Government and Enterprise Collaboration in Cybersecurity
-
Upload
charles-mok -
Category
Technology
-
view
1.825 -
download
0
description
Transcript of Government and Enterprise Collaboration in Cybersecurity
![Page 1: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/1.jpg)
URGENT NEED F
OR
GOVERNMENT AND
ENTERPR
ISE
COLLABORAT
ION IN
CYBER S
ECURITY
22
/ 11
/ 20
13
S
EC
UR
I TY
36
1
![Page 2: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/2.jpg)
“Technological advances, combined with the ubiquity of the Internet, have spawned a near-infinite range of potentially grave security threats to governments, commercial entities and individuals.”
Paul Rosenzweig
![Page 3: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/3.jpg)
CYBER-SECURITY:MOST CRUCIAL ISSUE AT ALL LEVELS
![Page 4: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/4.jpg)
WHAT ABOUT HONG KONG?
recorded botnet, hacking and denial-of-service attacks in first 10 months of 2013
871
Source: Hong Kong Computer Emergency Response Team Coordination Center
40% increase over
the same period last year
![Page 5: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/5.jpg)
APT ATTACKS
stealthy, targeted, persistent
![Page 6: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/6.jpg)
DDOS ATTACKS
![Page 7: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/7.jpg)
HONG KONG NETWORK: VULNERABLE?
Edward Snowden:
NSA targets included CUHK, public officials, businesses, students, network backbones
Mandiant:
HKUST network involved in
cyberattacks?
![Page 8: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/8.jpg)
Complex, sophisticated attacks can wreak havoc not only on enterprise networks but critical infrastructure, even media agencies are vulnerable.
![Page 9: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/9.jpg)
ECONOMIC SECURITY AT RISK
Classified information
Intellectual property
Consumer data
Business networks
![Page 10: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/10.jpg)
CYBERSECURITY OF THE PRIVATE SECTOR IS CRUCIAL
• Protect investment in innovation and crucial functions – public utilities, finance and telecommunications
• Government’s daily function relies on assets owned and operated by the private sector
![Page 11: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/11.jpg)
The
Need fo
r
Colla
borat
ion
![Page 12: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/12.jpg)
INTER-DEPARTMENTAL WORKING GROUP ON COMPUTER RELATED CRIME
Major recommendations implemented
• ‘24-hour liaison system’ and ‘cooperation platforms’ between Law Enforcement Agencies, major ISPs and other institutions
• Enhancing education and publicity (Seminars)
• Internet Infrastructure Liaison Group (IILG) - no regular meeting?
• Standard procedures and guidelines
Year 2000
![Page 13: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/13.jpg)
CYBERSECURITY: HK GOVT’S RESPONSE
OGCIO
• Infosec policies and guidelines
• Awareness building / public education
HKCERT
• Monitoring and response
• Threat detection and assessment
• Alert, drills and education
Police
• Combat of technology crimes at HQ, Regions and District levels;
• Cyber Security Centre set up in 2012
![Page 14: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/14.jpg)
LEGISLATION: COMPUTER AND INTERNET-RELATED CRIMESTelecommunications Ordinance (Cap. 106)
•Prohibits unauthorised access to computer by telecommunications
Crimes Ordinance (Cap. 200)
•Tackles access to computer with criminal or dishonest intent.
Theft Ordinance (Cap. 210)
•Deals with offences of destroying, defacing, concealing or falsifying records kept by computer
UEMO (Cap. 593)
•prohibits fraud activities related to the sending of multiple commercial electronic messages.
![Page 15: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/15.jpg)
SOME QUESTIONS
• Are our laws robust and relevant to handle ever-evolving cyber-threats?
• Is there enough info sharing and support to the private sector?
• How can private sector contribute?
![Page 16: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/16.jpg)
MORE CAN BE DONE
• Conduct a comprehensive cyber security review and audit?
• Review of computer related crime and cybersecurity legislation?
• More, better communication channels between private sector and government?
• Directly support enterprises and SMEs to take precautions?
![Page 17: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/17.jpg)
CYBER SECURITYCOLLABORATION:
PUBLIC-PRIVATE PARTNERSHIP?
GovernmentFrom law enforcement to info sharing facilitator?Accelerate the flow of info and support sharing of threat data?
EnterpriseImprove overall cyber security infrastructureShare information without the risk of legal action?
![Page 18: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/18.jpg)
ISSUES TO IRON OUT…
• Government and enterprises using different sets of technology and process?
• How much to share? Privacy and sensitive business information
• What is the incentive or responsibility to report breaches and attacks?
• Real-time notification requires significant resources
![Page 19: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/19.jpg)
GOVTS ARE PUTTING IN MORE EFFORT IN CYBER-SECURITYUSA: Cybersecurity Executive Order emphasize the need for PPP, greater information
sharing, and the collaborative development of a cybersecurity framework and program
UK: Cyber Security Strategy
Set up Cyber Security Information Partnership to share information and intelligence in real time
Singapore: 5-Year National Cyber Security Masterplan 2018
Enhance security of infrastructure, promote infosec adoption among end-users and businesses, grow pool of infosec experts
![Page 20: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/20.jpg)
OUR ENTERPRISES HAS MUCH TO OFFER
• Ample local experts and technology to detect and mitigate cyber threats
• Strong expertise in infosec professional associations
• Extensive experience to contribute
Collaboration is the key
![Page 21: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/21.jpg)
HONG KONG NEEDS TO STEP UP
• Mechanism for real-time detection and alert already in place (Police and HKCERT)
• Comprehensive, up-to-date review of government and enterprise infosec readiness
• Strengthen, organize and incentivize cyber security info exchange
• Support end-users and business beyond publicity and education
![Page 22: Government and Enterprise Collaboration in Cybersecurity](https://reader036.fdocuments.us/reader036/viewer/2022062513/55562bbdd8b42a5b528b4d3e/html5/thumbnails/22.jpg)
THANK YO
U!
Charles MokLegislative Councillor (Information Technology)
[email protected]: Charles Mok BTwitter: @charlesmok