Download undp cybersecurity assistance for developing nations

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

World-systems theory wikipedia , lookup

Transcript
UNDP CYBERSECURITY ASSISTANCE FOR DEVELOPING NATIONS
Presented by: Paul Raines
Date: 18 April 2016
Where: CSO50 Confab
ISO 9001 Quality inspected and released by: Paul Raines
CSO50 CONFAB
I. The changing view of developing nations
III. UNDP re-defining assistance
IV.Results to date
V. Questions
AGENDA
II. The cybersecurity threat
Kofi Annan, former Secretary General of the United
Nations, defined a developed country as "one that
allows all its citizens to enjoy a free and healthy life in a
safe environment.“
• people have low life expectancy (typically < 60 years)
• people have low education levels (high level of
illiteracy >25%)
• people have low income (< $1026 USD/yr)
DEVELOPING NATIONS
What is a developing nation anyway?
THE CHANGING IT PROFILE OF DEVELOPING NATIONS
But technology is changing the profile
CSO50 Confab
(Or what should be keeping you awake at night)
• Hackers are costing consumers and companies between $375 and $575 billion
annually, according to a study published by the Center for Strategic and
International Studies. This number is expected to grow...
• Online crime is estimated at 0.8 percent of worldwide GDP --that rivals the
amount of worldwide GDP - 0.9 percent - that is spent on managing the narcotics
trade.
• Looked at another way, if cybercrime were a nation, it would rank 27th in the global
economy, ahead of South Africa, Singapore, Austria, Thailand and Denmark.
THE GROWING THREAT TO CYBERSECURITY
Size of the cybersecurity threat
How are developing nations affected?
 The increased threat of cyber attacks puts the critical infrastructure of
developing nations at risk.









Information systems of hospitals
Air traffic control facilities
Factories
Police and military
Utilities
Schools & universities
Telecommunications firms
Transportation
Government agencies
 The emerging digital economies of developing nations are also at
systemic risk from cyber-criminals.
 Rampant fraud or hacking attacks, for example, could crash a developing nation’s
nascent digital economy.
 Widespread fraud could deter participants from using e-commerce and thus prevent
nations’ macro-economies from benefitting from the digital commerce.
CYBERSECURITY AND THREATS TO DEVELOPING NATIONS
CSO50 Confab
How are developing nations affected?
 Developing nations also face risks to their critical infrastructure from more
advanced nation-state actors who, in times of crisis, might use their
superior cyber-attack capabilities as a means of cyber-intimidation.
 Finally, protecting personal data, freedom of expression, and access to
public resources for citizens in developing nations is fundamental to
preserve human rights in the digital age.
Bottom Line: Computer crime and hacking are a growing world problem which threaten
the critical national infrastructure, digital economies and basic freedoms of developing
nations.
CYBERSECURITY AND THREATS TO DEVELOPING NATIONS
CSO50 Confab
Examples of recent cyber attacks
Flame: Malware described as ‘the most sophisticated cyber weapon yet unleashed’.
Detected in the Mid-East, Flame begins by sniffing the network traffic, taking
screenshots, recording audio conversations, and intercepting keyboard presses.
Red October: Malware used for a cyber-espionage campaign that targeted many
developed countries’ diplomatic and government agencies, research institutions,
energy and nuclear groups, and aerospace organisations.
MiniDuke: Malware designed to steal data from government agencies and research
institutions.
GhostNet: Malware allegedly originating in China which infiltrated targets in about 103
countries, including various embassies and foreign missions
Bangladesh central bank lost $81 M USD in hack of their account with
U.S. Federal Reserve
CYBERSECURITY AND THREATS TO DEVELOPING NATIONS
CSO50 Confab
CYBERSECURITY AND THREATS TO DEVELOPING NATIONS
CSO50 Confab
UNDP cybersecurity strategy
• The chief executives of UN agencies met at
their annual CEB summit and passed a
cybersecurity strategy to address the
internal and external challenges of
cybersecurity.
• The cybersecurity strategy made UNDP the
lead agency in ensuring that cybersecurity
programmatic assistance is providing on an
“on demand” basis to developing nations.
VISION STATEMENT
• Given the effect cyberattacks were having on
developing nations, the United Nations has
taken action to help address the problem.
UNDP for Cybersecurity????
CYBERSECURITY EXCELLENCE
UNDP for Cybersecurity!!!
• UNDP has a global reach with over 177
different country offices around the world
• UNDP has a stellar reputation in the field of
cyber-security. Since 2012, it has been
certified by Lloyd’s as following the best
practices of ISO 27001 & ISO 9001.
• Won major international cyber-security awards
for the past 4 consecutive years
CYBERSECURITY EXCELLENCE
• Fits UNDP mission to provide aid to
developing nations
UNDP cybersecurity services offered
•
•
•
•
ISO 27001 training
Risk assessment training
Resiliency training
Cyber-incident response training
UNDP also partners with the Forum of Incident Response and Security Teams (FIRST)
to provide professional workshops to build capacity.
ii. Cybersecurity Risk Assessment/Mitigation
• Risk assessment training
• Risk mitigation plan for the client.
UNDP trains how to create a risk assessment, perform risk mitigation and
build local capacity.
CYBERSECURITY SERVICES
i. Cybersecurity Training Workshops
UNDP Cybersecurity Services
• Compliance with the rigorous incident response standards of the Forum of
Incident Response and Security Teams (FIRST)
• Training workshops
• Simulated incident response exercises
• Reviewing and improving upon existing incident response capabilities and
procedures.
iv.Resiliency
• UNDP can review the client’s business continuity and disaster recovery
provisions and either make recommendations for improvement
• Create and help test a business continuity and disaster recovery plan for their
ICT systems and organisation
• Training on how to create and maintain business continuity and disaster
recovery plans
CYBERSECURITY SERVICES
iii.Building Capacity in Cyber-Incident Response
v. Cybersecurity Policies and Standards
• develop or review and makes recommended improvements to a client’s
cybersecurity policies and standards. (The client would be responsible for
taking the developed policies/standards through their organization’s policy
approval process.)
vi. ISO 27001 Certification
• ISO 27001 training workshops
• Assist a client in becoming ISO 27001 certified
• cybersecurity policy creation
• risk assessment
• statement of applicability
• internal assessment and compliance with the requirements of the
ISO 27001:2013 standard.
CYBERSECURITY SERVICES
UNDP Cybersecurity Services
After only one year we have Assistance to Bangladesh
Cybersecurity conference
•Istanbul in October 2015
•Participants from 23 countries
•2016 conference to be held
Sept 26-28 in Morocco
Assistance to Moldova
Training on CERT
Assistance to Sri Lanka
Assistance with national PKI
CSO50 award for 2016
PROGRAMME IMPACT
•Security assessment of A2I
•Risk assessment training workshop
•CERT training, procedures & exercise
•National cybersecurity strategy
CSO50 Confab
AND SO, CLOSING THE CIRCLE….
• 2012—ISO 9001 & ISO 27001 certified
• 2013 --- Honours laureate award and 1 of 5 companies nominated
for prestigious 21st Century award for World Good
• 2014 – CSO40 Award
• 2015 -- CSO50 Award
• 2016 -- CSO50 Award
• 2016 – Computer World’s Premier 100
• We are relatively low cost, trusted in the developing
world and execute quickly
WHY UNDP?
• Why use UNDP?
• Global reach with offices in 177 countries
• Development mission for over 50 years
• Record of proven achievement in cyber-security