NATO Advanced Research Workshop

“Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy

Framework”

Scenario for Discussion Topic One

Who is in Charge?

• Who is in Charge ?: What National Agency or Private Sector Enterprise is responsible for taking the lead in response to a Cyber Attack?

• Whose laws apply?• Whose regulations apply?• Is it just a civilian problem or will militaries become involved?

•Lack of Cyber Situational Awareness: There does not appear to be an organization at national levels responsible for providing cyber situational awareness to:

• Government Agencies • Private Sector Enterprises

• Most stakeholders assume SA to be a Federal capability and responsibility, but Livewire challenged that assumption– It may be quite difficult to determine that seemingly disparate cyber

disruptions in different sectors constitute a coordinated, wide-spread, cyber attack.

– The indications of a sophisticated and coordinated cyber attack may not be initially visible to the cadre of technicians monitoring Internet health or assessing now familiar patterns of vulnerability exploits.

– The first visible effects may be societal effects.

• Private industry is first to recognize and address anomalies to their “normal” state of business or network health.

• Private industry is therefore an integral component in the Indications and Warning process.

Competing Concepts• Stimulate the Economy vs. Improve National

Security • Infrastructure Modernisation vs. Critical

Infrastructure Protection • Private Sector vs. Public Sector  • Data Protection vs. Information Sharing •  Freedom of Expression vs. Political Stability

Who is responsible for mitigating the following:(Assume all to be the result of cyber disruption)

Home computers are unable to connect to the Internet

• Who are the victims?• What can be done?• Who can help with mitigation? (Who would this victim call)• Should LE be informed?• Is this a government issue?

Cannot access files at work

• Who are the victims?• What can be done?• Who can help with mitigation? (Who would this victim call)• Should LE be informed?• Is this a government issue?

Who is responsible for mitigating the following:(Assume all to be the result of cyber disruption)

Someone is using your credit card to make purchases

• Who are the victims?• What can be done?• Who can help with mitigation? (Who would this victim call)• Should LE be informed?• Is this a government issue?

Who is responsible for mitigating the following:(Assume all to be the result of cyber disruption)

An e-commerce site is being subject to a DDOS attack and cannot transact any business

• Who are the victims?• What can be done?• Who can help with mitigation? (Who would this victim call)• Should LE be informed?• Is this a government issue?

Who is responsible for mitigating the following:(Assume all to be the result of cyber disruption)

Personal data has been compromised to include credit card numbers and is now published on a hacker website

• Who are the victims?• What can be done?• Who can help with mitigation? (Who would this victim call)• Should LE be informed?• Is this a government issue?

Who is responsible for mitigating the following:(Assume all to be the result of cyber disruption)

Electronic transfer of government pay accounts has been interrupted and employees are unable to gain access to the funds

• Who are the victims?• What can be done?• Who can help with mitigation? (Who would this victim call)• Should LE be informed?• Is this a government issue?

Who is responsible for mitigating the following:(Assume all to be the result of cyber disruption)

National and regional banks are reporting that networked ATM machines have been compromised

• Who are the victims?• What can be done?• Who can help with mitigation? (Who would this victim call)• Should LE be informed?• Is this a government issue?

Who is responsible for mitigating the following:(Assume all to be the result of cyber disruption)

Supervisory controls within the critical infrastructure have been compromised creating a widespread power outage and interruption of the distribution of drinking water

• Who are the victims?• What can be done?• Who can help with mitigation? (Who would this victim call)• Should LE be informed?• Is this a government issue?

Who is responsible for mitigating the following:(Assume all to be the result of cyber disruption)

There is a cyber attack that is ongoing and designed to interrupt the continuity of government in a given nation

• Who are the victims?

• What can be done?

• Who can help with mitigation? (Who would this victim call)

• Should LE be informed?

• Is this a government issue?

Who is responsible for mitigating the following:(Assume all to be the result of cyber disruption)

• Home computers are unable to connect to the Internet • Cannot access files at work • Someone is using your credit card to make purchases • An e-commerce site is being subject to a DDOS attack and cannot transact any

business • Personal data has been compromised to include credit card numbers and is now

published on a hacker website • Electronic transfer of government pay accounts has been interrupted and employees

are unable to gain access to the funds• National and regional banks are reporting that networked ATM machines have been

compromised• Supervisory controls within the critical infrastructure have been compromised creating

a widespread power outage and interruption of the distribution of drinking water

• There is a cyber attack that is ongoing and designed to interrupt the continuity of government in a given nation