL REPRESENTATIVE STATE AND NON-STATE ACTORS ON IMPLEMENTATION OF POLICIES, INITIATIVES AND LEGISLATION ON CYBER SECURITY; • FACILITATE COMMUNICATIONS BETWEEN THE GOVERNMENT AND PRIVATE SECTOR ENTITIES, ACADEMIA, CYBER SECURITY EXPERTS THROUGH MULTI-STAKEHOLDER MEETINGS HELD WITH SUCH FREQUENCY AS DETERMINED NECESSARY BY THE COUNCIL;
• ESTABLISH THE ADVISORY GROUPS AS PROVIDED BY SECTION 10 TO PROVIDE NON BINDING INPUT TO THE NATIONAL CYBER SECURITY COUNCIL ON STRATEGIC PLANS AS AND WHEN CALLED UPON TO DO SO FROM TIME TO TIME; • IN PARTICULAR ADVISE, ASSIST, COLLABORATE AND COORDINATE WITH NATIONAL SECURITY APPARATUS OF THE STATE OF PAKISTAN FOR CONTINUALLY IMPROVING THE STATE OF CYBER SECURITY WITH RESPECT TO ALL ASPECTS AND INTERESTS OF THE STATE; • COORDINATE, COLLABORATE AND CONDUCT EXCHANGES WITH INTERNATIONAL BODIES, FORA AND ENTITIES, INTERALIA, IN CONNECTION WITH THE FUNCTIONS AND POWERS HEREIN; • CAUSE RESEARCH AND DEVELOPMENT TO BE CONDUCTED WITH RESPECT TO KALEIDOSCOPIC CYBER SECURITY THREATS, DEVELOPMENTS, BEST PRACTICES AND INTERNATIONAL LAWS AND OBLIGATIONs; • PROMOTE GENERAL AWARENESS WITH RESPECT TO CYBER SECURITY AWARENESS, PARTICULARLY THE IN-HOUSE ROLE AND RESPONSIBILITY OF INDIVIDUALS, CORPORATE ENTITIES AND ORGANIZATIONS ; • DEVELOP A TEN YEAR AND TWENTY YEAR VISION WITH REGARDS TO CYBER SECURITY; • LEGISLATE AND UPDATE SUCH RULES FOR THE INTERNAL ADMINISTRATION AND OPERATIONS OF THE COUNCIL, ITS PERSONNEL AND ADVISORY GROUPS, AS IT MAY CONSIDER APPROPRIATE FOR CARRYING OUT THE PURPOSES OF THIS ACT; • INCLUSIVELY, COLLABORATE WITH THE CORPORATE ENTITIES, PRIVATE SECTOR, CYBER SECURITY ACADEMIA, PROFESSIONALS, CIVIL SOCIETY AND COMMUNITY TO ACHIEVE THE OBJECTIVES; • THE COUNCIL MAY DELEGATE THE FUNCTIONS AND POWERS TO ANY ONE OR MORE OF THE ADVISORY GROUPS, AS IT DEEMS APPROPRIATE.
2015 JOINT STATEMENT BY PRESIDENT BARACK OBAMA AND PRIME MINISTER NAWAZ SHARIF CYBERSECURITY • RECOGNIZING THE OPPORTUNITIES AND CHALLENGES PRESENTED BY INFORMATION AND COMMUNICATIONS, TECHNOLOGIES PRESIDENT OBAMA AND PRIME MINISTER SHARIF AFFIRMED THAT INTERNATIONAL COOPERATION IS ESSENTIAL TO MAKE CYBERSPACE SECURE AND STABLE • BOTH LEADERS ENDORSED THE CONSENSUS REPORT OF THE 2015 UN GROUP OF GOVERNMENTAL EXPERTS IN THE FIELD OF INFORMATION AND TELECOMMUNICATIONS IN THE CONTEXT OF INTERNATIONAL SECURITY • THE LEADERS LOOKED FORWARD TO FURTHER MULTILATERAL ENGAGEMENT, AND DISCUSSION OF CYBER ISSUES AS PART OF THE US-PAKISTAN STRATEGIC DIALOGUE
ARCHIT ECTURE POLICY & LAWS FUNDS & RESOURCES AWARENESS & PREPAREDNESS DEVELOPMENT PLAN INTERNATIONAL RELATIONS NATIONAL CYBER SECURITY COUNCIL TO BE MADE PART OF THE NSA PK CERT TO BE ESTABLISHED WITHOUT FURTHER DELAY COMPREHENSIVE CYBER SECURITY POLICY TO COORDINATE & ENSURE ALL CYBER MATTERS WHILE ADDRESSING THE CITIZEN’S RIGHT TO PRIVACY GOVERNMENT SHOULD ALLOCATE ADEQUATE FUNDS & RESOURCES FOR CYBER SECURITY PROPOSALS CYBER SECURITY AWARENESS TO BE CREATED WITHIN THE GOVT, CORPORATE SECTOR, INDUSTRY, PRIVATE BUSINESSES & ACADEMIA •DEVELOP OWN HARDWARE & INFRASTRUCTURE •DEVELOP INDEPENDENT OS FOR THE ARMED FORCES & SECURITY ORGANIZATIONS •IN THE LONGTERM DEVELOP OWN INTERNET •BRING FORTH NATIONAL VIEWPOINT ACCURATELY IN THE UN GGE & OTHER INTERNATIONAL MEETINGS •CONCLUDE CYBER CBMs WITH INDIA (SAARC SUMMIT 2016)
PROPOSED CYBER COMMAND CYBERCOM ARMY AIR FORCE NAVY SECTT
EXAMPLES OF CYBER ATTACKS & THEIR IMPACT ON NATIONAL SECURITY THE CASE OF ESTONIA (APRIL 2007) • ESTONIA RELOCATED THE BRONZE SOLDIER OF TALLINN, A SOVIET- ERA GRAVE MARKER TO THE ANNOYANCE OF THE RUSIANS • A SERIES OF CYBER ATTACKS WERE LAUNCHED AGAINST ESTONIA SWAMPING WEBSITES OF ORGANIZATIONS, INCLUDING THE PARLIAMENT, BANKS, MINISTRIES, NEWSPAPERS AND BROADCAST STATIONS • DISTRIBUTED DENIAL OF SERVICE (DDOS) LAUNCHED AGAINST THE GENERAL PUBLIC, RANGING FROM SINGLE INDIVIDUALS USING VARIOUS METHODS LIKE PING FLOODS TO EXPENSIVE RENTALS OF BOTNETS USUALLY USED FOR SPAM DISTRIBUTION • SPAMMING OF BIGGER NEWS PORTALS COMMENTARIES AND DEFACEMENTS INCLUDING THAT OF THE ESTONIAN REFORM PARTY WEBSITE
CYBER & PHYSICAL ATTACK ON GEORGIA • 20 JULY 2008. ZOMBIE COMPUTERS ATTACK GEORGIAN NETWORKS. WEBSITE OF THE GEORGIAN PRESIDENT SUFFER OVERLOAD & IS TAKEN DOWN FOR 24 HOURS. TRAFFIC DIRECTED AT THE WEBSITE INCLUDED THE PHRASE "WIN+LOVE+IN+RUSIA”. • 5 AUGUST. GEORGIAN NEW AGENCIES AND TELEVISION STATIONS HACKED. • 5 AUGUST. TERRORIST ATTACK ON BAKU–TBILISI–CEYHAN PIPELINE SUBJECTED TO A TERRORIST ATTACK NEAR REFAHIYE IN TURKEY COUPLED WITH A SOPHISTICATED COMPUTER ATTACK ON LINE'S CONTROL AND SAFETY SYSTEMS THAT CAUSE AN INCREASE IN PRESSURE AND EXPLOSION. • 7-8 AUGUST. MANY GEORGIAN INTERNET SERVERS UNDER EXTERNAL CONTROL • 9 AUGUST. KEY SECTIONS OF GEORGIA'S INTERNET TRAFFIC REROUTED THROUGH SERVERS BASED IN RUSSIA AND TURKEY, WHERE THE TRAFFIC IS EITHER BLOCKED OR DIVERTED. RUSSIAN AND TURKISH SERVERS ARE ALLEGEDLY CONTROLLED BY THE RUSSIAN HACKERS. • 10 AUGUST. RIA NOVOSTI NEWS AGENCY'S WEBSITE DISABLED FOR SEVERAL HOURS • 10 AUGUST. MANY ONLINE GEORGIAN SITES SUSPECTED TO BE FAKE • 11 AUGUST. GEORGIA ACCUSES RUSSIA OF WAGING CYBER WARFARE ON GEORGIAN GOVERNMENT WEBSITES SIMULTANEOUSLY WITH A MILITARY OFFENSIVE • 14 AUGUST. CEASEFIRE
NORTH KOREAN ATTACK ON SONY PICTURES• NOVEMBER 24, 2014. CONFIDENTIAL DATA BELONGING TO SONY PICTURES ENTERTAINMENT RELEASED • DATA INCLUDES PERSONAL INFORMATION ABOUT THE EMPLOYEES AND THEIR FAMILIES, E-MAILS BETWEEN EMPLOYEES, INFORMATION ABOUT EXECUTIVE SALARIES, COPIES OF (PREVIOUSLY) UNRELEASED SONY FILMS, AND OTHER INFORMATION • HACKERS CALLING THEMSELVES GUARDIANS OF PEACE (GOP) DEMAND CANCELLATION OF PLANNED RELEASE OF THE INTERVIEW, A COMEDY FILM ABOUT A PLOT TO ASSASSINATE NORTH KOREAN LEADER KIM JONG-UN • US BLAME NORTH KOREA FOR THE HACKING. NORTH KOREANS DENY COMPLICITY. SOME CYBERSECURITY EXPERTS CAST DOUBT ON THE EVIDENCE, ALTERNATIVELY BLAMING CURRENT OR FORMER SONY OFFICIALS FOR THE BREACH
US CYBER ATTACKS AGAINST NORTH KOREA
STUXNET ATTACK • STUXNET, A COMPUTER WORM WAS DISCOVERED IN JUNE 2010 • IT IS DESIGNED TO ATTACK INDUSTRIAL PROGRAMMABLE LOGIC CONTROLLERS (PLCs) • PLCs ALLOW THE AUTOMATION OF ELECTROMECHANICAL PROCESSES SUCH AS THOSE USED TO CONTROL MACHINERY ON FACTORY ASSEMBLY LINES, AMUSEMENT RIDES, OR CENTRIFUGES FOR SEPARATING NUCLEAR MATERIAL • EXPLOITING FOUR ZERO-DAY FLAWS, STUXNET FUNCTIONS BY TARGETING MACHINES USING THE MICROSOFT WINDOWS OPERATING SYSTEM AND NETWORKS, THEN SEEKING OUT SIEMENS STEP7 SOFTWARE • STUXNET IS TYPICALLY INTRODUCED TO THE TARGET ENVIRONMENT VIA AN INFECTED USB FLASH DRIVE • STUXNET COMPROMISED IRANIAN PLCs, COLLECTING INFORMATION ON INDUSTRIAL SYSTEMS AND CAUSING THE FAST- SPINNING CENTRIFUGES TO TEAR THEMSELVES APART, DESTROYING ALMOST ONE-FIFTH OF IRAN'S NUCLEAR CENTRIFUGES
SPOOFING OF AMERICAN DRONE OVERFLYING IRAN • ON 4 DECEMBER 2011 AN AMERICAN RQ170 SENTINEL UAV WAS SPOOFED AND FORCED TO LAND IN EASTERN IRAN • AIRCRAFT WAS DETECTED IN IRANIAN AIRSPACE 225 KILOMETERS (140 MI) FROM THE BORDER WITH AFGHANISTAN • ON 9 DECEMBER 2011, IRAN LODGED A FORMAL COMPLAINT TO THE UN SECURITY COUNCIL OVER THE UAV VIOLATING ITS AIRSPACE • ON 12 DECEMBER 2011, US ADMINISTRATION ASKED IRAN TO RETURN THEIR DRONE. IRANIANS REFUSED.
WHAT IS SPOOFING? • SPOOFING IS THE CREATION OF TCP/IP PACKETS USING SOMEBODY ELSE'S IP ADDRESS • ROUTERS USE THE DESTINATION IP ADDRESS IN ORDER TO FORWARD PACKETS THROUGH THE INTERNET, BUT IGNORE THE SOURCE IP ADDRESS • THAT ADDRESS IS ONLY USED BY THE DESTINATION MACHINE WHEN IT RESPONDS BACK TO THE SOURCE
DATA BREACH – US OFFICE OF THE PERSONNEL MANAGEMENT (OPM) • DATA BREACH STARTING MARCH 2014, AND POSSIBLY EARLIER, NOTICED BY THE OPM IN APRIL 2015 • IN JUNE 2015, OPM ANNOUNCED THAT IT HAD BEEN THE TARGET OF A DATA BREACH EFFECTING THE RECORDS OF AS MANY AS FOUR MILLION PEOPLE. LATER, FBI PUT THE NUMBER AT 18 MILLION. • INFORMATION TARGETED IN THE BREACH INCLUDED PERSONAL INFORMATION SUCH AS SOCIAL SECURITY NUMBERS, AS WELL AS NAMES, DATES AND PLACES OF BIRTH, AND ADDRESSES. • THE HACK ALSO INVOLVED THEFT OF DETAILED BACKGROUND SECURITY- CLEARANCE-RELATED BACKGROUND INFORMATION OF PEOPLE DEPLOYED ON SENSITIVE MISSIONS • ON JULY 9, 2015, THE ESTIMATE OF THE NUMBER OF STOLEN RECORDS INCREASED TO 21.5 MILLION. THIS INCLUDED RECORDS OF PEOPLE WHO HAD UNDERGONE BACKGROUND CHECKS, BUT WHO WERE NOT NECESSARILY CURRENT OR FORMER GOVERNMENT EMPLOYEES. • SOON AFTER, KATHERINE ARCHULETA, THE DIRECTOR OF OPM, AND FORMER NATIONAL POLITICAL DIRECTOR FOR BARACK OBAMA'S 2012 REELECTION CAMPAIGN, RESIGNED
CYBER WARGAME SCENARIO IN A CYBER WARGAME CONDUCTED IN THE US IN JULY 2015 • THE SCENARIO IN THE WAR GAME BEGAN WITH A MAJOR EARTHQUAKE HITTING SOUTHERN CALIFORNIA • FOLLOWED BY A SERIES OF COORDINATED CYBERATTACKS, INCLUDING OIL AND GAS PIPELINE DISRUPTION • INTERFERENCE AT A MAJOR COMMERCIAL PORT IN THE U.K. • ATTACKS ON PENTAGON NETWORKS • A FREEZE ON ACCESS TO CASH AT BANKS AND LONG LINES FOR FOOD AT STORES.
CYBER ATTACKS BY NON STATE ACTORS
CYBER CBMs • CYBER SECURITY IS A NON-CONTERVERSIAL AREA BUT HAS THE POTENTIAL OF CONFLICT • THERE IS NO CYBER SECURITY COOPERATION IN SOUTH ASIA • ISSUE NEEDS TO BE PUT ON THE AGENDA OF THE NEXT SAARC SUMMIT

Empfohlen

Cyber crime and security in pakistan
Cyber crime and security in pakistanCyber crime and security in pakistan
Cyber crime and security in pakistanFahad Abbasi
 
Cyber Warfare -
Cyber Warfare -Cyber Warfare -
Cyber Warfare -ideaflashed
 
Cyber warfare
Cyber warfareCyber warfare
Cyber warfareVedangiBrahmbhatt
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 
Cyber laws in pakistan
Cyber laws in pakistanCyber laws in pakistan
Cyber laws in pakistanSajeel Bhatti
 
Cyber Security in Bangladesh
Cyber Security in Bangladesh Cyber Security in Bangladesh
Cyber Security in Bangladesh Mohiuddin Murad
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & securityRonson Fernandes
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 

Empfohlen

Cyber crime and security in pakistan
Cyber crime and security in pakistanCyber crime and security in pakistan
Cyber crime and security in pakistanFahad Abbasi
 
Cyber Warfare -
Cyber Warfare -Cyber Warfare -
Cyber Warfare -ideaflashed
 
Cyber warfare
Cyber warfareCyber warfare
Cyber warfareVedangiBrahmbhatt
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 
Cyber laws in pakistan
Cyber laws in pakistanCyber laws in pakistan
Cyber laws in pakistanSajeel Bhatti
 
Cyber Security in Bangladesh
Cyber Security in Bangladesh Cyber Security in Bangladesh
Cyber Security in Bangladesh Mohiuddin Murad
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & securityRonson Fernandes
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Cyber crime ✔
Cyber crime ✔Cyber crime ✔
Cyber crime ✔hubbysoni
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityMohammed Adam
 
Elements of national security by Abid Hussain
Elements of national security by Abid HussainElements of national security by Abid Hussain
Elements of national security by Abid HussainInstitute of Strategic Studies Islamabad (ISSI)
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber SecuritySazed Salman
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesTam Nguyen
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Cyber crimes presentation
Cyber crimes presentationCyber crimes presentation
Cyber crimes presentationDigital Marketing Evangelist
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect usLuis Borges Gouveia
 
Cyber laws in pakistan
Cyber laws in pakistanCyber laws in pakistan
Cyber laws in pakistanRana Muhammad Asif
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYMohammad Shakirul islam
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer CrimeAlexander Zhuravlev
 
Cyber Laws In Pakistan
Cyber Laws In PakistanCyber Laws In Pakistan
Cyber Laws In PakistanTaha Mehmood
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber Crimes
Cyber CrimesCyber Crimes
Cyber Crimeslittle robie
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standardsVaughan Olufemi ACIB, AICEN, ANIM
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.pptChayaSorir
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas mariaidga
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber crime ✔
Cyber crime ✔Cyber crime ✔
Cyber crime ✔hubbysoni
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityMohammed Adam
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber SecuritySazed Salman
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesTam Nguyen
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security lawsNasir Bhutta
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect usLuis Borges Gouveia
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Cyber Laws In Pakistan
Cyber Laws In PakistanCyber Laws In Pakistan
Cyber Laws In PakistanTaha Mehmood
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Hamisi Kibonde
 

Was ist angesagt? (20)

Cyber crime ✔
Cyber crime ✔Cyber crime ✔
Cyber crime ✔
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber Security
 
Elements of national security by Abid Hussain
Elements of national security by Abid HussainElements of national security by Abid Hussain
Elements of national security by Abid Hussain
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber Security
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and Challenges
 
Cyber security laws
Cyber security lawsCyber security laws
Cyber security laws
 
Cyber crimes presentation
Cyber crimes presentationCyber crimes presentation
Cyber crimes presentation
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect us
 
Cyber laws in pakistan
Cyber laws in pakistanCyber laws in pakistan
Cyber laws in pakistan
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer Crime
 
Cyber Laws In Pakistan
Cyber Laws In PakistanCyber Laws In Pakistan
Cyber Laws In Pakistan
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Crimes
Cyber CrimesCyber Crimes
Cyber Crimes
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Cyber security standards
Cyber security standardsCyber security standards
Cyber security standards
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
 

Ähnlich wie Cybersecurity Challenges and National Security Implications

6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.pptChayaSorir
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas mariaidga
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
 
CIS-REPORT-1.pptx
CIS-REPORT-1.pptxCIS-REPORT-1.pptx
CIS-REPORT-1.pptxLilaValdez2
 
20130917-CyberInitiativeJointLetter
20130917-CyberInitiativeJointLetter20130917-CyberInitiativeJointLetter
20130917-CyberInitiativeJointLetterDoug DePeppe, Esq.
 
International strategy cyberspace_factsheet
International strategy cyberspace_factsheetInternational strategy cyberspace_factsheet
International strategy cyberspace_factsheetbueno buono good
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
 
Comprehensive U.S. Cyber Framework Final Report
Comprehensive U.S. Cyber Framework Final ReportComprehensive U.S. Cyber Framework Final Report
Comprehensive U.S. Cyber Framework Final ReportLandon Harrell
 
HIMSS Response to DHS National Cyber Incident Response Plan
HIMSS Response to DHS National Cyber Incident Response PlanHIMSS Response to DHS National Cyber Incident Response Plan
HIMSS Response to DHS National Cyber Incident Response PlanDavid Sweigert
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
Cyberdefense strategy - Boston Global Forum - 2017
Cyberdefense strategy - Boston Global Forum - 2017Cyberdefense strategy - Boston Global Forum - 2017
Cyberdefense strategy - Boston Global Forum - 2017NgocHaBui1
 
Marriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMAMarriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMADavid Sweigert
 
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASCCyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASCDavid Sweigert
 
Cybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideCybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideBenjamin Tugendstein
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Esam Abulkhirat
 
RULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARRULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARTalwant Singh
 

Ähnlich wie Cybersecurity Challenges and National Security Implications (20)

6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
 
CIS-REPORT-1.pptx
CIS-REPORT-1.pptxCIS-REPORT-1.pptx
CIS-REPORT-1.pptx
 
20130917-CyberInitiativeJointLetter
20130917-CyberInitiativeJointLetter20130917-CyberInitiativeJointLetter
20130917-CyberInitiativeJointLetter
 
RAND_RR573
RAND_RR573RAND_RR573
RAND_RR573
 
International strategy cyberspace_factsheet
International strategy cyberspace_factsheetInternational strategy cyberspace_factsheet
International strategy cyberspace_factsheet
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
 
Comprehensive U.S. Cyber Framework Final Report
Comprehensive U.S. Cyber Framework Final ReportComprehensive U.S. Cyber Framework Final Report
Comprehensive U.S. Cyber Framework Final Report
 
HIMSS Response to DHS National Cyber Incident Response Plan
HIMSS Response to DHS National Cyber Incident Response PlanHIMSS Response to DHS National Cyber Incident Response Plan
HIMSS Response to DHS National Cyber Incident Response Plan
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
 
Prof E Hewitt
Prof E HewittProf E Hewitt
Prof E Hewitt
 
Cyberdefense strategy - Boston Global Forum - 2017
Cyberdefense strategy - Boston Global Forum - 2017Cyberdefense strategy - Boston Global Forum - 2017
Cyberdefense strategy - Boston Global Forum - 2017
 
Marriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMAMarriage of Cyber Security with Emergency Management -- NEMA
Marriage of Cyber Security with Emergency Management -- NEMA
 
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASCCyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
 
Cybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideCybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection Guide
 
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
Cybersecurity Awareness- Libya' 1st Cybersecurity Days Conference (CDC)
 
RULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARRULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWAR
 

Mehr von Tughral Yamin

Mehr von Tughral Yamin (16)

Riot
RiotRiot
Riot
 
ArticleVI
ArticleVIArticleVI
ArticleVI
 
Internet
InternetInternet
Internet
 
CPECArmy
CPECArmyCPECArmy
CPECArmy
 
nucmainstreaming
nucmainstreamingnucmainstreaming
nucmainstreaming
 
CPEC India
CPEC IndiaCPEC India
CPEC India
 
Pak peacekeeping
Pak peacekeepingPak peacekeeping
Pak peacekeeping
 
SVI sec
SVI secSVI sec
SVI sec
 
TTP
TTPTTP
TTP
 
NAP
NAPNAP
NAP
 
post conflict rehab
post conflict rehabpost conflict rehab
post conflict rehab
 
Peace Education
Peace EducationPeace Education
Peace Education
 
deradicalzation
deradicalzationderadicalzation
deradicalzation
 
NDU Paper
NDU PaperNDU Paper
NDU Paper
 
afghanistan
afghanistanafghanistan
afghanistan
 
electoral politics
electoral politicselectoral politics
electoral politics
 

Cybersecurity Challenges and National Security Implications

  • 1. CYBER WARFARE & NATIONAL SECURITY: IMPLICATIONS AND CHALLENGES DR TUGHRAL YAMIN ASSOCIATE DEAN CIPS, NUST
  • 2. AIM TO HIGHLIGHT THE STRUCTURAL & POLICY SHORTCOMINGS WITH REGARDS TO CYBER SECURITY IN THE OVERALL FRAMEWORK OF PAKISTAN’S NATIONAL SECURITY
  • 3. NATIONAL SECURITY CONCEPT • NATIONAL SECURITY CALLS UPON A GOVERNMENT, ALONG WITH ITS PARLIAMENT TO PROTECT THE STATE AND ITS CITIZENS AGAINST ALL KIND OF THREATS THROUGH A VARIETY OF POWER PROJECTION MEANS, SUCH AS – POLITICAL POWER – DIPLOMATIC INFLUENCE – ECONOMIC CAPACITY – MILITARY MIGHT • MANY COUNTRIES INCLUDING PAKISTAN ARROGATE THE RESPONSIBILITY OF COORDINATING NATIONAL SECURITY MATTERS TO THE NATIONAL SECURITY COUNCIL (NSC) SLICES OF NATIONAL SECURITYTERRITORIAL POLITICAL ECONOMIC ENERGY & NATURAL RESOURCES HOMELAND HUMAN ENVIRONMENTAL CYBER FOOD
  • 4. ESSENTIAL ELEMENTS OF A COMPREHENSIVE SECURITY FRAMEWORK • STRONG LEADERSHIP TO PROVIDE – VISION – ACROSS THE BOARD COORDINATION • CLEAR CUT POLICY & STRATEGY WITH PRECISE MISSION STATEMENT • ADEQUATE FUNDS & HUMAN/MATERIAL RESOURCES • UNAMBIGIOUS SET OF LAWS & LAW ENFORCEMENT CAPACITY LEADERSHIP RESOURCES POLICY & STRATEGY LAWS
  • 5. CYBER SECURITY REFERS TO PROTECTION OF OFFICIAL AND PERSONAL COMPUTER AND DATA PROCESSING INFRASTRUCTURE AND OPERATING SYSTEMS (OS) FROM HARMFUL INTERFERENCE, FROM OUTSIDE OR INSIDE THE COUNTRY INVOLVES NOT ONLY NATIONAL DEFENSE & HOMELAND SECURITY BUT ALSO LAW ENFORCEMENT
  • 6. CYBER WARFARE & CYBER ATTACKS DEFINITION AN INTERNET-BASED CONFLICT INVOLVING ATTACKS ON THE ADVERSAY’S INFORMATION & INFORMATION SYSTEMS PURPOSE OF CYBER ATTACKS DEFACE WEBSITES DISABLE NETWORKS DIRUPT/ DISABLE ESSENTIAL SERVICES STEAL OR ALTER DATA CRIPPLE FINANCIAL SYSTEMS
  • 7. MANIFESTATION OF CYBER ATTACK • SECURITY BREACHES • ECONOMIC LOSSES • PSYCHOLOG ICAL TRAUMA • PHYSICAL DAMAGE DISRUPTION OF COMPUTER SYSTEMS – LONG DOWN TIME FEAR & PANIC FLIGHT KNEEJERK REACTION SMALLSCALE ID THEFTS MASSIVE DATA BREACHES FRAUD LARGESCALE MONETARY THEFT
  • 8. HOW CAN CYBER ATTACKS HURT NATIONAL SECURITY? CYBER ATTACKS CAN: • PARALYSE THE GOVERNMENT’S DECISION MAKING SYSTEMS • CRIPPLE A NATION’S CRITICAL INFRASTRUCTURE • CAUSE MASSIVE PANIC & TRIGGER INADVERTENT WARS PARALYSIS COLLAPSE PANIC
  • 9. TYPES OF CYBER ATTACKS • VIRUSES • WORMS • TROJAN HORSES SYNTACTIC ATTACKS • MISLEADING INFORMATION TO DISTRACT OR COVER OWN TRACKS SEMANTIC ATTACKS
  • 10. CYBER TARGETS • PERSONAL COMPUTERS • COMPUTER NETWORKS MANAGING THE INFORMATION SYSTEMS OF ORGANIZATIONS, BUSINESSES, FINANCIAL INSTITUTIONS ETC • CRITICAL INFRASTRUCTURE (VITAL ASSETS OF A NATION – VIRTUALLY/PHYSICALLY) CONTROLLED BY SUPERVISORY CONTROL & DATA ACQUISITION (SCADA) CRITICAL INFRASTRUCTURE COMPUTER NETWORKS PERSONAL COMPUTERS
  • 11. HOW DOES A TYPICAL CYBER ATTACK TAKES PLACE? MALICIOUS ACTS ORIGINATING FROM AN ANONYMOUS SOURCES HACKING INTO A SUSCEPTIBLE SYSTEM TO EITHER • STEAL • ALTER OR • DESTROY A SPECIFIED TARGET
  • 12.
  • 13. WHO CAN LAUNCH CYBER ATTACKS? • STATE ACTORS • NON STATE ACTORS • CRIMINALS • HACKTIVISTS • FREELANCERS • KID IN THE BASEMENT • INSIDERS
  • 14. PROBLEMS WITH CYBER RESPONSES NO RULES OF ENGAGEMENT PROBLEM IN DETERMINING A PROPORTIONATE RESPONSE DIFFICULTY IN ATTRIBUTION
  • 15. BROAD SPECTRUM OF CYBER ATTACKS
  • 16. US CYBER SECURITY AGENCIES • OFFICE OF THE CYBER SECURITY COORDINATOR • DEPARTMENT OF HOMELAND SECURITY (DHS) • NATIONAL SECURITY AGENCY (NSA) • CYBER COMMAND (CYBERCOM)
  • 19.
  • 20.
  • 21. LEVEL AUSTRALIA UK STRAT CYBER SECURITY POLICY & COORD COMMITTEE (LEAD AGENCY: THE ATTORNEY GENERAL’S DEPARTMENT) FUNCTION: INTERDEPARTMENTAL COMMITTEE THAT COORDS DEVELOPMENT OF CYBER SECURITY POLICY FOR THE GOVT OFFICE OF THE CYBER SECURITY (OCS) FUNCTION: PROVIDES STRAT LEADERSHIP & COHERENCE ACROSS ALL DEPTS OF THE GOVT TAC CYBER SECURITY OPERATIONS CENTRE (UNDER DEFENCE SIGNALS DIRECTORATE) FUNCTION: PROVIDES GOVET WITH ALL SOURCE CYBER SITREP CYBER SECURITY OPS CENTRE (CSOC) FUNCTION: ACTIVELY MONITORS THE HEALTH OF CYBERSPACE & COORDS INCIDENCE RESPONSE OP CERT AUSTRALIA GOVCERTUK
  • 22. PM OFFICE/ CABINET SECY (PMO/ CAB SEC) MINISTRY OF HOME AFFAIRS (MHA) MINISTRY OF EXTERNAL AFFAIRS (MEA) MINISTRY OF DEFENCE (MOD) MINISTRY OF COMMON INFO TECHNOLOGY (MCIT) NON GOVT ORGANISATION (NGO) NATIONAL SECURITY COUNCIL (NSC) NATIONAL CYBER COORD CENTRE (NCCC) AMBASSADORS & MINISTERS TRI SERVICE CYBER COMMAND DEPARTMENT OF INFORMATION TECHNOLOGY (DIT) CYBER SECURITY AND ANTI HACKING ORGANISATION (CSAHO) National Technical Research Org (NTRO) Directorate of Forensic Science (DFS) Defence Attaches Army (MI) Department of Telecom (DoT) Cyber Society of India (CySI) National Critical Info Infrastructure Protection Centre(NCIIPC) National Disaster Mgt Authority (NDMA) Joint Secretary (IT) Navy (NI) Indian Computer Emergency Response Team CERT-IN Centre of Excellence for Cyber Security Research & Development In India (CECSRDI) Joint Intelligence Group (JIG) Central Forensic Science Lab (CFSLs) Air Force (AFI) Education Research Network (ERNET) Cyber Security of India(CSI) National Crisis Management Committee (NCMC) Intelligence Bureau (IB) Def Info Assurance & Research Agency (DIARA) Informatics Center (NIC) National Cyber Security of India (NCS) Research & Analysis Wing (RAW) Defence Intelligence Agency (DIA) Centre for Development of Advanced Computing C-DAC Cyber Attacks Crisis Management Plan of India (CACMP) Multi Agency Center (MAC) Defence Research Dev Authority (DRDO) Standardisation, Testing and Quality Certification (STQC) National Information Board (NIB) CYBER SECURITY HIERARCHY IN INDIA
  • 23. USFOCUSONITSECURITY COMPUTERS/ICT FORM THE FOUNDATION OF US ECONOMY AND DRIVE THE TECHNOLOGICAL CHANGE THAT ALLOWS SMALL AND MEDIUM-SIZED BUSINESSES TO COMPETE IN THE GLOBAL MARKETPLACE ECONOMIC GROWTH IS THREATENED BY A CORRESPONDING GROWTH IN CYBER THREATS INCREASING DATA BREACHES, THEFT OF INTELLECTUAL PROPERTY THROUGH CYBER MEANS, AND CYBER ATTACKS ARE RESULTING IN REAL COSTS AND CONSEQUENCES FOR THE AMERICAN ECONOMY US GOVERNMENT IS TAKING ACTIONS TO BETTER PREPARE ITSELF, ITS ECONOMY, AND THE NATION AS A WHOLE TO DEFEND AGAINST GROWING CYBER THREATS CYBER THREATS POSE ONE OF THE GRAVEST NATIONAL SECURITY DANGERS TO THE US
  • 24. US BUDGETARY STRATEGY FOR CYBERSECURITY SEVERAL BUDGETARY, PROGRAMMATIC & LEGISLATIVE STRATEGIES TO IMPROVE THE CYBERSECURITY INFRASTRUCTURE AND COMBAT GROWING CYBER THREAT DOMESTICALLY AND GLOBALLY UPDATED CYBERSECURITY LEGISLATIVE PROPOSAL THAT WILL PROVIDE THE FEDERAL GOVERNMENT AND PRIVATE SECTOR THE NECESSARY TOOLS TO IMPROVE NATIONAL CYBERSECURITY IN FY 2016, THE PRESIDENT'S BUDGET PROPOSES $14 BILLION IN CYBERSECURITY FUNDING FOR CRITICAL INITIATIVES AND RESEARCH
  • 25. US STRATEGIC INVESTMENTS IN CYBER SECURITY DHS TO LEAD IMPLEMENTATION OF THE CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) NATIONAL CYBERSECURITY PROTECTION SYSTEM BETTER KNOWN AS EINSTEIN CYBERSECURITY CROSS-AGENCY PRIORITY GOAL AND IMPLEMENT POSTWIKILEAKS SECURITY IMPROVEMENTS ON CLASSIFIED NETWORKS, PURSUANT TO E.O. 13587 $582 MILLION
  • 26. US PRESIDENT’S BUDGET FY 2016 OUTREACH TO PRIVATE SECTOR SHAPING THE FUTURE CYBER ENVIRONMENT NATIONAL SECURITY AND CYBER THREATS $149 MILLION $243 MILLION $514 MILLION
  • 27. CYBERCOM XXXX TO BE BROUGHT TO FULL STRENGTH US DEPARTMENT OF DEFENSE BUDGET FEDERAL CIVILIAN CYBER CAMPUS $227 MILLION TO FUND THE 1ST PHASE OF CONSTRUC TION CYBER INTELLIGENCE INTEGRATION, ANALYSIS & PLANNING WITHIN THE FEDERAL GOVERNMENT $35 MILLION
  • 28. 2015 US CYBERSECURITY LEGISLATIVE PROPOSAL THREE CENTRAL ELEMENTS AIM AT ENSURING NATIONAL SECURITY, WHILE ALSO PROTECTING THE PERSONAL DATA AND PRIVACY OF CITIZENS BY: • FACILITATING GREATER VOLUNTARY SHARING OF CYBER THREAT INFORMATION BETWEEN THE GOVERNMENT AND PRIVATE SECTOR • INCENTIVIZING FURTHER DEVELOPMENT OF INFORMATION SHARING AND ANALYSIS ORGANIZATIONS TO IMPROVE THE VOLUNTARY SHARING OF CYBER THREAT INFORMATION WITHIN THE PRIVATE SECTOR AND BETWEEN THE PRIVATE SECTOR AND THE GOVERNMENT. PROTECTS THE PRIVACY OF AMERICANS BY REQUIRING PRIVATE ENTITIES THAT SHARE VOLUNTARILY UNDER THE PROPOSAL'S AUTHORITY, TO COMPLY WITH CERTAIN PRIVACY RESTRICTIONS, SUCH AS REMOVING UNNECESSARY PERSONAL INFORMATION IN ORDER TO QUALIFY FOR LIABILITY PROTECTION ESTABLISH DATA BREACH STANDARDS • ESTABLISHING A SINGLE FEDERAL STANDARD FOR NOTIFYING INDIVIDUALS IN A TIMELY, CONSISTENT WAY WHEN PRIVATE SECTOR DATA BREACHES OCCUR; THIS HELPS BUSINESSES AND CONSUMERS BY SIMPLIFYING AND STANDARDIZING THE EXISTING PATCHWORK OF 47 STATE LAWS THAT CONTAIN DATA BREACH REPORT REQUIREMENTS INTO ONE FEDERAL STATUTE. THIS IS PART OF OUR COMMITMENT TO BALANCE SECURITY AND PRIVACY, ENSURING CITIZENS RECEIVE TIMELY INFORMATION ON THEIR DATA IN THE EVENT OF A BREACH. THIS WILL: – PROVIDE A SINGLE THRESHOLD FOR NOTIFICATION – ESTABLISH DEADLINES FOR NOTIFICATION OF CYBER INCIDENTS
  • 29. US POLICY TO MODERNIZE LAW ENFORCEMENT AUTHORITIES • ENSURE LAW ENFORCEMENT HAS THE TOOLS TO INVESTIGATE, DISRUPT & PROSECUTE CYBERCRIME • ALLOW PROSECUTION FOR THE SALE OF BOTNETS • ENABLE LAW ENFORCEMENT TO PROSECUTE THE OVERSEAS SALE OF STOLEN FINANCIAL INFORMATION LIKE CREDIT CARD AND BANK ACCOUNT NUMBERS • EXPANDS FEDERAL LAW ENFORCEMENT AUTHORITY TO DETER THE SALE OF SPYWARE USED TO STALK OR COMMIT ID THEFT • COURTS TO BE GIVEN THE AUTHORITY TO SHUT DOWN BOTNETS ENGAGED IN DISTRIBUTED DENIAL OF SERVICE ATTACKS AND OTHER CRIMINAL ACTIVITY
  • 31. INDIA’S CYBER-SECURITY BUDGET ‘WOEFULLY INADEQUATE’: EXPERTS • INDIA'S CYBER-SECURITY BUDGET WAS MORE THAN DOUBLED LAST YEAR. YET, IT IS “WOEFULLY INADEQUATE” IN THE WAKE OF REVELATIONS MADE BY US NATIONAL SECURITY AGENCY CONTRACTOR EDWARD SNOWDEN AND INCREASING CYBER-ATTACKS ON GOVERNMENT INFRASTRUCTURE, ACCORDING TO EXPERTS. • IN 2014-15, THE DEPARTMENT OF IT HAS SET ASIDE RS 116 CRORE FOR CYBER SECURITY. THE COUNTRY HAS PROPOSED TO SET UP A NATIONAL CYBER COORDINATION CENTRE (NCCC) WITH A SEPARATE BUDGET OF RS 1,000 CRORE. THE COORDINATION CENTRE IS STILL AWAITING CABINET CLEARANCE. “ALLOCATION IS WOEFULLY INADEQUATE GIVEN SNOWDEN'S REVELATIONS - WE NEED AT LEAST 10 TIMES THAT AMOUNT,” SAID SUNIL ABRAHAM, EXECUTIVE DIRECTOR AT CENTER FOR INTERNET AND SOCIETY. THE ECONOMIC TIMES 28 JANUARY 2015
  • 32. CYBER SECURITY ARCHITECTURE & COORD MECHANISM CYBER SECURITY POLICY CYBER LAW CYBER EMERGENCY RESPONSE SLOW PROGRESS LITTLE OR NO PROGRESS SURROUNDED BY CONTROVERSY LITTLE PROGRESS CYBER FUNDS ????????? WHITHERCYBERSECURITYINPAKISTAN?
  • 33. WHO IS RESPONSIBLE FOR CYBER SECURITY IN PAKISTAN? NO DESIGNATED LEAD AGENCY MULTIPLE STAKEHOLDERS GOVERNMENT INDUSTRY ACADEMIA CIVIL SOCIETY PUBLIC
  • 34. CYBERSECURITY STAKEHOLDERS GOVERNMENT • CABINET COMMITTEE ON NATIONAL SECURITY • NATIONAL SECURITY COUNCIL (NSA: LTG N.K. JANJUA) • SENATE COMMITTEE ON DEFENCE (CHAIR: SEN. M.H. SAYED) • SENATE COMMITTEE ON TECH & IT (CHAIR: SEN. SHAHI SAYED) • NA STANDING COMMITTEE ON TECH & IT (CHAIR: CAPT SAFDAR) • MINISTRY OF DEFENCE • MINISTRY OF INTERIOR • MINISTRY OF FOREIGN AFFAIRS • MINISTRY OF IT • JS HQ • INTELLIGENCE AGENCIES PUBLIC • PAKISTAN SOFTWARE HOUSES ASSOCIATION (PASHA) • INTERNET SERVICE PROVIDERS ASSOCIATION OF PAKISTAN (ISPAK) • PAKISTAN INFORMATION SECURITY ASSOCIATION (PISA) • E COMMERCE ENTREPRENEURS • DIGITAL RIGHTS ACTIVISTS (BOLO BHI) • SOCIAL MEDIA ACTIVISTS • ORDINARY CITIZENS
  • 35. SENATE COMMITTEE FOR DEFENCE ACTION PLAN FOR CYBER SECURE PAKISTAN (JULY 2013) • POINT 1. RELEVANT LEGISLATION TO PRESERVE, PROTECT AND PROMOTE PAKISTAN’S CYBER SECURITY • POINT 2. CYBER SECURITY THREAT TO BE ACCEPTED AND RECOGNIZED AS NEW, EMERGING NATIONAL SECURITY THREAT BY THE GOVERNMENT OF PAKISTAN, SIMILAR TO THREATS LIKE TERRORISM AND MILITARY AGGRESSION • POINT 3. ESTABLISH A NATIONAL COMPUTER EMERGENCY RESPONSE TEAM (PKCERT). • POINT 4. ESTABLISH A CYBER-SECURITY TASK FORCE WITH AFFILIATION WITH MINISTRY OF DEFENCE, MINISTRY OF IT, MINISTRY OF INTERIOR, MINISTRY OF FOREIGN AFFAIRS, MINISTRY OF INFORMATION AND OUR SECURITY ORGANIZATIONS PLUS RELEVANT AND LEADING PROFESSIONALS FROM THE PRIVATE SECURITY SO THAT PAKISTAN CAN TAKE STEPS TO COMBAT THIS NEW EMERGING THREAT AND FORMULATE CYBER SECURITY STRATEGY FOR PAKISTAN. • POINT 5. UNDER THE OFFICE OF THE CHAIRMAN JOINT CHIEFS OF STAFF COMMITTEE, AN INTER- SERVICES CYBER COMMAND SHOULD BE ESTABLISHED TO COORDINATE CYBER SECURITY AND CYBER DEFENCE FOR THE PAKISTAN ARMED FORCES. • POINT 6. WITHIN THE FRAMEWORK OF SAARC, PAKISTAN SHOULD TAKE THE INITIATIVE TO INITIATE TALKS AMONG THE 8-MEMBER STATES PARTICULARLY INDIA TO ESTABLISH ACCEPTABLE NORMS OF BEHAVIOR IN CYBER SECURITY AMONG THE SAARC COUNTRIES SO THAT THESE COUNTRIES ARE NOT ENGAGED IN CYBER WARFARE AGAINST EACH OTHER. • POINT 7. SPECIAL MEDIA WORKSHOPS ON CYBER SECURITY AWARENESS
  • 36. NATIONAL CYBER SECURITY COUNCIL BILL (INTRODUCED 14.04.2014) • WITHIN SIXTY DAYS OF THE ENACTMENT OF THIS ACT, THE SENATE STANDING COMMITTEE ON DEFENCE SHALL CONSTITUTE THE NATIONAL CYBER SECURITY COUNCIL • NO ACT OF THE COUNCIL SHALL BE INVALID BY REASON ONLY OF THE EXISTENCE OF ANY VACANCY AMONG ITS MEMBERS OR ANY DEFECT IN ITS CONSTITUTION DISCOVERED AFTER SUCH ACT OR PROCEEDING OF THE COUNCIL: PROVIDED THAT AS SOON AS SUCH DEFECT HAS BEEN DISCOVERED, THE MEMBER SHALL NOT EXERCISE THE FUNCTIONS OR POWERS OF HIS MEMBERSHIP UNTIL THE DEFECT HAS BEEN RECTIFIED • THE COUNCIL SHALL MEET AT LEAST ONCE IN EACH QUARTER OF A YEAR • THE COUNCIL MAY FROM TIME TO TIME DELEGATE ONE OR MORE OF ITS FUNCTIONS AND POWERS TO ONE OR MORE OF ITS MEMBERS, HOWEVER, UNDER NO CIRCUMSTANCE SHALL BE FURTHER DELEGATED. • DECISIONS OF THE COUNCIL SHALL BE TAKEN BY A MAJORITY OF THE MEMBERS. • SAVE AS PROVIDED HEREIN, THE TERMS AND CONDITIONS OF SERVICE OF THE MEMBERS OF THE COUNCIL SHALL BE SUCH AS MAY BE PRESCRIBED. • CHAIR. CHAIRMAN SENATE STANDING COMMITTEE ON DEFENCE • MEMBERS – FEDERAL GOVT (21) – PRIVATE SECTOR (9)
  • 37. MANDATE OF THE NATIONAL CYBER SECURITY COUNCIL • DEVELOP POLICY, RENDER ADVICE, CONDUCT RESEARCH AND ESTABLISH START UP INITIATIVES • ESTABLISH A NATIONAL CYBER SECURITY STRATEGY WHICH MAY BE UPDATED FROM TIME TO TIME, AS AND WHEN DEEMED APPROPRIATE, BUT NOT LATER THAN EVERY THREE YEARS • ESTABLISH AN INTERNATIONAL CYBER SECURITY STRATEGY WHICH MAY BE UPDATED FROM TIME TO TIME, AS AND WHEN DEEMED APPROPRIATE BUT NOT LATER THAN EVERY THREE YEARS • UNDERTAKE INITIATIVES AS PROVIDED FOR UNDER SECTION 6; • DEVELOP AND DRAFT POLICY, GUIDELINES AND GOVERNANCE MODELS RELATED TO EVER EMERGING CYBER SECURITY THREATS; • ADVISE AND MAKE RECOMMENDATIONS TO THE SENATE AND THE NATIONAL ASSEMBLY, JUDICIARY AND ALL MINISTRIES, DEPARTMENTS AND BRANCHES OF GOVERNMENT ON POLICY AND LEGISLATION WITH RESPECT TO CYBER SECURITY; • MONITOR LEGISLATION AND PROVIDE ADVICE AND RECOMMENDATIONS WITH THE OBJECTIVE OF ENSURING THAT LEGISLATION REFLECTS INTERNATIONAL BEST PRACTICES WITH RESPECT TO CYBER SECURITY; • ADVISE AND MAKE RECOMMENDATIONS TO GOVERNMENT DEPARTMENTS ON MECHANISMS TO IMPLEMENT POLICIES RELATED TO CYBER SECURITY AND MONITOR AND HAVE PERFORMANCE AUDIT CONDUCTED THEREOF; • MAKE RECOMMENDATIONS TO THE GOVERNMENT FOR ADOPTION EITHER THROUGH POLICIES AND REGULATORY MEANS OF STANDARDIZATION, HARMONIZATION AND ACCREDITATION WITH REGARDS TO CRITICAL INFORMATION INFRASTRUCTURE; • COORDINATE AND CONSULT WITH ALL REPRESENTATIVE STATE AND NON-STATE ACTORS ON IMPLEMENTATION OF POLICIES, INITIATIVES AND LEGISLATION ON CYBER SECURITY; • FACILITATE COMMUNICATIONS BETWEEN THE GOVERNMENT AND PRIVATE SECTOR ENTITIES, ACADEMIA, CYBER SECURITY EXPERTS THROUGH MULTI-STAKEHOLDER MEETINGS HELD WITH SUCH FREQUENCY AS DETERMINED NECESSARY BY THE COUNCIL;
  • 38. • ESTABLISH THE ADVISORY GROUPS AS PROVIDED BY SECTION 10 TO PROVIDE NON BINDING INPUT TO THE NATIONAL CYBER SECURITY COUNCIL ON STRATEGIC PLANS AS AND WHEN CALLED UPON TO DO SO FROM TIME TO TIME; • IN PARTICULAR ADVISE, ASSIST, COLLABORATE AND COORDINATE WITH NATIONAL SECURITY APPARATUS OF THE STATE OF PAKISTAN FOR CONTINUALLY IMPROVING THE STATE OF CYBER SECURITY WITH RESPECT TO ALL ASPECTS AND INTERESTS OF THE STATE; • COORDINATE, COLLABORATE AND CONDUCT EXCHANGES WITH INTERNATIONAL BODIES, FORA AND ENTITIES, INTERALIA, IN CONNECTION WITH THE FUNCTIONS AND POWERS HEREIN; • CAUSE RESEARCH AND DEVELOPMENT TO BE CONDUCTED WITH RESPECT TO KALEIDOSCOPIC CYBER SECURITY THREATS, DEVELOPMENTS, BEST PRACTICES AND INTERNATIONAL LAWS AND OBLIGATIONs; • PROMOTE GENERAL AWARENESS WITH RESPECT TO CYBER SECURITY AWARENESS, PARTICULARLY THE IN-HOUSE ROLE AND RESPONSIBILITY OF INDIVIDUALS, CORPORATE ENTITIES AND ORGANIZATIONS ; • DEVELOP A TEN YEAR AND TWENTY YEAR VISION WITH REGARDS TO CYBER SECURITY; • LEGISLATE AND UPDATE SUCH RULES FOR THE INTERNAL ADMINISTRATION AND OPERATIONS OF THE COUNCIL, ITS PERSONNEL AND ADVISORY GROUPS, AS IT MAY CONSIDER APPROPRIATE FOR CARRYING OUT THE PURPOSES OF THIS ACT; • INCLUSIVELY, COLLABORATE WITH THE CORPORATE ENTITIES, PRIVATE SECTOR, CYBER SECURITY ACADEMIA, PROFESSIONALS, CIVIL SOCIETY AND COMMUNITY TO ACHIEVE THE OBJECTIVES; • THE COUNCIL MAY DELEGATE THE FUNCTIONS AND POWERS TO ANY ONE OR MORE OF THE ADVISORY GROUPS, AS IT DEEMS APPROPRIATE.
  • 39. 2015 JOINT STATEMENT BY PRESIDENT BARACK OBAMA AND PRIME MINISTER NAWAZ SHARIF CYBERSECURITY • RECOGNIZING THE OPPORTUNITIES AND CHALLENGES PRESENTED BY INFORMATION AND COMMUNICATIONS, TECHNOLOGIES PRESIDENT OBAMA AND PRIME MINISTER SHARIF AFFIRMED THAT INTERNATIONAL COOPERATION IS ESSENTIAL TO MAKE CYBERSPACE SECURE AND STABLE • BOTH LEADERS ENDORSED THE CONSENSUS REPORT OF THE 2015 UN GROUP OF GOVERNMENTAL EXPERTS IN THE FIELD OF INFORMATION AND TELECOMMUNICATIONS IN THE CONTEXT OF INTERNATIONAL SECURITY • THE LEADERS LOOKED FORWARD TO FURTHER MULTILATERAL ENGAGEMENT, AND DISCUSSION OF CYBER ISSUES AS PART OF THE US-PAKISTAN STRATEGIC DIALOGUE
  • 40. ARCHIT ECTURE POLICY & LAWS FUNDS & RESOURCES AWARENESS & PREPAREDNESS DEVELOPMENT PLAN INTERNATIONAL RELATIONS NATIONAL CYBER SECURITY COUNCIL TO BE MADE PART OF THE NSA PK CERT TO BE ESTABLISHED WITHOUT FURTHER DELAY COMPREHENSIVE CYBER SECURITY POLICY TO COORDINATE & ENSURE ALL CYBER MATTERS WHILE ADDRESSING THE CITIZEN’S RIGHT TO PRIVACY GOVERNMENT SHOULD ALLOCATE ADEQUATE FUNDS & RESOURCES FOR CYBER SECURITY PROPOSALS CYBER SECURITY AWARENESS TO BE CREATED WITHIN THE GOVT, CORPORATE SECTOR, INDUSTRY, PRIVATE BUSINESSES & ACADEMIA •DEVELOP OWN HARDWARE & INFRASTRUCTURE •DEVELOP INDEPENDENT OS FOR THE ARMED FORCES & SECURITY ORGANIZATIONS •IN THE LONGTERM DEVELOP OWN INTERNET •BRING FORTH NATIONAL VIEWPOINT ACCURATELY IN THE UN GGE & OTHER INTERNATIONAL MEETINGS •CONCLUDE CYBER CBMs WITH INDIA (SAARC SUMMIT 2016)
  • 41. PROPOSED CYBER COMMAND CYBERCOM ARMY AIR FORCE NAVY SECTT
  • 42.
  • 43. EXAMPLES OF CYBER ATTACKS & THEIR IMPACT ON NATIONAL SECURITY THE CASE OF ESTONIA (APRIL 2007) • ESTONIA RELOCATED THE BRONZE SOLDIER OF TALLINN, A SOVIET- ERA GRAVE MARKER TO THE ANNOYANCE OF THE RUSIANS • A SERIES OF CYBER ATTACKS WERE LAUNCHED AGAINST ESTONIA SWAMPING WEBSITES OF ORGANIZATIONS, INCLUDING THE PARLIAMENT, BANKS, MINISTRIES, NEWSPAPERS AND BROADCAST STATIONS • DISTRIBUTED DENIAL OF SERVICE (DDOS) LAUNCHED AGAINST THE GENERAL PUBLIC, RANGING FROM SINGLE INDIVIDUALS USING VARIOUS METHODS LIKE PING FLOODS TO EXPENSIVE RENTALS OF BOTNETS USUALLY USED FOR SPAM DISTRIBUTION • SPAMMING OF BIGGER NEWS PORTALS COMMENTARIES AND DEFACEMENTS INCLUDING THAT OF THE ESTONIAN REFORM PARTY WEBSITE
  • 44. CYBER & PHYSICAL ATTACK ON GEORGIA • 20 JULY 2008. ZOMBIE COMPUTERS ATTACK GEORGIAN NETWORKS. WEBSITE OF THE GEORGIAN PRESIDENT SUFFER OVERLOAD & IS TAKEN DOWN FOR 24 HOURS. TRAFFIC DIRECTED AT THE WEBSITE INCLUDED THE PHRASE "WIN+LOVE+IN+RUSIA”. • 5 AUGUST. GEORGIAN NEW AGENCIES AND TELEVISION STATIONS HACKED. • 5 AUGUST. TERRORIST ATTACK ON BAKU–TBILISI–CEYHAN PIPELINE SUBJECTED TO A TERRORIST ATTACK NEAR REFAHIYE IN TURKEY COUPLED WITH A SOPHISTICATED COMPUTER ATTACK ON LINE'S CONTROL AND SAFETY SYSTEMS THAT CAUSE AN INCREASE IN PRESSURE AND EXPLOSION. • 7-8 AUGUST. MANY GEORGIAN INTERNET SERVERS UNDER EXTERNAL CONTROL • 9 AUGUST. KEY SECTIONS OF GEORGIA'S INTERNET TRAFFIC REROUTED THROUGH SERVERS BASED IN RUSSIA AND TURKEY, WHERE THE TRAFFIC IS EITHER BLOCKED OR DIVERTED. RUSSIAN AND TURKISH SERVERS ARE ALLEGEDLY CONTROLLED BY THE RUSSIAN HACKERS. • 10 AUGUST. RIA NOVOSTI NEWS AGENCY'S WEBSITE DISABLED FOR SEVERAL HOURS • 10 AUGUST. MANY ONLINE GEORGIAN SITES SUSPECTED TO BE FAKE • 11 AUGUST. GEORGIA ACCUSES RUSSIA OF WAGING CYBER WARFARE ON GEORGIAN GOVERNMENT WEBSITES SIMULTANEOUSLY WITH A MILITARY OFFENSIVE • 14 AUGUST. CEASEFIRE
  • 45. NORTH KOREAN ATTACK ON SONY PICTURES• NOVEMBER 24, 2014. CONFIDENTIAL DATA BELONGING TO SONY PICTURES ENTERTAINMENT RELEASED • DATA INCLUDES PERSONAL INFORMATION ABOUT THE EMPLOYEES AND THEIR FAMILIES, E-MAILS BETWEEN EMPLOYEES, INFORMATION ABOUT EXECUTIVE SALARIES, COPIES OF (PREVIOUSLY) UNRELEASED SONY FILMS, AND OTHER INFORMATION • HACKERS CALLING THEMSELVES GUARDIANS OF PEACE (GOP) DEMAND CANCELLATION OF PLANNED RELEASE OF THE INTERVIEW, A COMEDY FILM ABOUT A PLOT TO ASSASSINATE NORTH KOREAN LEADER KIM JONG-UN • US BLAME NORTH KOREA FOR THE HACKING. NORTH KOREANS DENY COMPLICITY. SOME CYBERSECURITY EXPERTS CAST DOUBT ON THE EVIDENCE, ALTERNATIVELY BLAMING CURRENT OR FORMER SONY OFFICIALS FOR THE BREACH
  • 46. US CYBER ATTACKS AGAINST NORTH KOREA
  • 47. STUXNET ATTACK • STUXNET, A COMPUTER WORM WAS DISCOVERED IN JUNE 2010 • IT IS DESIGNED TO ATTACK INDUSTRIAL PROGRAMMABLE LOGIC CONTROLLERS (PLCs) • PLCs ALLOW THE AUTOMATION OF ELECTROMECHANICAL PROCESSES SUCH AS THOSE USED TO CONTROL MACHINERY ON FACTORY ASSEMBLY LINES, AMUSEMENT RIDES, OR CENTRIFUGES FOR SEPARATING NUCLEAR MATERIAL • EXPLOITING FOUR ZERO-DAY FLAWS, STUXNET FUNCTIONS BY TARGETING MACHINES USING THE MICROSOFT WINDOWS OPERATING SYSTEM AND NETWORKS, THEN SEEKING OUT SIEMENS STEP7 SOFTWARE • STUXNET IS TYPICALLY INTRODUCED TO THE TARGET ENVIRONMENT VIA AN INFECTED USB FLASH DRIVE • STUXNET COMPROMISED IRANIAN PLCs, COLLECTING INFORMATION ON INDUSTRIAL SYSTEMS AND CAUSING THE FAST- SPINNING CENTRIFUGES TO TEAR THEMSELVES APART, DESTROYING ALMOST ONE-FIFTH OF IRAN'S NUCLEAR CENTRIFUGES
  • 48. SPOOFING OF AMERICAN DRONE OVERFLYING IRAN • ON 4 DECEMBER 2011 AN AMERICAN RQ170 SENTINEL UAV WAS SPOOFED AND FORCED TO LAND IN EASTERN IRAN • AIRCRAFT WAS DETECTED IN IRANIAN AIRSPACE 225 KILOMETERS (140 MI) FROM THE BORDER WITH AFGHANISTAN • ON 9 DECEMBER 2011, IRAN LODGED A FORMAL COMPLAINT TO THE UN SECURITY COUNCIL OVER THE UAV VIOLATING ITS AIRSPACE • ON 12 DECEMBER 2011, US ADMINISTRATION ASKED IRAN TO RETURN THEIR DRONE. IRANIANS REFUSED.
  • 49. WHAT IS SPOOFING? • SPOOFING IS THE CREATION OF TCP/IP PACKETS USING SOMEBODY ELSE'S IP ADDRESS • ROUTERS USE THE DESTINATION IP ADDRESS IN ORDER TO FORWARD PACKETS THROUGH THE INTERNET, BUT IGNORE THE SOURCE IP ADDRESS • THAT ADDRESS IS ONLY USED BY THE DESTINATION MACHINE WHEN IT RESPONDS BACK TO THE SOURCE
  • 50. DATA BREACH – US OFFICE OF THE PERSONNEL MANAGEMENT (OPM) • DATA BREACH STARTING MARCH 2014, AND POSSIBLY EARLIER, NOTICED BY THE OPM IN APRIL 2015 • IN JUNE 2015, OPM ANNOUNCED THAT IT HAD BEEN THE TARGET OF A DATA BREACH EFFECTING THE RECORDS OF AS MANY AS FOUR MILLION PEOPLE. LATER, FBI PUT THE NUMBER AT 18 MILLION. • INFORMATION TARGETED IN THE BREACH INCLUDED PERSONAL INFORMATION SUCH AS SOCIAL SECURITY NUMBERS, AS WELL AS NAMES, DATES AND PLACES OF BIRTH, AND ADDRESSES. • THE HACK ALSO INVOLVED THEFT OF DETAILED BACKGROUND SECURITY- CLEARANCE-RELATED BACKGROUND INFORMATION OF PEOPLE DEPLOYED ON SENSITIVE MISSIONS • ON JULY 9, 2015, THE ESTIMATE OF THE NUMBER OF STOLEN RECORDS INCREASED TO 21.5 MILLION. THIS INCLUDED RECORDS OF PEOPLE WHO HAD UNDERGONE BACKGROUND CHECKS, BUT WHO WERE NOT NECESSARILY CURRENT OR FORMER GOVERNMENT EMPLOYEES. • SOON AFTER, KATHERINE ARCHULETA, THE DIRECTOR OF OPM, AND FORMER NATIONAL POLITICAL DIRECTOR FOR BARACK OBAMA'S 2012 REELECTION CAMPAIGN, RESIGNED
  • 51. CYBER WARGAME SCENARIO IN A CYBER WARGAME CONDUCTED IN THE US IN JULY 2015 • THE SCENARIO IN THE WAR GAME BEGAN WITH A MAJOR EARTHQUAKE HITTING SOUTHERN CALIFORNIA • FOLLOWED BY A SERIES OF COORDINATED CYBERATTACKS, INCLUDING OIL AND GAS PIPELINE DISRUPTION • INTERFERENCE AT A MAJOR COMMERCIAL PORT IN THE U.K. • ATTACKS ON PENTAGON NETWORKS • A FREEZE ON ACCESS TO CASH AT BANKS AND LONG LINES FOR FOOD AT STORES.
  • 52. CYBER ATTACKS BY NON STATE ACTORS
  • 53. CYBER CBMs • CYBER SECURITY IS A NON-CONTERVERSIAL AREA BUT HAS THE POTENTIAL OF CONFLICT • THERE IS NO CYBER SECURITY COOPERATION IN SOUTH ASIA • ISSUE NEEDS TO BE PUT ON THE AGENDA OF THE NEXT SAARC SUMMIT