Cybersecurity and Cybercrime Ministry of National Security
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Cybersecurity and Cybercrime
Ministry of National Security
Objective of Presentation
• What is the nature of Cybersecurity and Cybercrime?
• Purpose of Legislation
• Potential Impact on business operations
• What should businesses do to be ready for new legislation
• Way forward
News Headlines
3
Adam Palmer –Norton Lead Cyber Security Advisor advised that:
• $388 Billion is the total Bill for Cybercrime footed by online adults in 24 countries over the past year
• When victims value the time they have lost to Cybercrime it was estimated at over $274 Billion
• The direct cash cost of cybercrime – Money stolen by cybercrime or spent on resolving cyber attacks is estimated at over $114 Billion
What is Cybersecurity?
Definition of cybersecurity, referring to ITU-T X.1205, Overview of cybersecurity
• Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user’s assets against relevant security risks in the cyber environment. The general security objectives comprise the following:
• Availability
• Integrity, which may include authenticity and non-repudiation
• Confidentiality
What is the nature of Cybercrime?
• OECD had recommended that ‘Computer related crime is considered as any illegal or unethical or unauthorised behaviour relating to automatic processing and the transmission of data.’
• Commission of European Union in 2001 described it as any crime that in some way or other involves the use of information technology. It has now been extended to include massive and co-ordinated attacks against the information infrastructure of a country.
• Transnational nature of cyberspace makes effective law enforcement difficult.
• Cyber-criminals defy nations sovereignty and originate attacks from almost any computer in the world
Difficult to define.. • Often involves traditional crimes
• Computer used to commit a crime
• Child porn, threatening email, assuming someone’s identity, sexual harassment, defamation, spam, phishing
• Computer as a target of a crime
• Viruses, worms, industrial espionage, software piracy, hacking
• Content-related offences, concerning the disclosure or making available by means of a computer system of illegal content
• Offences related to intellectual property
Business Data-Hackers are Everywhere
• Stealing data
• Industrial Espionage • Identity theft • Defamation
• Deleting data for fun • A lot of bored 16 year olds late at night
• Turning computers into zombies • To commit crimes • Take down networks • Distribute porn • Harass someone
• Ethical/white hat hackers exist too • Help break into networks to prevent
crimes
Source: E-Commerce Network - Suzanne Mello
- Nov 5 2004
THE CABINET-APPOINTED INTER MINISTERIAL COMMITTEE ON CYBER SECURITY
ABOUT THE IMC
• Established by Cabinet in March 2010
• Began operations in April 2011
• Given a period of twenty four months to complete its mandate
ABOUT THE IMC: Mandate
• To develop a coordinated National Cyber Security Strategy and Action Plan
• To facilitate, guide and ensure the enactment of a national Cybercrime Act
• To facilitate, guide and ensure the implementation of a National Computer Security Incident Response Team (CSIRT)
• To establish an implementation mechanism that would have legislative authority to develop and enforce cyber security regulations
• To create a mechanism/framework that ensures that risk/vulnerability assessments of each Ministry’s cyber infrastructure and cyber security plan are conducted regularly
ABOUT THE IMC: Composition
• Core Committee
• Ministry of National Security (Chair)
• Ministry of Science and Technology
• Ministry of Tertiary Education and Skills Training-University of the West Indies
• Ministry of Public Administration
• Ministry of the Attorney General
• Ministry of Public Utilities
• Ministry of Energy and Energy Affairs
• Ministry of Finance and the Economy
• National ICT Company Ltd. (iGovTT)
ABOUT THE IMC: Composition
• Sub Committees:
• Ministry of Health
• Ministry of Education
• Ministry of Legal Affairs
• Ministry of Foreign Affairs
• Ministry of Transport
• Telecommunications Authority of Trinidad and Tobago
Structure of the IMC
IMC
National Strategy
Incident Management
Legal
Government/
Civil Society and Private Sector Collaboration
Culture and International Cooperation
Achievements • Coordinated the work of a HIPCAR Consultant which resulted
in the development of a Draft Cybercrime Bill
• Capacity building and training for government stakeholders (OAS/CICTE, HIPCAR and proposed CCI)
• Developed and obtained approval for National Cyber Security Strategy (December 2012)
• Developed and obtained approval for a National Cybercrime Policy (February 2013)
• Developed and obtained approval for the establishment of a Cyber Security Agency (August 2013)
The Cyber Crime Policy: Purpose
• Ensure a coherent strategy in the prevention, investigation, prosecution and sentencing of computer crime and cybercrime in Trinidad and Tobago
• Enable Trinidad and Tobago to participate in the international endeavour to fight against transnational computer crime and cybercrime.
• Inform the preparation of a legislative framework for the deterrence and prosecution of cybercrime
The Cyber Crime Policy: Objectives
• Prevention and Awareness Raising
• Criminalization of offences related to computer crime and cybercrime
• Institution of investigation mechanisms
• Use of electronic evidence in prosecution
• Creation of an environment that defines the obligations and restricts the liability of ISPs
• Repeal of the Computer Misuse Act (2000) and replace with the Cybercrime Act
Legislation covers: • Illegal access to a computer system (“hacking”, circumventing • password protection, exploiting software loopholes etc.) • Illegal interception (violating privacy of data communication) • Illegal Data interference (malicious codes, viruses, trojan horses etc.) • System interference (hindering the lawful use of computer systems) • Misuse of devices and illegal devices (tools to commit cyber-offences) • Offences affecting critical infrasturcture • Computer-related forgery (similar to forgery of tangible documents) • Computer-related fraud (similar to real life fraud) • Identity related offences • SPAM • Harassment using an electronic means • Child pornography • Infringement of copyright and related rights
Cont’d • Expedited preservation of stored computer data
• Expedited preservation and partial disclosure of traffic
• Data Production order
• Search and seizure of stored computer data
• Real-time collection of traffic data
• Interception of content data
• Procedural safeguards
Public-Private Partnership GoRTT will:
• Identify public stakeholders responsible for initiating and developing cyber security policies and regulations;
• Engage both the public and private stakeholders in the process by clearly defining their roles and responsibilities;
• Define the appropriate incentives that allow private, public and civil society stakeholders to participate in the process (for example no costly regulations).
• Involve specific critical infrastructure and Internet service providers instead of allocating responsibilities to a specific sector;
21
Public-Private Partnership
• Include civil society in the implementation of the strategy from an awareness raising standpoint;
• Foster the development of cyber security certification programmes that will be nationally recognized and accepted by the public and private sectors;
• Educate the general public and small, medium and large businesses on basic cyberspace safety and security issues.
Permanent Stakeholders Group (to be est. by the E.D., TTCSA):
• It is envisioned that this Group will create an open forum for continued dialogue on cyber security matters. It is also intended that the Group will be available for discussions regarding regulations and standards to be set by the TTCSA.
22
Role of Businesses Companies will be encouraged to:
• Sensitize employees on cyber security and cyber threats.
• Evaluate the security of those networks that impact the security of Trinidad and Tobago’s critical infrastructure. Such evaluations would include:
• Conducting risk assessments and audits;
• Developing continuity plans which consider staff and equipment; and
• Participating in industry-wide information sharing and best practice dissemination.
• Provide sufficient opportunities for continuing education and advanced training in the workplace to maintain high skill standards and the capacity to innovate.
23
The New Wild Wild West
• More cyber criminals than cyber cops
• Criminals feel “safe” committing crimes from the privacy of their own homes
• Brand new challenges facing law enforcement • Most not trained in the technologies • Internet crimes span multiple
jurisdictions • Need to retrofit new crimes to existing
laws
• Criminals exploit weaknesses in laws as well as vulnerabilities in technologies.
E-Commerce Network - Suzanne Mello
- Nov 5 2004
Way forward….
Related Documents
