Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Discussing Cyber Risk with the World Economic Forum’s Risk Response Network
OAS Members Focus on Cybersecurity Across the Americas
Interview with Michael de Crespigny
Partner Profile: Lockheed MarHn
Calendar of Events
Discussing Cyber Risks with the World Economic Forum’s Risk Response Network
The World Economic Forum’s Risk Response Network hosted an event in Geneva on 11-‐12 June in which over 100 parHcipants across various sectors took part.
scale of 1 to 7; the majority of the dimensions were rated between 3 to 4.
As part of the programme, the PCR hosted two breakout sessions on: • Macroeconomic trends to
define the cyber ecosystem • PotenHal soluHon sets for
individual insHtuHons and systemically
During the first session, parHcipaHon far exceeded the capacity of the room, with over 30 individuals from several sectors. Together, the group reviewed a sample set of macroeconomic drivers and trends that they believe will define the future cyber ecosystem. The list includes: • Mo#va#ons, such as level of
distrust, interstate tensions, corporate IP theY and deterrents to cyber crime
• Mechanisms, including the democraHzaHon of technology and the balance between offensive and defensive technology
• Mi#ga#ons, such as the sophisHcaHons of insHtuHons, interstate cooperaHon and sophisHcaHon of users
Based on discussions, the group then rated the dimensions on a
During the second session, the group explored potenHal soluHon sets aligned against the three priority areas that were recommended during the previous year: • InformaHon sharing • CriHcal infrastructure • Policy development
Along with acHons that individual insHtuHons could take to address the risks from cyber a]acks, the group reviewed proposed soluHon samples and added several addiHonal components based on what they felt the impacts were, the likelihood and their organizaHon's commitment level. Overall, feedback was posiHve. Many believed that each of the soluHons were impac_ul, however difficult to implement.
1
Partnering for Cyber Resilience July 2013 Newsletter
OAS members focus on cybersecurity across the Americas
Partnering for Cyber Resilience July 2013 Newsletter
ParHcipants represenHng 25 OAS Member States, along with senior government officials, policy-‐makers, experts in cyber incident management, private sector representaHves and members of civil society organizaHons, gathered in Washington DC on 25 June to exchange experiences and lessons learned from their own perspecHves in regards to cybersecurity.
The event took over 120 representaHves through a series of breakout sessions and key note presentaHons focused on: • IdenHfying the threats and
challenges facing the hemisphere’s financial enHHes and sharing best pracHces as encountered by parHcipants
• Establishing public-‐private partnerships and the various avenues for regional cooperaHon iniHaHves
Keynote Presenta#ons From plaguing computer systems and soYware to targeHng cell phones applicaHons, presenters explained how cyber crimes are evolving. In parHcular, they highlighted trends in the following areas: • Mobile/malware proximity a]acks • Cross-‐pla_orm a]acks • Man-‐in-‐the-‐browser a]acks • Watering hole a]acks • Mac a]acks • Cloud a]acks
For LaHn America in parHcular, these included: • MulHpurpose malware that
compromised routers • Growth in Web-‐based a]acks • Financial sector as primary target • Development of regional malware • New era of sophisHcaHon: PiceBot • ICS a]acks flourishing
Threats, Challenges and Best Prac#ces The discussion shed light on the depth and scope of various technological instruments threatening cyberspace, placing emphasis on the implicaHons for the financial sector, economic loss and potenHal or real inhibited investment, development or compeHHveness.
ParHcipants stressed the growing cybersecurity threat within the context of increased use and reliance on electronic public and private services. AddiHonally, since most economic transacHons can be made online, there is an increased chance for hackers to penetrate financial insHtuHons, especially when governments are weak or lack the infrastructure and informaHon necessary to adequately miHgate risks.
A few of the specific threats and challenges idenHfied include a slow response Hme, financial constraints and lack of educaHon. The group also ranked the current status and where the cyber ecosystem will be in 5-‐7 years.
Types of Coopera#on The group idenHfied specific recommendaHons for types of cooperaHon around criHcal infrastructure, insHtuHonal readiness and policy development. • Cri$cal infrastructure: The group
recommended creaHng cross-‐sector task forces to partner with governments to define the roles and responsibiliHes for protecHon, clear doctrine for a]acks and the creaHon of naHonal CERTs
• Ins$tu$onal readiness: ParHcipants discussed the importance of deploying acHve defenses, mutual collaboraHon with law enforcement, prioriHzing informaHon assets and bringing in first-‐line personnel to address vulnerabiliHes
• Policy development: ParHcipants from the public and private sectors believe that this requires strong support from all parHes, and that there is a need for countries to adopt legal frameworks to protect users rights and establish consequences for cybercriminals. There is also a need to harmonize this across LaHn America and globally.
2
Michael de Crespigny, CEO of Information Security Forum, on joining the Partnering for Cyber Resilience initiative
Partnering for Cyber Resilience July 2013 Newsletter
3
Lockheed Martin at 30th International Workshop on Global Security
About InformaHon Security Forum
The InformaHon Security Forum is an independent, non-‐profit with membership comprising the world's leading organizaHons. It is dedicated to invesHgaHng, clarifying and resolving key issues in informaHon security and risk management by developing best pracHce methodologies, processes and soluHons to meet the needs of its members.
“Our mo(va(on is to make is as easy as possible for our members and contacts to have the conversa(ons they need to and ensure that they have all that they need to be successful.”
-‐ Michael de Crespigny, Chief Execu$ve Officer, Informa$on Security Forum, United Kingdom
The Partnering for Cyber Resilience (PCR) iniHaHve recently welcomed the InformaHon Security Forum as a new signatory. Working primarily with chief informaHon security officers, the company has noted the challenge of discussing cyber risk and resiliency with senior leadership within member organizaHons.
Part of the value of the PCR , Michael de Crespigny shared, is that it raises awareness at the board level, leading to an audience that is be]er informed and thus be]er educated on the topic. This is something that the InformaHon Security Forum has been commi]ed to doing for its members for a number of years. However, its members have found it difficult to gain tracHon in the conversaHon.
For de Crespigny, the topic has always been a risk issue. The problem being that for many components, risk is a black hole unless experienced first-‐hand.
It will really take a shiY in the mentality of individuals, de Crespigny noted. In the current environment, there are technical people with limited business strategy experience and those who have responsibiliHes for business strategies but have a limited technical background. The group overall will have work to bridge the gaps so that strong risk assessments with qualified personnel can be conducted as well as address vulnerabiliHes head on.
“There is a lot of innovaHon taking place in how technology is being used. It allows organizaHons to be more involved, but also brings in more risk. We will have to work to ensure that those who are working to address those issues have the tools and resources they need,” de Crespigny said
“Cyber resilience is a cri(cal economic enabler for countries and a driving force behind interna(onal collabora(on.” -‐ Haden Land, Vice-‐President, Engineering and Chief Technology Officer, Lockheed MarHn IS&GS – Civil
Haden Land, Vice-‐President, Engineering and Chief Technology Officer, Lockheed MarHn IS&GS – Civil, took part in the 30th InternaHonal Workshop on Global Security on 24-‐26 June in Paris, France. Defense ministers, generals, ambassadors, NATO/EU officials and industry chief execuHves from 25 countries parHcipated in the meeHng, including Jean-‐Yves Le Drian, Minister of Defense of France, Giorgio Napolitano, President of Italy, Giampaolo Di Paola, Minister of Defense of Italy, Rüdiger Wolf, Ministry of Defense of Germany, Mehmt Vecdi Gönül, Minister of Defense of Turkey, Ignazio La Russa, Minister of Defense of Italy.
Land delivered a talk on “Cyber Space: Addressing the TacHcal and Influencing the Future”. In his speech, he outlined global security trends and challenges of global cyber metrics, focusing on evolving bad actors and threat vectors, as well as innovaHons and exisHng best pracHces in cyberspace. He also discussed his vision of cyberspace in 10 years.
More informaHon about the event: h]p://csdr.org/
Land also provided recommendaHons developed during a Forum workshop in San Francisco in May 2013, where parHcipants assessed the feasibility of the Center for Disease Control for Cyber.
Calendar of Events 2013
4
• The first Partnership for Cyber Resilience working group calls took place on 26 June across Europe, Asia and the Americas. To parHcipate in a future session, please inform us by e-‐mail at [email protected].
• The Forum will also be seeking to enable task forces over the coming week and is asking members of the PCR iniHaHve to complete the following survey to be]er enable appropriate communicaHons.
• The calendar below shows a selecHon of opportuniHes for your engagement. If you would like to add your event to the calendar, please inform the team. The calendar is updated regularly.
• The Forum accepts blog posts proposals for its award-‐winning blog h]p://forumblog.org/.
Partnering for Cyber Resilience July 2013 Newsletter
Global Risks Workshop Geneva 11-‐12 June
Annual Mee#ng of New Champions 2013 Dalian, People’s Republic of China 11-‐13 Sept.
Annual Mee#ng 2014 Davos, Switzerland 22-‐26 Jan.
Americas Regional Summit North America Early Nov.
EMEA Regional Summit Europe Early Nov.
Asia Regional Summit Europe Early Nov.
Financial Services Dialogue North America TBC
Healthcare Dialogue North America TBC
Advanced Industries Dialogue EU/Asia TBC
High-‐Tech/ Manufacturing Dialogue North America TBC
Infrastruc-‐ture, Resouces, and U#li#es Dialogue North America TBC
OAS Workshop WashgingtonDC 26 June
CDC for Cyber San Francisco 14 May
Cyberspace Summit Korea Oct. OAS Work-‐shop Chile Early Oct.
June July September October November December August May January
Forum-‐led events
Project Dia-‐logues
Com-‐munity-‐led events
BlackHat USA Las Vegas, USA 28 July
*Planned
The Grand Conference Amsterdam Nov. 5
Telecommunications
Retail & Consumer Goods
Professional Services
Private Investors
Media, Entertainment & Information
Insurance & Asset Management
IT
Supply Chain & Transport
Banking & Capital Markets
Chemicals
Agriculture, Food & Beverage
Multi-Industry
Mining & Metals
Aviation & Travel
Energy Utilities & Technology
Government & Not-for-Profit
Partnering for Cyber Resilience Summer2013 Newsletter
Partnership for Cyber Resilience
Is your logo incorrect or missing? Please tell the team.
Automotive
5
The World Economic Forum is an independent internaHonal organizaHon commi]ed to improving the state of the world by engaging business, poliHcal, academic and other leaders of society to shape global, regional and industry agendas.
Incorporated as a not-‐for-‐profit foundaHon in 1971 and headquartered in Geneva, Switzerland, the Forum is Hed to no poliHcal, parHsan or naHonal interests.
Contact: Elena Kvochko Project Manager, IT Industry, Partnership for Cyber Resilience Lead [email protected]
Partnering for Cyber Resilience The Partnering for Cyber Resilience iniHaHve seeks to build a community of private and public sector leaders who join forces to deal with the new risks and responsibiliHes of the hyperconnected world. Together they support the Principles for Cyber Resilience iniHaHve, leading cyber risk management for their organizaHons, and with the public sector, for society as a whole.
Sincere thanks are extended to the experts who contributed their unique insights to this iniHaHve.
For the latest informaHon on the Partnering for Cyber Resilience iniHaHve, please visit: weforum.org/cyber
6