Cybersecurity: Public Sector Threats and Responses
Download as PPT, PDF0 likes1,323 views
The presentation discusses cybersecurity threats in the public sector, highlighting the convergence of globalization, connectivity, and e-government as key factors. It categorizes cyber threats into politically and non-politically motivated types and emphasizes the need for public sector responses that consider transparency, privacy, and collaboration with stakeholders. The conclusion calls for a comprehensive approach to improving cybersecurity awareness, capacity building, and robust policy measures to enable better understanding and communication of cybersecurity issues at all levels.
Cybersecurity: Public Sector Threats and Responses
- 1. Cybersecurity: Public Sector Threats and Responses Kim Andreasson Managing Director DAKA advisory AB Indonesia Information Security Forum (IISF) Hotel Hilton Bandung, 10 October 2012
- 2. Presentation overview An introduction to cyber security in the public sector Cyber threats Public sector responses Steps towards a more resilient organizational cyber security strategy Conclusion
- 3. Understanding cyber security in the public sector A convergence of three trends: 1. Globalization 2. Connectivity 3. E-government
- 4. 1. Globalization ICTs contribute strongly to economic growth and better social outcomes Benchmarking the information society is important in order for policy-makers to understand the factors behind it and how to achieve improved outcomes Most benchmarks include a component of e-government
- 5. 2. Connectivity The world will go 120 114.2 from 2bn Internet 100 Mobil e s ubs cri pti ons : Devel oped countri es users in 2010 to Mobil e s ubs cri pti ons : 5bn in 2015 80 Devel opi ng countri es Per 100 inhabitants 70.1 An opportunity 60 to improve 40 service delivery 20 An opportunity 0 to leapfrog 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 The developed/developing country classifications are based on the UN M49, see: http://www.itu.int/ITU-D/ict/definitions/regions/index.html Source: ITU World Telecommunication /ICT Indicators database
- 6. 3. E-government Information and service delivery Transparency and accountability Link to broader development objectives Digital by default
- 7. 3.1. Supply of e-government Benchmarking global e-government development since 2003 to “inform and improve the understanding of policy makers’ choices to shape their e-government programs” (UN 2004) The survey measures “the willingness and capacity of countries to use online and mobile technology in the execution of government functions” (UN 2010)
- 8. 3.2. E-government progress http://www.archive.org
- 9. 3.3. Demand for e-government In 1990, the American tax authority, the IRS, said 4m people used online tax filing (the first year such service was available) In 2000, the number filing their taxes online had risen to 35m In 2010, 100m Americans used e-file
- 10. Enter cyber security An increase in usage means an increase in dependency About 75% of organizations suffer from a cyber attack every year Attacks can compromise trust in e-government
- 11. Categorizing cyber threats Politically motivated threats: cyber warfare, cyber terrorism, espionage and hacktivism Non-politically motivated threats: typically financially motivated, such as cyber crime, intellectual property theft, and fraud, but also hacking for fun or retribution, for example, from a disgruntled employee
- 12. Understanding cyber threats “When we first started this process… agencies didn’t know what they didn’t know.” -Karen S. Evans Administrator for E-Government and Information Technology in testimony before the House Committee on Homeland Security, February 28, 2008 What is the risk? Is there control? Can you live with the residual risk? What is your response plan when services become compromised?
- 13. Public sector responses The public sector is different as it must consider, for example: Tension between transparency and privacy Cost optimization; agencies often only seek to meet minimum standards Build closer relations with other stakeholders, including the private sector Key performance indicators (KPIs) But one thing remains the same: Cyber security is a global phenomenon and a challenge for every organization. It must be dealt with at all levels, from the international arena to the regional, national and local levels
- 14. Global cyber security agenda 1. Legal measures 2. Technical and procedural measures 3. Organizational structures 4. Capacity building 5. International cooperation
- 15. The problem for organizational cyber security People! According to the Data Breach Investigations Report from Verizon, an American telecommunications firm, 85% of confirmed cyber breaches were not considered very difficult and 96% were avoidable More work is needed to create and maintain comprehensive yet clearly communicated cyber security policies that are enforced
- 16. Steps towards a more resilient organizational cyber security strategy 1. Close the gap between IT and management 2. Improve awareness and education 3. Capture technology trends, including the move from e-government to m-government
- 17. Step #1: Close the gap between IT and management Assess underlying factor(s), e.g. user awareness based on an internal survey Translate results into KPIs, e.g. average user awareness Communicate key message to management, e.g. the meaning of score(s) and their importance related to other issue(s)
- 18. Step #2: Improve awareness and education ICT skills divide Governments cannot go it alone; a role for the private sector and NGOs Make people SMART: Specific Measurable Attainable Relevant Time-bound
- 19. Step #3: Track trends, such as mobility New threats: from spam to spim and mobile malware New challenges: insecure wireless connections, missing (stolen) devices, data loss, “always on” connections Same answers: comprehensive and clearly communicated policies that are measurable
- 20. Conclusion: measure cyber security at all levels Compared with just a decade ago, governments have made significant progress in expanding ICT access But just as crime have always been part of history, cyber security is likely to continue well into the future, especially since the two are increasingly intertwined There is a demand for measurement at all levels in order to give policy-makers and public sector managers data, tools and benchmarks to better understand cyber security from a policy perspective and to communicate that message Every case is different, yet fundamentally the same