1 / 18

A Framework to Implement a National Cyber Security Structure for Developing Nations

A Framework to Implement a National Cyber Security Structure for Developing Nations. ID Ellefsen - iellefsen@uj.ac.za SH von Solms - basievs@uj.ac.za Academy for Information Technology University of Johannesburg. Outline. Introduction

audi
Download Presentation

A Framework to Implement a National Cyber Security Structure for Developing Nations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Framework to Implement a National Cyber Security Structure for Developing Nations ID Ellefsen - iellefsen@uj.ac.za SH von Solms - basievs@uj.ac.za Academy for Information Technology University of Johannesburg

  2. Outline • Introduction • Critical Information Infrastructure Protection – Background • Protection Structures • CSIRTs • C-SAWs • CIIP Framework for Developing Nations • Challenges • Two-Factor Development • Role of the CSIRT and C-SAW • Stages of Development • Initial, Intermediate, Mature • Timeline • Conclusions SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  3. Introduction I • With the growth of the Internet in developing countries there is a need to develop CIIP solutions • Growth of Internet facilities effects all levels of society: • Cost of connection • Speed of connections • Number of users Table: Showing various cable systems that are becoming operational since 2009 SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  4. Introduction II • Developing nations are finding themselves on the receiving end of massive improvements in bandwidth • They do not have structures in place to deal with the effects of increasing bandwidth • Distributed Denial of Service (DDoS) attacks • SPAM • Phishing • Malware • Increasing size of the user-base. • Users are unaware of how to deal with these new threats. • Companies and Governments might not be aware of the possible threats to their systems. SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  5. Critical Information Infrastructure Protection - Background • The internal structures that countries have in place to prevent attacks on their information infrastructures. • Many systems are now making use of Internet technologies • Critical Systems (Power, Water, Telecommunications, etc.) • Economic Systems (Stock Exchanges, Reserve Banks, Financial Institutions, etc.) • eServices (Tolling Systems, Online Booking Systems, etc.) • If any of these systems were to be attacked via the Internet it would have serious implications. • All countries need to create structures to handle possible cyber attacks. • For often historic reasons, developing nations often have unique challenges that must be addressed in the development of these structures. SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  6. Protection Structures • The structures counties create to handle cyber security incidents. • Computer Security Incident Response Teams (CSIRTs) • Well-understood platform • Operates within a constituency of users • Encapsulates the expertise to responding to computer security incidents • “Top-Down” by design – implemented at a governmental level. • Unique for a particular environment • Computer Security, Advisory and Warning (C-SAW) Team • Part of continuing research • Smaller in scale to that of a CSIRT • Operates within a community of related members • Focuses the computer security expertise of the community • “Bottom-Up” by design • Interfaces with the community and a larger CSIRT SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  7. A CIIP Framework for Developing Nations • Developing nations must deploy these structures quickly • They must be customised for their environment • Structures in Developed Countries have evolved over the past 20 years • Grown and developed with the development of technology • Developing countries have unique challenges • Directly importing an existing structure will not effectively address these challenges • Development of a unique structure for a unique environment • Heavily influenced by social problems SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  8. Specific Challenges • Significantly faster development of information infrastructures. • High-levels of “cyber security illiteracy”. • A high number of users utilising mobile technologies. • A demand to adopt and provision eServices. • Inadequate legislation addressing cyber security. • Inadequate policy documentation addressing cyber security. SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  9. Two-Factor CIIP Development • Approach the development of a holistic cyber security structure on two fronts: • Top-Down • Large entities • Direct coordination from CSIRT • Bottom-up • Smaller entities • Interaction with C-SAW teams • Two structures are developed concurrently • Resulting in a comprehensive final structure SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  10. Role of the CSIRT • To provide high-level coordination • Bridge between government and the national computer security structure • Focused on large roleplayers: • Governmental Entities • Departments, Military, etc. • Large Commercial Entities • Financial Institutions • Telecommunications • Manufacturing, etc. • Large Academic Entities • National Research Organisations • Large Tertiary Academic Institutions • All of these roleplayer have: • Established computer facilities • Consume large amounts of bandwidth • High number of users SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  11. Role of the C-SAW • To provide “low-level” coordination • Bridge between small roleplayers and the national computer security structure • Focused on small roleplayers: • Small Academic Entities • Primary and Secondary Schools, etc. • Small Commercial Entities • Small and Medium Enterprises • Individuals • The “man-on-the-street” • All of these roleplayers have: • Limited computer facilities • Consume “small” amounts of bandwidth • Relatively little collective knowledge of computer security threats SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  12. Stages of Development (Framework) • A high-level structure should developed in three stages: • Initial Stage • Intermediate Stage • Mature Stage • Each stages consists of a number of goals that must be achieved • Each goal allows the resulting national computer security structure to develop incrementally • Each the actual length of each stage would depend on the environment • Ideally would allow for rapid deployment of a national computer security structure on two fronts: • Top-down • Bottom-up SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  13. Initial Stage • Concerned with initial assessments and environmental reports • The deployment environment must be evaluated and the following taken into consideration: • The Deployment Environment • Critical systems • Stakeholders • Legislation • Expertise • The Legal Environment • Current Legislation • Required amendments • Technological Environment • Current and future technologies • International Partners • Finally, small-scale test deployments should be done to practically evaluate the environment SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  14. Intermediate Stage • Primarily concerned with the development of the national structures, • CSIRT is formally created • A number of C-SAW Teams are deployed • Communities and Constituencies are established • Relationships are solidified: • International • Local • CSIRTs and C-SAWs should focus on awareness: • The national computer security structure • Computer security in general • The development can follow directly from the initial phase. • Build on from the small-scale structure SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  15. Mature Stage • The mature stages indicates a fully functioning and operations national computer security structure • Does not signify complete protection of critical information infrastructure • The structure is able to operate on a day-to-day basis and is able to respond to incidents • There must be on-going development • There must be on-going awareness campaigns • New services that can be offered by the national computer security structure can be identified • Education campaigns to expand local expertise. SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  16. Timeline • Ideally the development of a national computer security structure to happen quickly • Deployment time will vary • Commitment from all roleplayers is needed in order for the development to be successful. • Idealised timeline (3 years) – assuming all preparation been done • Initial Phase: 8 months • Intermediate Phase: 1 ½ to 2 years • Mature Phase (development): 1 year SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  17. Framework Timeline SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

  18. Conclusions • Developing counties must deploy national computer security structure • There are many unique challenges that developing nations face • In light of this, importing an existing structure or framework will not adequately address these challenges • Two-factor development: • Top-down: focused on the development of a CSIRT structure • Bottom-up: focused on the development of a C-SAW structure • Concurrent development to promote the rapid development of a comprehensive, holistic, structure. • Questions? SACSAW '11 - ID Ellefsen & SH von Solms - University of Johannesburg

More Related