International Cyber- Collaboration – Issues and Opportunities Moderator –Dr Andrew Vallerand Canadian Centre for Security Science Panellists - Mr. Josh.

International Cyber-Collaboration – Issues

and Opportunities

Moderator – Dr Andrew Vallerand Canadian Centre for Security Science

Panellists - Mr. Josh Caplan Office Assistant Sec Def for Res & Engineering

Dr. Peeter Lorents NATO CyberSecurity COE

Dr Arun Sood International Cyber Center, George Mason Unviv

2

Introduction

Cyberspace• Its use is totally pervasive across governments, economies,

and individuals.• The growing dependency on our use of cyberspace makes

it an attractive target for those who would do us harm.• We know cyber attacks are daily events, yet there is an

incredible amount of ongoing work in cyber security.

Why is it important to collaborate internationally?

3

Interdependent Security

•In an interdependent world, the risks faced by any ONE agent depend not only on its choices but also on the choice of all OTHERS.

•Failures of a weak link in an interdependent system can have devastating impacts on all parts of the system.

•Cyber Interdependence does not require proximity…

4

Cyber Security

• Like airline passenger flows, cyberspace has a large number of entry points

• No one country / carrier can independently secure the system or take effective unilateral actions

• We must work collectively and collaboratively in a variety of areas to close the gaps.

5

ALLIED Cyber Security Strategies

Canada’s Cyber Security Strategy is consistent with…

• Estonia 2008• UK 2009• US 2003 & 2010• AUS 2009

6

Interdependent Security…

• Demands that we acknowledge others security levels

• Suggests it is in our own best interests to share – Threat analysis; approach to Risk;– Security capability enhancements (Prepare, Detect,

Respond, Recover capabilities)– Best Practices against Malware to combat cyber crime– Network contacts with Subject Matter Experts– Trans-Border Experiments/ Exercises

7

Cost of Cyber Crime in UK? £ 27B/yr!

• £2B/yr: Govt systems• £3B/yr:Citizens systems• £22B/yr: Industry systems• Key domains?

– IP Theft– Industrial Espionage– Extortion– OnLine Theft– ID Theft

• Common Intl issue? – Low barrier of entry into rich field…– Anonymous Web and Investigation…– Attribution, Deterrence, Prosecution…

http://www.cabinetoffice.gov.uk/sites/default/files/resources/THE-COST-OF-CYBER-CRIME-SUMMARY-FINAL.pdf

8

Today’s Panellists

Each Panellist is a Subject Matter Expert in one of three distinct areas of international cyber security

1. Cyber Network Operations

2. Cooperative Cyber Security and Defence

3. Strategic Intl collaboration and information sharing of Cyber Security

9THE Strategic View

10

• Some Canadian

WHOLE of GOVERNMENT perspectives

…from the Centre for Security Science

11

Defence R&D Canada

1212

Established Productive collaborative partnerships focused on S&T for National Security Capabilities

•Agriculture & Agri-Food Canada•Atomic Energy Canada Ltd•Canada Border Services Agency•Canadian Food Inspection Agency•Canadian Nuclear Safety

Commission•Canadian Security Intelligence

Service•Communications Research Centre

Canada•Communications Security

Establishment Canada•Environment Canada

•Fisheries and Oceans Canada

•Health Canada• Industry Canada• Infrastructure Canada•National Defence •National Research

Council•Natural Resources

Canada•Privy Council Office•Public Safety Canada•Public Health Agency

Canada•RCMP•Transport Canada•Treasury Board

Secretariat

… across the Federal Government

… as well as with Provincial and Municipal first responders;… and with Canada’s Academic, Industrial and International partners

13

Landscape of Canadian Clients/ Partners in Cyber Security

• Privy Council Office (PCO or White House in US)– National Security Advisor to the Prime Minister of Canada

• Public Safety Canada– Integrated Threat Assessment Centre (ITAC) / Canadian Cyber Incident Response

Centre (CCIRC or CERT in US)– Royal Canadian Mounted Police (RCMP; FBI & US Marshall Serv in US) – Canadian Security Intelligence Service (CSIS or CIA in US)

• Industry Canada– Telecommunications & ISP Regulator; Communications Research Centre (CRC)– National Research Council (NRC), Competition Bureau, eCommerce Office– National Science & Engineering Research Council (NSERC)

• Treasury Board Secretariat– Chief Information Officer

• National Defence– Defence Research and Development Canada (DRDC; DDR&E in US)– Communications Security Establishment Canada (CSEC: NSA in US)– Assistant Deputy Minister (Information Management); Cyber Task Force

• PWGSC, Dept of Justice, Dept Foreign Affairs Intl Trade, Dept of Finance, Revenue Canada.; NCFTA Canada; Academia

• Business Associations: TELCO; ePayment Assoc., IT Assoc can.