CYBERSECURITY: DO S & DON’T S MARTINA FRANCESCA FERRACANE RESEARCH ASSOCIATE AT ECIPE QED 22 JUNE 2017
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
C Y B E R S E C U R I T Y: D O S & D O N ’ T S
M A R T I N A F R A N C E S C A F E R R A C A N E R E S E A R C H A S S O C I A T E A T E C I P E
Q E D 2 2 J U N E 2 0 1 7
O U T L I N E
1. G E T T I N G T H E T E R M I N O L O G Y R I G H T
2. D O N ’ T S
3. D O S
O U T L I N E
1. G E T T I N G T H E T E R M I N O L O G Y R I G H T
2. D O N ’ T S
3. D O S
C Y B E R S E C U R I T Y
Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers,
programs and data from attack, damage or unauthorized access.
Elements of cybersecurity include: Application security; Information security; Network
security; Disaster recovery / business continuity planning; Operational security; End-user education.
Source: http://whatis.techtarget.com
C Y B E R S E C U R I T Y
Cyber threats can be grouped in 4 categories:
- Crime: fraud, extorsion, theft, DoS, etc
- Commercial espionage
- Nation-State espionage
- Warfare
Source: Information Technology Industry Council (2015)
A C C E S S T O D A TA F O R N A T I O N A L S E C U R I T Y
& L A W E N F O R C E M E N T
Different issues such as:
- Counter-terrorism measures
- MLATs
- Data sovereignty
D A TA P R I VA C Y
Data privacy concerns the collection, protection and
dissemination of personal or private information about
individuals or organisations.
Source: http://lexicon.ft.com/
F R E E D O M O F E X P R E S S I O N
Different issues such as:
- Fake news
- Censorship
- Hate speech
O U T L I N E
1. G E T T I N G T H E T E R M I N O L O G Y R I G H T
2. D O N ’ T S
3. D O S
F R A G M E N TA T I O N ( I )
“Member States have very different levels of preparedness, which has led to fragmented approaches
across the Union. This results in an unequal level of protection of consumers and businesses, and
undermines the overall level of security of network and information systems within the Union.”
Recital (5) - NIS Directive
F R A G M E N TA T I O N ( I I )
“Each Member State shall adopt a national strategy on the security of network and information systems defining
the strategic objectives and appropriate policy and regulatory measures with a view to achieving and
maintaining a high level of security of network and information systems (…)”
Article 7 - NIS Directive
F R A G M E N TA T I O N ( I I I )
“Member States shall lay down the rules on penalties applicable to infringements of national provisions
adopted pursuant to this Directive and shall take all measures necessary to ensure that they are
implemented (…)”
Article 21 - NIS Directive
N O T I F I C A T I O N O F I N C I D E N T S
Digital services: have to report those incidents that have a ‘substantial impact on the provision of a service (…)
they offer in the EU’.
Operators of essential services have to report those incidents ‘having significant impact on the continuity of
the essential services they provide’
Art. 14 & Art. 16 - NIS Directive
‘without undue delay’
C O M P U L S O R Y S E C U R I T Y S TA N D A R D S ( I )
“Member States shall (…) encourage the use of European or internationally accepted standards and specifications relevant to the security of network and
information systems.”
Article 19 - NIS Directive
C O M P U L S O R Y S E C U R I T Y S TA N D A R D S ( I I )
- Multi-Level Protection Scheme (MPLS) - China
- Preferential Market Access (PMA) - India
- Cybersecurity Law - China
‘The security reviews will not target any country or region, they will not discriminate against foreign technology or
products, nor limit their access to the Chinese market. On the contrary, they will boost consumer confidence in such
products and services, and expand their markets.’ CAC China
“We cannot allow [terrorism] the safe space it needs to breed – yet that is precisely what the internet, and the big companies that provide
internet-based services provide” Theresa May
H O W S E C U R I T Y S TA N D A R D S C O U L D B E A B U S E D …
‘Personal information and important data collected and generated by critical information infrastructure operators
in the PRC must be stored domestically’
Art. 37 - China Cybersecurity Law - June 2017
D A TA L O C A L I S A T I O N ( I )
‘Where due to business requirements it is truly necessary to provide it [data] outside the mainland, they shall (…)
conduct a security assessment’
D A TA L O C A L I S A T I O N ( I I )
Source: Digital Trade Estimates Database - ECIPE
O U T L I N E
1. G E T T I N G T H E T E R M I N O L O G Y R I G H T
2. D O N ’ T S
3. D O S
- Focus on systems that are truly critical in nature
- Improve public agencies
- Improve coordination intra-EU and globally
- Develop national cybersecurity plans
- Involve the private sector in the development of
cybersecurity strategy
- Invest in R&D
- Increase PPP
- Participate in international fora and consortia
D O S
- Preserve interoperability and openness to the
global market
- Balance cybersecurity concerns with:
- civil liberties
- innovation
- trade
- other policy priorities
D O S
"It's no longer OK not to understand how the Internet works.”
Aaron Swartz
R E F E R E N C E S
- Directive (EU) 2016/1148 of the European Parliament and of the Council of 6
July 2016 concerning measures for a high common level of security of network
and information systems across the Union: http://eur-lex.europa.eu/legal-
content/EN/TXT/?uri=CELEX%3A32016L1148
- English Sina (2017). China Internet regulator says cyber security law not a trade
barrier: http://english.sina.com/news/2017-05-31/detail-ifyfuvpm6886418.shtml
- FT (2017). Special Report on Cyber Security: https://www.ft.com/reports/cyber-
security
- Independent (2017). Theresa May says the internet must now be regulated
following London Bridge terror attack: http://www.independent.co.uk/news/
uk/politics/theresa-may-internet-regulated-london-bridge-terror-attack-
google-facebook-whatsapp-borough-security-a7771896.html
R E F E R E N C E S
- ITIC (2013). ITI Position Paper on the Proposed “Directive of the European
Parliament and of the Council Concerning Measures to Ensure a High
Common Level of Network and Information Security Across the Union”:
https://www.itic.org/dotAsset/a748f2f7-7d73-4d62-8ea0-b5ad35e3af27.pdf
- ITIC (2015). The IT Industry’s Cybersecurity Principles for Industry and
Government: https://www.it ic.org/dotAsset/0e3b41c2-587a-48a8-
b376-9cb493be36ec.pdf
- NIST (2014): Framework for Improving Critical Infrastructure Cybersecurity:
https://www.nist.gov/sites/default/files/documents/cyberframework/
cybersecurity-framework-021214.pdf
- QUARTZ (2016). How countries like China and Russia are able to control the
internet: https://qz.com/780675/how-do-internet-censorship-and-surveillance-
actually-work/
R E F E R E N C E S
Websites:
- www.ecipe.org/dte
- http://whatis.techtarget.com
- http://lexicon.ft.com/
M A R T I N A F R A N C E S C A F E R R A C A N E E M A I L : M A R T I N A . F E R R A C A N E @ E C I P E . O R G
THANK YOU!
Related Documents
