Symantec Biography:  Zoltán Précsényi is a member of Symantec’s European Government Affairs team, based in Brussels. He is primarily responsible of representing Symantec before EU and national legislative bodies, government departments, authorities and international organizations. Before joining Symantec, Précsényi worked as public affairs manager for the European Aluminium Association, with a focus on European policy and law making in the areas of competitiveness, sustainability, industrial policy and standardization. Prior to that, from 2004 to 2007, he was advisor to a Hungarian Member of the European Parliament, mostly active in a variety of policy areas including transatlantic relations, innovation, intellectual property, and ICT. Précsényi holds a masters law degree from the University of Paris II Assas, and is fluent in Hungarian, French and English. Abstract: Cyberdefense and security policy: Concepts and considerations for government policy Information and communication technologies have become a key horizontal component of the national critical infrastructure. Whether accidental, or due to malicious outsiders or insiders, a major security incident affecting them can impact the strategic assets of a country, compromise its ability to command and coordinate its forces, or provide vital intelligence to the adversary. Security and control of ICTs is therefore a critical component of any national security strategy. Cybersecurity is the activity of protecting one’s information systems. Cyberdefense is more specialized, linked to particular themes and organizations. It refers to defense against activity originating from hostile actors with political or economic motivations, and targeting assets that merit protection from a national security standpoint. Cyberdefense requires the deployment of in-depth security technologies, advanced capabilities in intelligence gathering, real-time protection and proactive incident response. Indeed, control of the information space becomes a strategic priority both for the attacker and for the defender. While the majority of security incidents are caused by well-meaning or malicious insiders rather than by external actors, attacks can be either against infrastructure, or against information. Most attacks are profitdriven and organized crime-related. However an attacker could also seek to achieve information superiority to gain decisive strategic or tactical advantage. Collecting intelligence about such threats requires significant engineering skills, infrastructure and often also human intelligence skills. Attacks against government and critical infrastructure are usually either massive or targeted/tailored. While massive attacks (e.g. DDoS) tend to use botnets to compromise infrastructure, targeted/tailored attacks are directed at information. Usually, targeted attacks use unique malware to exploit zero day vulnerabilities in systems, whereas tailored attacks use existing malware purposely modified and/or social engineering. The attacker aims to infiltrate the defenses of the victim, remain undetected, collect information and elevate their privileges in the network, creating advanced persistent threats. The stages of such an attack are usually reconnaissance, incursion, discovery, capture and exfiltration. A successful attack of this nature often requires skills, resources and expertise uncommon to the average hacker. Moving forward, the deployment of cloud computing solutions, while enabling superior security capacities, can also entail a certain loss of control over the location of one’s data, and create new single points of failure. Coupled to the increased use of mobile devices and to the convergence between individual users’ private and professional spheres, the threat from negligent and malicious insiders becomes even more acute. Additionally, the broad availability of, and ease of access to malware e.g. on the Internet further enhances the asymmetric nature of the threat, whereby ever lower skills and investment are required to inflict incommensurately higher damage on information and infrastructure. Symantec’s top-ten observations and policy recommendations are the following: 1- Cybersecurity impacts national security. 2- Security needs to be in-depth, mobile, adjustable and dynamic. 3- Security can no longer go without intelligence. 4- Effectiveness requires correlation of information from multiple sources and real time monitoring of protected assets, making national CERTs indispensable. 5- Prioritization of resources according to actual threat levels is essential. 6- Security is about people, process and technology. 7- More public-private cooperation is needed to protect critical infrastructure. 8- Government organizations responsible for fighting cyber-attacks need to be properly resourced. 9- An organization within government needs to take responsibility for the coordination of security policy. 10- Security must be taken seriously and built into any infrastructure from its earliest concept. Presentation: |
Workshops > cs-ga-2011 >