Discussing  Cyber  Risk  with  the  World  Economic  Forum’s  Risk  Response  Network  

OAS  Members  Focus  on  Cybersecurity  Across  the  Americas  

Interview  with  Michael  de  Crespigny  

Partner  Profile:  Lockheed  MarHn  

Calendar  of  Events  

 

   

Discussing Cyber Risks with the World Economic Forum’s Risk Response Network

The  World  Economic  Forum’s  Risk  Response  Network  hosted  an  event  in  Geneva  on  11-­‐12  June  in  which  over  100  parHcipants  across  various  sectors  took  part.    

scale  of  1  to  7;  the  majority  of  the  dimensions  were  rated  between  3  to  4.  

As  part  of  the    programme,  the  PCR  hosted  two  breakout  sessions    on:  •  Macroeconomic  trends    to  

define  the  cyber  ecosystem  •  PotenHal  soluHon  sets  for  

individual  insHtuHons  and  systemically    

During  the  first  session,  parHcipaHon  far  exceeded  the  capacity  of  the  room,  with  over  30  individuals    from  several  sectors.  Together,    the  group  reviewed  a  sample  set  of  macroeconomic  drivers  and  trends  that  they  believe  will  define  the  future    cyber  ecosystem.  The  list  includes:  •  Mo#va#ons,  such  as  level  of  

distrust,  interstate  tensions,  corporate  IP  theY  and  deterrents  to  cyber  crime  

•  Mechanisms,  including  the  democraHzaHon  of  technology  and  the  balance  between  offensive  and  defensive  technology  

•  Mi#ga#ons,  such  as  the  sophisHcaHons  of  insHtuHons,  interstate  cooperaHon  and  sophisHcaHon  of  users  

Based  on  discussions,  the  group  then  rated  the  dimensions  on  a    

During  the  second  session,  the  group  explored  potenHal  soluHon  sets  aligned  against  the  three  priority  areas  that  were  recommended  during  the  previous  year:    •  InformaHon  sharing  •  CriHcal  infrastructure  •  Policy  development  

Along  with  acHons  that  individual  insHtuHons  could  take  to  address  the  risks  from  cyber  a]acks,  the  group  reviewed  proposed  soluHon  samples  and  added  several  addiHonal  components  based  on  what  they  felt  the  impacts    were,  the  likelihood  and  their  organizaHon's  commitment  level.      Overall,  feedback  was  posiHve.  Many  believed  that  each  of  the  soluHons  were  impac_ul,  however  difficult  to  implement.  

1  

Partnering for Cyber Resilience July 2013 Newsletter

OAS members focus on cybersecurity across the Americas

Partnering for Cyber Resilience July 2013 Newsletter

ParHcipants  represenHng  25  OAS  Member  States,  along  with  senior  government  officials,  policy-­‐makers,  experts  in  cyber  incident  management,  private  sector  representaHves  and  members  of  civil  society  organizaHons,  gathered  in  Washington  DC  on  25  June  to  exchange  experiences  and  lessons  learned  from  their  own  perspecHves  in  regards  to  cybersecurity.    

The  event  took  over  120  representaHves  through  a  series  of  breakout  sessions  and  key  note  presentaHons  focused  on:  •  IdenHfying  the  threats  and  

challenges  facing  the  hemisphere’s  financial  enHHes  and  sharing  best  pracHces  as  encountered  by  parHcipants  

•  Establishing  public-­‐private  partnerships  and  the  various  avenues  for  regional  cooperaHon  iniHaHves  

Keynote  Presenta#ons  From  plaguing  computer  systems  and  soYware  to  targeHng  cell  phones  applicaHons,  presenters  explained  how  cyber  crimes  are  evolving.  In  parHcular,  they  highlighted  trends  in  the  following  areas:  •  Mobile/malware  proximity  a]acks  •  Cross-­‐pla_orm  a]acks  •  Man-­‐in-­‐the-­‐browser  a]acks  •  Watering  hole  a]acks  •  Mac  a]acks  •  Cloud  a]acks    

For  LaHn  America  in  parHcular,  these  included:    •  MulHpurpose  malware  that  

compromised  routers  •  Growth  in  Web-­‐based  a]acks  •  Financial  sector  as  primary  target  •  Development  of  regional  malware  •  New  era  of  sophisHcaHon:  PiceBot  •  ICS  a]acks  flourishing  

Threats,  Challenges  and  Best  Prac#ces  The  discussion  shed  light  on  the  depth  and  scope  of  various  technological  instruments  threatening  cyberspace,  placing  emphasis  on  the  implicaHons  for  the  financial  sector,  economic  loss  and  potenHal  or  real  inhibited  investment,  development  or  compeHHveness.    

ParHcipants  stressed  the  growing  cybersecurity  threat  within  the  context  of  increased  use  and  reliance  on  electronic  public  and  private  services.  AddiHonally,  since  most  economic  transacHons  can  be  made  online,  there  is  an  increased  chance  for  hackers  to  penetrate  financial  insHtuHons,  especially  when  governments  are  weak  or  lack  the  infrastructure  and  informaHon  necessary  to  adequately  miHgate  risks.    

A  few  of  the  specific  threats  and  challenges  idenHfied  include  a  slow  response  Hme,  financial  constraints  and  lack  of  educaHon.  The  group  also    ranked  the  current  status  and  where  the  cyber  ecosystem  will  be  in  5-­‐7  years.  

Types  of  Coopera#on    The  group  idenHfied  specific  recommendaHons  for  types  of  cooperaHon  around  criHcal  infrastructure,  insHtuHonal  readiness  and  policy  development.  •  Cri$cal  infrastructure:    The  group  

recommended  creaHng  cross-­‐sector  task  forces  to  partner  with  governments  to  define  the  roles  and  responsibiliHes  for  protecHon,  clear  doctrine  for  a]acks  and  the  creaHon  of  naHonal  CERTs  

•  Ins$tu$onal  readiness:  ParHcipants  discussed  the  importance  of  deploying  acHve  defenses,  mutual  collaboraHon  with  law  enforcement,  prioriHzing  informaHon  assets  and  bringing  in  first-­‐line  personnel  to  address  vulnerabiliHes  

•  Policy  development:  ParHcipants  from  the  public  and  private  sectors  believe  that  this  requires  strong  support  from  all  parHes,  and  that  there  is  a  need  for  countries  to  adopt  legal  frameworks  to  protect  users  rights  and  establish  consequences  for  cybercriminals.  There  is  also  a  need  to  harmonize  this  across  LaHn  America  and  globally.  

2  

Michael de Crespigny, CEO of Information Security Forum, on joining the Partnering for Cyber Resilience initiative

Partnering for Cyber Resilience July 2013 Newsletter

3  

Lockheed Martin at 30th International Workshop on Global Security

About  InformaHon  Security  Forum    

The  InformaHon  Security  Forum  is  an  independent,  non-­‐profit  with  membership  comprising  the  world's  leading  organizaHons.  It  is  dedicated  to  invesHgaHng,  clarifying  and  resolving  key  issues  in  informaHon  security  and  risk  management  by  developing  best  pracHce  methodologies,  processes  and  soluHons  to  meet  the  needs  of  its  members.  

“Our  mo(va(on  is  to  make  is  as  easy  as  possible  for  our  members  and  contacts  to  have  the  conversa(ons  they  need  to  and  ensure  that  they  have  all  that  they  need  to  be  successful.”    

-­‐  Michael  de  Crespigny,  Chief  Execu$ve  Officer,  Informa$on  Security  Forum,  United  Kingdom  

The  Partnering  for  Cyber  Resilience  (PCR)    iniHaHve  recently  welcomed  the  InformaHon  Security  Forum  as  a  new  signatory.  Working  primarily  with  chief  informaHon  security  officers,  the  company  has  noted  the  challenge  of  discussing  cyber  risk  and  resiliency  with  senior  leadership  within  member  organizaHons.    

Part  of  the  value  of  the  PCR  ,  Michael  de  Crespigny  shared,  is    that  it  raises  awareness  at  the  board  level,  leading  to  an  audience  that  is  be]er  informed  and  thus  be]er    educated  on  the  topic.  This  is  something  that  the  InformaHon  Security  Forum  has  been  commi]ed  to  doing  for  its  members    for  a  number  of  years.  However,  its  members  have  found  it  difficult  to  gain  tracHon  in  the  conversaHon.    

For  de  Crespigny,  the  topic  has  always  been  a  risk  issue.  The  problem  being  that  for  many  components,  risk  is  a  black  hole  unless  experienced  first-­‐hand.    

It  will  really  take  a  shiY  in  the  mentality  of  individuals,  de  Crespigny  noted.  In  the  current  environment,  there  are  technical  people  with  limited  business  strategy  experience  and  those  who  have  responsibiliHes  for  business  strategies  but  have  a  limited  technical  background.      The  group  overall  will  have  work  to  bridge  the  gaps  so  that  strong  risk  assessments    with  qualified  personnel  can  be  conducted  as  well  as  address  vulnerabiliHes  head  on.  

“There  is  a  lot  of  innovaHon  taking  place  in  how  technology  is  being  used.  It  allows  organizaHons  to  be  more  involved,  but  also  brings  in  more  risk.  We  will  have  to  work  to  ensure  that  those  who  are  working  to  address  those  issues  have  the  tools  and  resources  they  need,”  de  Crespigny  said  

“Cyber  resilience  is  a  cri(cal  economic  enabler  for  countries  and  a  driving  force  behind  interna(onal  collabora(on.”    -­‐  Haden  Land,  Vice-­‐President,  Engineering  and  Chief  Technology  Officer,  Lockheed  MarHn            IS&GS  –  Civil  

Haden  Land,  Vice-­‐President,  Engineering  and  Chief  Technology  Officer,  Lockheed  MarHn  IS&GS  –  Civil,  took  part  in  the  30th  InternaHonal  Workshop  on  Global  Security  on  24-­‐26  June  in  Paris,  France.  Defense  ministers,  generals,  ambassadors,  NATO/EU  officials  and  industry  chief  execuHves  from  25  countries  parHcipated  in  the  meeHng,  including  Jean-­‐Yves  Le  Drian,  Minister  of  Defense  of  France,  Giorgio  Napolitano,  President  of  Italy,  Giampaolo  Di  Paola,  Minister  of  Defense  of  Italy,  Rüdiger  Wolf,  Ministry  of  Defense  of  Germany,  Mehmt  Vecdi  Gönül,  Minister  of  Defense  of  Turkey,  Ignazio  La  Russa,  Minister  of  Defense    of  Italy.    

Land  delivered  a  talk  on  “Cyber  Space:  Addressing  the  TacHcal  and  Influencing  the  Future”.  In  his  speech,  he  outlined  global  security  trends  and  challenges  of  global  cyber  metrics,  focusing  on  evolving  bad  actors  and  threat  vectors,  as  well  as  innovaHons    and  exisHng  best  pracHces  in  cyberspace.  He  also  discussed  his  vision  of  cyberspace  in  10  years.    

More  informaHon  about  the  event:  h]p://csdr.org/    

Land  also  provided  recommendaHons  developed  during  a  Forum  workshop  in  San  Francisco  in  May  2013,  where  parHcipants  assessed  the  feasibility  of  the  Center  for  Disease  Control  for  Cyber.    

Calendar of Events 2013

4  

•  The    first  Partnership  for  Cyber  Resilience  working  group  calls    took  place  on  26  June  across  Europe,  Asia  and  the  Americas.  To  parHcipate  in  a  future  session,  please  inform  us  by  e-­‐mail  at  cyberresilience@weforum.org.    

•  The  Forum  will  also  be  seeking  to  enable  task  forces  over  the  coming  week  and  is  asking  members  of  the  PCR  iniHaHve  to  complete  the  following  survey  to  be]er  enable  appropriate  communicaHons.  

•  The  calendar  below  shows  a  selecHon  of  opportuniHes  for  your  engagement.  If  you  would  like  to  add  your  event  to  the  calendar,  please  inform  the  team.  The  calendar  is  updated  regularly.  

•  The  Forum  accepts  blog  posts  proposals  for  its  award-­‐winning  blog  h]p://forumblog.org/.    

Partnering for Cyber Resilience July 2013 Newsletter

Global  Risks  Workshop    Geneva  11-­‐12  June  

Annual  Mee#ng  of  New  Champions  2013    Dalian,  People’s  Republic  of  China  11-­‐13  Sept.  

Annual  Mee#ng  2014    Davos,  Switzerland    22-­‐26  Jan.  

Americas  Regional  Summit    North  America  Early  Nov.  

EMEA  Regional  Summit    Europe  Early  Nov.  

Asia  Regional  Summit    Europe  Early  Nov.  

Financial  Services  Dialogue  North  America  TBC  

Healthcare  Dialogue    North  America  TBC  

Advanced  Industries  Dialogue    EU/Asia  TBC  

High-­‐Tech/  Manufacturing  Dialogue    North  America  TBC  

Infrastruc-­‐ture,  Resouces,  and  U#li#es  Dialogue  North  America  TBC  

OAS  Workshop    WashgingtonDC  26  June  

CDC  for  Cyber  San    Francisco  14  May  

Cyberspace  Summit  Korea  Oct.  OAS    Work-­‐shop  Chile  Early  Oct.  

June   July   September   October   November   December  August  May   January  

Forum-­‐led  events  

Project  Dia-­‐logues  

Com-­‐munity-­‐led  events  

BlackHat    USA  Las  Vegas,  USA  28  July  

*Planned  

The  Grand  Conference  Amsterdam  Nov.  5  

Telecommunications

Retail & Consumer Goods

Professional Services

Private Investors

Media, Entertainment & Information

Insurance & Asset Management

IT

Supply Chain & Transport

Banking & Capital Markets

Chemicals

Agriculture, Food & Beverage

Multi-Industry

Mining & Metals

Aviation & Travel

Energy Utilities & Technology

Government & Not-for-Profit

Partnering for Cyber Resilience Summer2013 Newsletter

Partnership for Cyber Resilience

Is your logo incorrect or missing? Please tell the team.

Automotive

5  

The  World  Economic  Forum  is  an  independent  internaHonal  organizaHon  commi]ed  to  improving  the  state  of  the  world  by  engaging  business,  poliHcal,  academic  and  other  leaders  of  society  to  shape  global,  regional  and  industry  agendas.      

Incorporated  as  a  not-­‐for-­‐profit  foundaHon  in  1971  and  headquartered  in  Geneva,  Switzerland,  the  Forum  is  Hed  to  no  poliHcal,  parHsan  or  naHonal  interests.  

Contact:  Elena  Kvochko  Project  Manager,  IT  Industry,  Partnership  for  Cyber  Resilience  Lead  cyberresilience@weforum.org    

Partnering  for  Cyber  Resilience    The  Partnering  for  Cyber  Resilience  iniHaHve  seeks  to  build  a  community  of  private  and  public  sector  leaders  who  join  forces  to  deal  with  the  new  risks  and  responsibiliHes  of  the  hyperconnected  world.  Together  they  support  the  Principles  for  Cyber  Resilience  iniHaHve,  leading  cyber  risk  management  for  their  organizaHons,  and  with  the  public  sector,  for  society  as  a  whole.    

Sincere  thanks  are  extended  to  the  experts  who  contributed  their  unique  insights  to  this  iniHaHve.    

For  the  latest  informaHon  on  the  Partnering  for  Cyber  Resilience  iniHaHve,  please  visit:  weforum.org/cyber  

6