Uploaded byChayaSorir
PPT, PDF30 views

6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt

The document discusses cyber security challenges for Pakistan's national security. It highlights shortcomings in Pakistan's cyber security framework and policies. It outlines the key elements needed for a comprehensive national security framework, including strong leadership, clear policies and strategies, adequate funding and resources, and robust laws. It also discusses the roles and responsibilities of various government agencies and stakeholders in ensuring Pakistan's cyber security and the need to designate a lead agency to coordinate efforts. However, Pakistan currently lacks a coordinated cyber security architecture and mechanism.

Embed presentation

Download to read offline
CYBER WARFARE & NATIONAL SECURITY: IMPLICATIONS AND CHALLENGES DR TUGHRAL YAMIN ASSOCIATE DEAN CIPS, NUST
AIM TO HIGHLIGHT THE STRUCTURAL & POLICY SHORTCOMINGS WITH REGARDS TO CYBER SECURITY IN THE OVERALL FRAMEWORK OF PAKISTAN’S NATIONAL SECURITY
NATIONAL SECURITY CONCEPT • NATIONAL SECURITY CALLS UPON A GOVERNMENT, ALONG WITH ITS PARLIAMENT TO PROTECT THE STATE AND ITS CITIZENS AGAINST ALL KIND OF THREATS THROUGH A VARIETY OF POWER PROJECTION MEANS, SUCH AS – POLITICAL POWER – DIPLOMATIC INFLUENCE – ECONOMIC CAPACITY – MILITARY MIGHT • MANY COUNTRIES INCLUDING PAKISTAN ARROGATE THE RESPONSIBILITY OF COORDINATING NATIONAL SECURITY MATTERS TO THE NATIONAL SECURITY COUNCIL (NSC) SLICES OF NATIONAL SECURITY TERRITORIAL POLITICAL ECONOMIC ENERGY & NATURAL RESOURCES HOMELAND HUMAN ENVIRONMENTAL CYBER FOOD
ESSENTIAL ELEMENTS OF A COMPREHENSIVE SECURITY FRAMEWORK • STRONG LEADERSHIP TO PROVIDE – VISION – ACROSS THE BOARD COORDINATION • CLEAR CUT POLICY & STRATEGY WITH PRECISE MISSION STATEMENT • ADEQUATE FUNDS & HUMAN/MATERIAL RESOURCES • UNAMBIGIOUS SET OF LAWS & LAW ENFORCEMENT CAPACITY LEADERSHIP RESOURCES POLICY & STRATEGY LAWS
CYBER SECURITY REFERS TO PROTECTION OF OFFICIAL AND PERSONAL COMPUTER AND DATA PROCESSING INFRASTRUCTURE AND OPERATING SYSTEMS (OS) FROM HARMFUL INTERFERENCE, FROM OUTSIDE OR INSIDE THE COUNTRY INVOLVES NOT ONLY NATIONAL DEFENSE & HOMELAND SECURITY BUT ALSO LAW ENFORCEMENT
CYBER WARFARE & CYBER ATTACKS DEFINITION AN INTERNET-BASED CONFLICT INVOLVING ATTACKS ON THE ADVERSAY’S INFORMATION & INFORMATION SYSTEMS PURPOSE OF CYBER ATTACKS DEFACE WEBSITES DISABLE NETWORKS DIRUPT/ DISABLE ESSENTIAL SERVICES CRIPPLE FINANCIAL SYSTEMS STEAL OR ALTER DATA
MANIFESTATION OF CYBER ATTACK • SECURITY BREACHES • ECONOMIC LOSSES • PSYCHOLOG ICAL TRAUMA • PHYSICAL DAMAGE DISRUPTION OF COMPUTER SYSTEMS – LONG DOWN TIME FEAR & PANIC FLIGHT KNEEJERK REACTION SMALLSCALE ID THEFTS MASSIVE DATA BREACHES FRAUD LARGESCALE MONETARY THEFT
HOW CAN CYBER ATTACKS HURT NATIONAL SECURITY? CYBER ATTACKS CAN: • PARALYSE THE GOVERNMENT’S DECISION MAKING SYSTEMS • CRIPPLE A NATION’S CRITICAL INFRASTRUCTURE • CAUSE MASSIVE PANIC & TRIGGER INADVERTENT WARS PARALYSIS COLLAPSE PANIC
TYPES OF CYBER ATTACKS • VIRUSES • WORMS • TROJAN HORSES • MISLEADING INFORMATION TO DISTRACT OR COVER OWN TRACKS SYNTACTIC ATTACKS SEMANTIC ATTACKS
CYBER TARGETS • PERSONAL COMPUTERS • COMPUTER NETWORKS MANAGING THE INFORMATION SYSTEMS OF ORGANIZATIONS, BUSINESSES, FINANCIAL INSTITUTIONS ETC • CRITICAL INFRASTRUCTURE (VITAL ASSETS OF A NATION – VIRTUALLY/PHYSICALLY) CONTROLLED BY SUPERVISORY CONTROL & DATA ACQUISITION (SCADA) CRITICAL INFRASTRUCTURE COMPUTER NETWORKS PERSONAL COMPUTERS
HOW DOES A TYPICAL CYBER ATTACK TAKES PLACE? MALICIOUS ACTS ORIGINATING FROM AN ANONYMOUS SOURCES HACKING INTO A SUSCEPTIBLE SYSTEM TO EITHER • STEAL • ALTER OR • DESTROY A SPECIFIED TARGET
WHO CAN LAUNCH CYBER ATTACKS? • STATE ACTORS • NON STATE ACTORS • CRIMINALS • HACKTIVISTS • FREELANCERS • KID IN THE BASEMENT • INSIDERS
PROBLEMS WITH CYBER RESPONSES NO RULES OF ENGAGEMENT PROBLEM IN DETERMINING A PROPORTIONATE RESPONSE DIFFICULTY IN ATTRIBUTION
BROAD SPECTRUM OF CYBER ATTACKS
US CYBER SECURITY AGENCIES • OFFICE OF THE CYBER SECURITY COORDINATOR • DEPARTMENT OF HOMELAND SECURITY (DHS) • NATIONAL SECURITY AGENCY (NSA) • CYBER COMMAND (CYBERCOM)
DEPARTMENT OF HOMELAND SECURITY (DHS)
NATIONAL SECURITY AGENCY (NSA)
LEVEL AUSTRALIA UK STRAT CYBER SECURITY POLICY & COORD COMMITTEE (LEAD AGENCY: THE ATTORNEY GENERAL’S DEPARTMENT) FUNCTION: INTERDEPARTMENTAL COMMITTEE THAT COORDS DEVELOPMENT OF CYBER SECURITY POLICY FOR THE GOVT OFFICE OF THE CYBER SECURITY (OCS) FUNCTION: PROVIDES STRAT LEADERSHIP & COHERENCE ACROSS ALL DEPTS OF THE GOVT TAC CYBER SECURITY OPERATIONS CENTRE (UNDER DEFENCE SIGNALS DIRECTORATE) FUNCTION: PROVIDES GOVET WITH ALL SOURCE CYBER SITREP CYBER SECURITY OPS CENTRE (CSOC) FUNCTION: ACTIVELY MONITORS THE HEALTH OF CYBERSPACE & COORDS INCIDENCE RESPONSE OP CERT AUSTRALIA GOVCERTUK
PM OFFICE/ CABINET SECY (PMO/ CAB SEC) MINISTRY OF HOME AFFAIRS (MHA) MINISTRY OF EXTERNAL AFFAIRS (MEA) MINISTRY OF DEFENCE (MOD) MINISTRY OF COMMON INFO TECHNOLOGY (MCIT) NON GOVT ORGANISATION (NGO) NATIONAL SECURITY COUNCIL (NSC) NATIONAL CYBER COORD CENTRE (NCCC) AMBASSADORS & MINISTERS TRI SERVICE CYBER COMMAND DEPARTMENT OF INFORMATION TECHNOLOGY (DIT) CYBER SECURITY AND ANTI HACKING ORGANISATION (CSAHO) National Technical Research Org (NTRO) Directorate of Forensic Science (DFS) Defence Attaches Army (MI) Department of Telecom (DoT) Cyber Society of India (CySI) National Critical Info Infrastructure Protection Centre(NCIIPC) National Disaster Mgt Authority (NDMA) Joint Secretary (IT) Navy (NI) Indian Computer Emergency Response Team CERT-IN Centre of Excellence for Cyber Security Research & Development In India (CECSRDI) Joint Intelligence Group (JIG) Central Forensic Science Lab (CFSLs) Air Force (AFI) Education Research Network (ERNET) Cyber Security of India(CSI) National Crisis Management Committee (NCMC) Intelligence Bureau (IB) Def Info Assurance & Research Agency (DIARA) Informatics Center (NIC) National Cyber Security of India (NCS) Research & Analysis Wing (RAW) Defence Intelligence Agency (DIA) Centre for Development of Advanced Computing C-DAC Cyber Attacks Crisis Management Plan of India (CACMP) Multi Agency Center (MAC) Defence Research Dev Authority (DRDO) Standardisation, Testing and Quality Certification (STQC) National Information Board (NIB) CYBER SECURITY HIERARCHY IN INDIA
U S F O C U S O N IT SE C U RI TY COMPUTERS/ICT FORM THE FOUNDATION OF US ECONOMY AND DRIVE THE TECHNOLOGICAL CHANGE THAT ALLOWS SMALL AND MEDIUM-SIZED BUSINESSES TO COMPETE IN THE GLOBAL MARKETPLACE ECONOMIC GROWTH IS THREATENED BY A CORRESPONDING GROWTH IN CYBER THREATS INCREASING DATA BREACHES, THEFT OF INTELLECTUAL PROPERTY THROUGH CYBER MEANS, AND CYBER ATTACKS ARE RESULTING IN REAL COSTS AND CONSEQUENCES FOR THE AMERICAN ECONOMY US GOVERNMENT IS TAKING ACTIONS TO BETTER PREPARE ITSELF, ITS ECONOMY, AND THE NATION AS A WHOLE TO DEFEND AGAINST GROWING CYBER THREATS CYBER THREATS POSE ONE OF THE GRAVEST NATIONAL SECURITY DANGERS TO THE US
US BUDGETARY STRATEGY FOR CYBERSECURITY SEVERAL BUDGETARY, PROGRAMMATIC & LEGISLATIVE STRATEGIES TO IMPROVE THE CYBERSECURITY INFRASTRUCTURE AND COMBAT GROWING CYBER THREAT DOMESTICALLY AND GLOBALLY UPDATED CYBERSECURITY LEGISLATIVE PROPOSAL THAT WILL PROVIDE THE FEDERAL GOVERNMENT AND PRIVATE SECTOR THE NECESSARY TOOLS TO IMPROVE NATIONAL CYBERSECURITY IN FY 2016, THE PRESIDENT'S BUDGET PROPOSES $14 BILLION IN CYBERSECURITY FUNDING FOR CRITICAL INITIATIVES AND RESEARCH
US STRATEGIC INVESTMENTS IN CYBER SECURITY DHS TO LEAD IMPLEMENTATION OF THE CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) NATIONAL CYBERSECURITY PROTECTION SYSTEM BETTER KNOWN AS EINSTEIN OSS-AGENCY PRIORITY GOAL AND IMPLEMENT POSTWIKILEAKS SECURITY IMPROVEMENTS ON CLASSIFIED NETWORKS, PURSUANT TO E.O. 13587 $582 MILLION
US PRESIDENT’S BUDGET FY 2016 OUTREACH TO PRIVATE SECTOR SHAPING THE FUTURE CYBER ENVIRONMENT NATIONAL SECURITY AND CYBER THREATS $149 MILLION $243 MILLION $514 MILLION
CYBERCOM XXXX TO BE BROUGHT TO FULL STRENGTH US DEPARTMENT OF DEFENSE BUDGET FEDERAL CIVILIAN CYBER CAMPUS $227 MILLION TO FUND THE 1ST PHASE OF CONSTRUC TION CYBER INTELLIGENCE INTEGRATION, ANALYSIS & PLANNING WITHIN THE FEDERAL GOVERNMENT $35 MILLION
2015 US CYBERSECURITY LEGISLATIVE PROPOSAL THREE CENTRAL ELEMENTS AIM AT ENSURING NATIONAL SECURITY, WHILE ALSO PROTECTING THE PERSONAL DATA AND PRIVACY OF CITIZENS BY: •FACILITATING GREATER VOLUNTARY SHARING OF CYBER THREAT INFORMATION BETWEEN THE GOVERNMENT AND PRIVATE SECTOR •INCENTIVIZING FURTHER DEVELOPMENT OF INFORMATION SHARING AND ANALYSIS ORGANIZATIONS TO IMPROVE THE VOLUNTARY SHARING OF CYBER THREAT INFORMATION WITHIN THE PRIVATE SECTOR AND BETWEEN THE PRIVATE SECTOR AND THE GOVERNMENT. PROTECTS THE PRIVACY OF AMERICANS BY REQUIRING PRIVATE ENTITIES THAT SHARE VOLUNTARILY UNDER THE PROPOSAL'S AUTHORITY, TO COMPLY WITH CERTAIN PRIVACY RESTRICTIONS, SUCH AS REMOVING UNNECESSARY PERSONAL INFORMATION IN ORDER TO QUALIFY FOR LIABILITY PROTECTION ESTABLISH DATA BREACH STANDARDS •ESTABLISHING A SINGLE FEDERAL STANDARD FOR NOTIFYING INDIVIDUALS IN A TIMELY, CONSISTENT WAY WHEN PRIVATE SECTOR DATA BREACHES OCCUR; THIS HELPS BUSINESSES AND CONSUMERS BY SIMPLIFYING AND STANDARDIZING THE EXISTING PATCHWORK OF 47 STATE LAWS THAT CONTAIN DATA BREACH REPORT REQUIREMENTS INTO ONE FEDERAL STATUTE. THIS IS PART OF OUR COMMITMENT TO BALANCE SECURITY AND PRIVACY, ENSURING CITIZENS RECEIVE TIMELY INFORMATION ON THEIR DATA IN THE EVENT OF A BREACH. THIS WILL: – PROVIDE A SINGLE THRESHOLD FOR NOTIFICATION – ESTABLISH DEADLINES FOR NOTIFICATION OF CYBER INCIDENTS
US POLICY TO MODERNIZE LAW ENFORCEMENT AUTHORITIES ENSURE LAW ENFORCEMENT HAS THE TOOLS TO INVESTIGATE, DISRUPT & PROSECUTE CYBERCRIME  ALLOW PROSECUTION FOR THE SALE OF BOTNETS ENABLE LAW ENFORCEMENT TO PROSECUTE THE OVERSEAS SALE OF STOLEN FINANCIAL INFORMATION LIKE CREDIT CARD AND BANK ACCOUNT NUMBERS EXPANDS FEDERAL LAW ENFORCEMENT AUTHORITY TO DETER THE SALE OF SPYWARE USED TO STALK OR COMMIT ID THEFT COURTS TO BE GIVEN THE AUTHORITY TO SHUT DOWN BOTNETS ENGAGED IN DISTRIBUTED DENIAL OF SERVICE ATTACKS AND OTHER CRIMINAL ACTIVITY
INTERNATIONAL CYBER BUDGETS
INDIA’S CYBER-SECURITY BUDGET ‘WOEFULLY INADEQUATE’: EXPERTS • INDIA'S CYBER-SECURITY BUDGET WAS MORE THAN DOUBLED LAST YEAR. YET, IT IS “WOEFULLY INADEQUATE” IN THE WAKE OF REVELATIONS MADE BY US NATIONAL SECURITY AGENCY CONTRACTOR EDWARD SNOWDEN AND INCREASING CYBER-ATTACKS ON GOVERNMENT INFRASTRUCTURE, ACCORDING TO EXPERTS. • IN 2014-15, THE DEPARTMENT OF IT HAS SET ASIDE RS 116 CRORE FOR CYBER SECURITY. THE COUNTRY HAS PROPOSED TO SET UP A NATIONAL CYBER COORDINATION CENTRE (NCCC) WITH A SEPARATE BUDGET OF RS 1,000 CRORE. THE COORDINATION CENTRE IS STILL AWAITING CABINET CLEARANCE. “ALLOCATION IS WOEFULLY INADEQUATE GIVEN SNOWDEN'S REVELATIONS - WE NEED AT LEAST 10 TIMES THAT AMOUNT,” SAID SUNIL ABRAHAM, EXECUTIVE DIRECTOR AT CENTER FOR INTERNET AND SOCIETY. THE ECONOMIC TIMES 28 JANUARY 2015
CYBER SECURITY ARCHITECTURE & COORD MECHANISM CYBER SECURITY POLICY CYBER LAW CYBER EMERGENCY RESPONSE SLOW PROGRESS LITTLE OR NO PROGRESS SURROUNDED BY CONTROVERSY LITTLE PROGRESS CYBER FUNDS ????????? W HI T H ER CY BE R SE C U RI TY IN P A KI ST A N ?
WHO IS RESPONSIBLE FOR CYBER SECURITY IN PAKISTAN? NO DESIGNATED LEAD AGENCY MULTIPLE STAKEHOLDERS GOVERNMENT INDUSTRY ACADEMIA CIVIL SOCIETY PUBLIC
CYBERSECURITY STAKEHOLDERS GOVERNMENT • CABINET COMMITTEE ON NATIONAL SECURITY • NATIONAL SECURITY COUNCIL (NSA: LTG N.K. JANJUA) • SENATE COMMITTEE ON DEFENCE (CHAIR: SEN. M.H. SAYED) • SENATE COMMITTEE ON TECH & IT (CHAIR: SEN. SHAHI SAYED) • NA STANDING COMMITTEE ON TECH & IT (CHAIR: CAPT SAFDAR) • MINISTRY OF DEFENCE • MINISTRY OF INTERIOR • MINISTRY OF FOREIGN AFFAIRS • MINISTRY OF IT • JS HQ • INTELLIGENCE AGENCIES PUBLIC • PAKISTAN SOFTWARE HOUSES ASSOCIATION (PASHA) • INTERNET SERVICE PROVIDERS ASSOCIATION OF PAKISTAN (ISPAK) • PAKISTAN INFORMATION SECURITY ASSOCIATION (PISA) • E COMMERCE ENTREPRENEURS • DIGITAL RIGHTS ACTIVISTS (BOLO BHI) • SOCIAL MEDIA ACTIVISTS • ORDINARY CITIZENS
SENATE COMMITTEE FOR DEFENCE ACTION PLAN FOR CYBER SECURE PAKISTAN (JULY 2013) • POINT 1. RELEVANT LEGISLATION TO PRESERVE, PROTECT AND PROMOTE PAKISTAN’S CYBER SECURITY • POINT 2. CYBER SECURITY THREAT TO BE ACCEPTED AND RECOGNIZED AS NEW, EMERGING NATIONAL SECURITY THREAT BY THE GOVERNMENT OF PAKISTAN, SIMILAR TO THREATS LIKE TERRORISM AND MILITARY AGGRESSION • POINT 3. ESTABLISH A NATIONAL COMPUTER EMERGENCY RESPONSE TEAM (PKCERT). • POINT 4. ESTABLISH A CYBER-SECURITY TASK FORCE WITH AFFILIATION WITH MINISTRY OF DEFENCE, MINISTRY OF IT, MINISTRY OF INTERIOR, MINISTRY OF FOREIGN AFFAIRS, MINISTRY OF INFORMATION AND OUR SECURITY ORGANIZATIONS PLUS RELEVANT AND LEADING PROFESSIONALS FROM THE PRIVATE SECURITY SO THAT PAKISTAN CAN TAKE STEPS TO COMBAT THIS NEW EMERGING THREAT AND FORMULATE CYBER SECURITY STRATEGY FOR PAKISTAN. • POINT 5. UNDER THE OFFICE OF THE CHAIRMAN JOINT CHIEFS OF STAFF COMMITTEE, AN INTER- SERVICES CYBER COMMAND SHOULD BE ESTABLISHED TO COORDINATE CYBER SECURITY AND CYBER DEFENCE FOR THE PAKISTAN ARMED FORCES. • POINT 6. WITHIN THE FRAMEWORK OF SAARC, PAKISTAN SHOULD TAKE THE INITIATIVE TO INITIATE TALKS AMONG THE 8-MEMBER STATES PARTICULARLY INDIA TO ESTABLISH ACCEPTABLE NORMS OF BEHAVIOR IN CYBER SECURITY AMONG THE SAARC COUNTRIES SO THAT THESE COUNTRIES ARE NOT ENGAGED IN CYBER WARFARE AGAINST EACH OTHER. • POINT 7. SPECIAL MEDIA WORKSHOPS ON CYBER SECURITY AWARENESS
NATIONAL CYBER SECURITY COUNCIL BILL (INTRODUCED 14.04.2014) • WITHIN SIXTY DAYS OF THE ENACTMENT OF THIS ACT, THE SENATE STANDING COMMITTEE ON DEFENCE SHALL CONSTITUTE THE NATIONAL CYBER SECURITY COUNCIL • NO ACT OF THE COUNCIL SHALL BE INVALID BY REASON ONLY OF THE EXISTENCE OF ANY VACANCY AMONG ITS MEMBERS OR ANY DEFECT IN ITS CONSTITUTION DISCOVERED AFTER SUCH ACT OR PROCEEDING OF THE COUNCIL: PROVIDED THAT AS SOON AS SUCH DEFECT HAS BEEN DISCOVERED, THE MEMBER SHALL NOT EXERCISE THE FUNCTIONS OR POWERS OF HIS MEMBERSHIP UNTIL THE DEFECT HAS BEEN RECTIFIED • THE COUNCIL SHALL MEET AT LEAST ONCE IN EACH QUARTER OF A YEAR • THE COUNCIL MAY FROM TIME TO TIME DELEGATE ONE OR MORE OF ITS FUNCTIONS AND POWERS TO ONE OR MORE OF ITS MEMBERS, HOWEVER, UNDER NO CIRCUMSTANCE SHALL BE FURTHER DELEGATED. • DECISIONS OF THE COUNCIL SHALL BE TAKEN BY A MAJORITY OF THE MEMBERS. • SAVE AS PROVIDED HEREIN, THE TERMS AND CONDITIONS OF SERVICE OF THE MEMBERS OF THE COUNCIL SHALL BE SUCH AS MAY BE PRESCRIBED. • CHAIR. CHAIRMAN SENATE STANDING COMMITTEE ON DEFENCE • MEMBERS – FEDERAL GOVT (21) – PRIVATE SECTOR (9)
MANDATE OF THE NATIONAL CYBER SECURITY COUNCIL • DEVELOP POLICY, RENDER ADVICE, CONDUCT RESEARCH AND ESTABLISH START UP INITIATIVES • ESTABLISH A NATIONAL CYBER SECURITY STRATEGY WHICH MAY BE UPDATED FROM TIME TO TIME, AS AND WHEN DEEMED APPROPRIATE, BUT NOT LATER THAN EVERY THREE YEARS • ESTABLISH AN INTERNATIONAL CYBER SECURITY STRATEGY WHICH MAY BE UPDATED FROM TIME TO TIME, AS AND WHEN DEEMED APPROPRIATE BUT NOT LATER THAN EVERY THREE YEARS • UNDERTAKE INITIATIVES AS PROVIDED FOR UNDER SECTION 6; • DEVELOP AND DRAFT POLICY, GUIDELINES AND GOVERNANCE MODELS RELATED TO EVER EMERGING CYBER SECURITY THREATS; • ADVISE AND MAKE RECOMMENDATIONS TO THE SENATE AND THE NATIONAL ASSEMBLY, JUDICIARY AND ALL MINISTRIES, DEPARTMENTS AND BRANCHES OF GOVERNMENT ON POLICY AND LEGISLATION WITH RESPECT TO CYBER SECURITY; • MONITOR LEGISLATION AND PROVIDE ADVICE AND RECOMMENDATIONS WITH THE OBJECTIVE OF ENSURING THAT LEGISLATION REFLECTS INTERNATIONAL BEST PRACTICES WITH RESPECT TO CYBER SECURITY; • ADVISE AND MAKE RECOMMENDATIONS TO GOVERNMENT DEPARTMENTS ON MECHANISMS TO IMPLEMENT POLICIES RELATED TO CYBER SECURITY AND MONITOR AND HAVE PERFORMANCE AUDIT CONDUCTED THEREOF; • MAKE RECOMMENDATIONS TO THE GOVERNMENT FOR ADOPTION EITHER THROUGH POLICIES AND REGULATORY MEANS OF STANDARDIZATION, HARMONIZATION AND ACCREDITATION WITH REGARDS TO CRITICAL INFORMATION INFRASTRUCTURE; • COORDINATE AND CONSULT WITH ALL REPRESENTATIVE STATE AND NON-STATE ACTORS ON IMPLEMENTATION OF POLICIES, INITIATIVES AND LEGISLATION ON CYBER SECURITY; • FACILITATE COMMUNICATIONS BETWEEN THE GOVERNMENT AND PRIVATE SECTOR ENTITIES, ACADEMIA, CYBER SECURITY EXPERTS THROUGH MULTI-STAKEHOLDER MEETINGS HELD WITH SUCH FREQUENCY AS DETERMINED NECESSARY BY THE COUNCIL;
• ESTABLISH THE ADVISORY GROUPS AS PROVIDED BY SECTION 10 TO PROVIDE NON BINDING INPUT TO THE NATIONAL CYBER SECURITY COUNCIL ON STRATEGIC PLANS AS AND WHEN CALLED UPON TO DO SO FROM TIME TO TIME; • IN PARTICULAR ADVISE, ASSIST, COLLABORATE AND COORDINATE WITH NATIONAL SECURITY APPARATUS OF THE STATE OF PAKISTAN FOR CONTINUALLY IMPROVING THE STATE OF CYBER SECURITY WITH RESPECT TO ALL ASPECTS AND INTERESTS OF THE STATE; • COORDINATE, COLLABORATE AND CONDUCT EXCHANGES WITH INTERNATIONAL BODIES, FORA AND ENTITIES, INTERALIA, IN CONNECTION WITH THE FUNCTIONS AND POWERS HEREIN; • CAUSE RESEARCH AND DEVELOPMENT TO BE CONDUCTED WITH RESPECT TO KALEIDOSCOPIC CYBER SECURITY THREATS, DEVELOPMENTS, BEST PRACTICES AND INTERNATIONAL LAWS AND OBLIGATIONs; • PROMOTE GENERAL AWARENESS WITH RESPECT TO CYBER SECURITY AWARENESS, PARTICULARLY THE IN-HOUSE ROLE AND RESPONSIBILITY OF INDIVIDUALS, CORPORATE ENTITIES AND ORGANIZATIONS ; • DEVELOP A TEN YEAR AND TWENTY YEAR VISION WITH REGARDS TO CYBER SECURITY; • LEGISLATE AND UPDATE SUCH RULES FOR THE INTERNAL ADMINISTRATION AND OPERATIONS OF THE COUNCIL, ITS PERSONNEL AND ADVISORY GROUPS, AS IT MAY CONSIDER APPROPRIATE FOR CARRYING OUT THE PURPOSES OF THIS ACT; • INCLUSIVELY, COLLABORATE WITH THE CORPORATE ENTITIES, PRIVATE SECTOR, CYBER SECURITY ACADEMIA, PROFESSIONALS, CIVIL SOCIETY AND COMMUNITY TO ACHIEVE THE OBJECTIVES; • THE COUNCIL MAY DELEGATE THE FUNCTIONS AND POWERS TO ANY ONE OR MORE OF THE ADVISORY GROUPS, AS IT DEEMS APPROPRIATE.
2015 JOINT STATEMENT BY PRESIDENT BARACK OBAMA AND PRIME MINISTER NAWAZ SHARIF CYBERSECURITY • RECOGNIZING THE OPPORTUNITIES AND CHALLENGES PRESENTED BY INFORMATION AND COMMUNICATIONS, TECHNOLOGIES PRESIDENT OBAMA AND PRIME MINISTER SHARIF AFFIRMED THAT INTERNATIONAL COOPERATION IS ESSENTIAL TO MAKE CYBERSPACE SECURE AND STABLE • BOTH LEADERS ENDORSED THE CONSENSUS REPORT OF THE 2015 UN GROUP OF GOVERNMENTAL EXPERTS IN THE FIELD OF INFORMATION AND TELECOMMUNICATIONS IN THE CONTEXT OF INTERNATIONAL SECURITY • THE LEADERS LOOKED FORWARD TO FURTHER MULTILATERAL ENGAGEMENT, AND DISCUSSION OF CYBER ISSUES AS PART OF THE US-PAKISTAN STRATEGIC DIALOGUE
ARCHIT ECTURE POLICY & LAWS FUNDS & RESOURCES AWARENESS & PREPAREDNESS DEVELOPMENT PLAN INTERNATIONAL RELATIONS NATIONAL CYBER SECURITY COUNCIL TO BE MADE PART OF THE NSA PK CERT TO BE ESTABLISHED WITHOUT FURTHER DELAY GOVERNMENT SHOULD ALLOCATE ADEQUATE FUNDS & RESOURCES FOR CYBER SECURITY PROPOSALS COMPREHENSIVE CYBER SECURITY POLICY TO COORDINATE & ENSURE ALL CYBER MATTERS WHILE ADDRESSING THE CITIZEN’S RIGHT TO PRIVACY CYBER SECURITY AWARENESS TO BE CREATED WITHIN THE GOVT, CORPORATE SECTOR, INDUSTRY, PRIVATE BUSINESSES & ACADEMIA •DEVELOP OWN HARDWARE & INFRASTRUCTURE •DEVELOP INDEPENDENT OS FOR THE ARMED FORCES & SECURITY ORGANIZATIONS •IN THE LONGTERM DEVELOP OWN INTERNET •BRING FORTH NATIONAL VIEWPOINT ACCURATELY IN THE UN GGE & OTHER INTERNATIONAL MEETINGS •CONCLUDE CYBER CBMs WITH INDIA (SAARC SUMMIT 2016)
PROPOSED CYBER COMMAND ARMY AIR FORCE NAVY CYBERCOM SECTT
EXAMPLES OF CYBER ATTACKS & THEIR IMPACT ON NATIONAL SECURITY THE CASE OF ESTONIA (APRIL 2007) • ESTONIA RELOCATED THE BRONZE SOLDIER OF TALLINN, A SOVIET- ERA GRAVE MARKER TO THE ANNOYANCE OF THE RUSIANS • A SERIES OF CYBER ATTACKS WERE LAUNCHED AGAINST ESTONIA SWAMPING WEBSITES OF ORGANIZATIONS, INCLUDING THE PARLIAMENT, BANKS, MINISTRIES, NEWSPAPERS AND BROADCAST STATIONS • DISTRIBUTED DENIAL OF SERVICE (DDOS) LAUNCHED AGAINST THE GENERAL PUBLIC, RANGING FROM SINGLE INDIVIDUALS USING VARIOUS METHODS LIKE PING FLOODS TO EXPENSIVE RENTALS OF BOTNETS USUALLY USED FOR SPAM DISTRIBUTION • SPAMMING OF BIGGER NEWS PORTALS COMMENTARIES AND DEFACEMENTS INCLUDING THAT OF THE ESTONIAN REFORM PARTY WEBSITE
CYBER & PHYSICAL ATTACK ON GEORGIA • 20 JULY 2008. ZOMBIE COMPUTERS ATTACK GEORGIAN NETWORKS. WEBSITE OF THE GEORGIAN PRESIDENT SUFFER OVERLOAD & IS TAKEN DOWN FOR 24 HOURS. TRAFFIC DIRECTED AT THE WEBSITE INCLUDED THE PHRASE "WIN+LOVE+IN+RUSIA”. • 5 AUGUST. GEORGIAN NEW AGENCIES AND TELEVISION STATIONS HACKED. • 5 AUGUST. TERRORIST ATTACK ON BAKU–TBILISI–CEYHAN PIPELINE SUBJECTED TO A TERRORIST ATTACK NEAR REFAHIYE IN TURKEY COUPLED WITH A SOPHISTICATED COMPUTER ATTACK ON LINE'S CONTROL AND SAFETY SYSTEMS THAT CAUSE AN INCREASE IN PRESSURE AND EXPLOSION. • 7-8 AUGUST. MANY GEORGIAN INTERNET SERVERS UNDER EXTERNAL CONTROL • 9 AUGUST. KEY SECTIONS OF GEORGIA'S INTERNET TRAFFIC REROUTED THROUGH SERVERS BASED IN RUSSIA AND TURKEY, WHERE THE TRAFFIC IS EITHER BLOCKED OR DIVERTED. RUSSIAN AND TURKISH SERVERS ARE ALLEGEDLY CONTROLLED BY THE RUSSIAN HACKERS. • 10 AUGUST. RIA NOVOSTI NEWS AGENCY'S WEBSITE DISABLED FOR SEVERAL HOURS • 10 AUGUST. MANY ONLINE GEORGIAN SITES SUSPECTED TO BE FAKE • 11 AUGUST. GEORGIA ACCUSES RUSSIA OF WAGING CYBER WARFARE ON GEORGIAN GOVERNMENT WEBSITES SIMULTANEOUSLY WITH A MILITARY OFFENSIVE • 14 AUGUST. CEASEFIRE
NORTH KOREAN ATTACK ON SONY PICTURES • NOVEMBER 24, 2014. CONFIDENTIAL DATA BELONGING TO SONY PICTURES ENTERTAINMENT RELEASED • DATA INCLUDES PERSONAL INFORMATION ABOUT THE EMPLOYEES AND THEIR FAMILIES, E-MAILS BETWEEN EMPLOYEES, INFORMATION ABOUT EXECUTIVE SALARIES, COPIES OF (PREVIOUSLY) UNRELEASED SONY FILMS, AND OTHER INFORMATION • HACKERS CALLING THEMSELVES GUARDIANS OF PEACE (GOP) DEMAND CANCELLATION OF PLANNED RELEASE OF THE INTERVIEW, A COMEDY FILM ABOUT A PLOT TO ASSASSINATE NORTH KOREAN LEADER KIM JONG-UN • US BLAME NORTH KOREA FOR THE HACKING. NORTH KOREANS DENY COMPLICITY. SOME CYBERSECURITY EXPERTS CAST DOUBT ON THE EVIDENCE, ALTERNATIVELY BLAMING CURRENT OR FORMER SONY OFFICIALS FOR THE BREACH
US CYBER ATTACKS AGAINST NORTH KOREA
STUXNET ATTACK • STUXNET, A COMPUTER WORM WAS DISCOVERED IN JUNE 2010 • IT IS DESIGNED TO ATTACK INDUSTRIAL PROGRAMMABLE LOGIC CONTROLLERS (PLCs) • PLCs ALLOW THE AUTOMATION OF ELECTROMECHANICAL PROCESSES SUCH AS THOSE USED TO CONTROL MACHINERY ON FACTORY ASSEMBLY LINES, AMUSEMENT RIDES, OR CENTRIFUGES FOR SEPARATING NUCLEAR MATERIAL • EXPLOITING FOUR ZERO-DAY FLAWS, STUXNET FUNCTIONS BY TARGETING MACHINES USING THE MICROSOFT WINDOWS OPERATING SYSTEM AND NETWORKS, THEN SEEKING OUT SIEMENS STEP7 SOFTWARE • STUXNET IS TYPICALLY INTRODUCED TO THE TARGET ENVIRONMENT VIA AN INFECTED USB FLASH DRIVE • STUXNET COMPROMISED IRANIAN PLCs, COLLECTING INFORMATION ON INDUSTRIAL SYSTEMS AND CAUSING THE FAST- SPINNING CENTRIFUGES TO TEAR THEMSELVES APART, DESTROYING ALMOST ONE-FIFTH OF IRAN'S NUCLEAR CENTRIFUGES
SPOOFING OF AMERICAN DRONE OVERFLYING IRAN • ON 4 DECEMBER 2011 AN AMERICAN RQ170 SENTINEL UAV WAS SPOOFED AND FORCED TO LAND IN EASTERN IRAN • AIRCRAFT WAS DETECTED IN IRANIAN AIRSPACE 225 KILOMETERS (140 MI) FROM THE BORDER WITH AFGHANISTAN • ON 9 DECEMBER 2011, IRAN LODGED A FORMAL COMPLAINT TO THE UN SECURITY COUNCIL OVER THE UAV VIOLATING ITS AIRSPACE • ON 12 DECEMBER 2011, US ADMINISTRATION ASKED IRAN TO RETURN THEIR DRONE. IRANIANS REFUSED.
WHAT IS SPOOFING? • SPOOFING IS THE CREATION OF TCP/IP PACKETS USING SOMEBODY ELSE'S IP ADDRESS • ROUTERS USE THE DESTINATION IP ADDRESS IN ORDER TO FORWARD PACKETS THROUGH THE INTERNET, BUT IGNORE THE SOURCE IP ADDRESS • THAT ADDRESS IS ONLY USED BY THE DESTINATION MACHINE WHEN IT RESPONDS BACK TO THE SOURCE
DATA BREACH – US OFFICE OF THE PERSONNEL MANAGEMENT (OPM) • DATA BREACH STARTING MARCH 2014, AND POSSIBLY EARLIER, NOTICED BY THE OPM IN APRIL 2015 • IN JUNE 2015, OPM ANNOUNCED THAT IT HAD BEEN THE TARGET OF A DATA BREACH EFFECTING THE RECORDS OF AS MANY AS FOUR MILLION PEOPLE. LATER, FBI PUT THE NUMBER AT 18 MILLION. • INFORMATION TARGETED IN THE BREACH INCLUDED PERSONAL INFORMATION SUCH AS SOCIAL SECURITY NUMBERS, AS WELL AS NAMES, DATES AND PLACES OF BIRTH, AND ADDRESSES. • THE HACK ALSO INVOLVED THEFT OF DETAILED BACKGROUND SECURITY- CLEARANCE-RELATED BACKGROUND INFORMATION OF PEOPLE DEPLOYED ON SENSITIVE MISSIONS • ON JULY 9, 2015, THE ESTIMATE OF THE NUMBER OF STOLEN RECORDS INCREASED TO 21.5 MILLION. THIS INCLUDED RECORDS OF PEOPLE WHO HAD UNDERGONE BACKGROUND CHECKS, BUT WHO WERE NOT NECESSARILY CURRENT OR FORMER GOVERNMENT EMPLOYEES. • SOON AFTER, KATHERINE ARCHULETA, THE DIRECTOR OF OPM, AND FORMER NATIONAL POLITICAL DIRECTOR FOR BARACK OBAMA'S 2012 REELECTION CAMPAIGN, RESIGNED
CYBER WARGAME SCENARIO IN A CYBER WARGAME CONDUCTED IN THE US IN JULY 2015 • THE SCENARIO IN THE WAR GAME BEGAN WITH A MAJOR EARTHQUAKE HITTING SOUTHERN CALIFORNIA • FOLLOWED BY A SERIES OF COORDINATED CYBERATTACKS, INCLUDING OIL AND GAS PIPELINE DISRUPTION • INTERFERENCE AT A MAJOR COMMERCIAL PORT IN THE U.K. • ATTACKS ON PENTAGON NETWORKS • A FREEZE ON ACCESS TO CASH AT BANKS AND LONG LINES FOR FOOD AT STORES.
CYBER ATTACKS BY NON STATE ACTORS
CYBER CBMs • CYBER SECURITY IS A NON-CONTERVERSIAL AREA BUT HAS THE POTENTIAL OF CONFLICT • THERE IS NO CYBER SECURITY COOPERATION IN SOUTH ASIA • ISSUE NEEDS TO BE PUT ON THE AGENDA OF THE NEXT SAARC SUMMIT

More Related Content

PDF
cyber security and impact on national security (3)
byTughral Yamin
 
PPTX
Unit-4 National Cyber Security Policy ,2013.pptx
byhimanshukumarviplava2
 
PDF
NOTES FOR CYBER SECURITY INITIATIVES BY THE INDIAN GOVERNMENT
byBobby Murugesan
 
PDF
CybersecurityTFReport2016 PRINT
byAimee Shuck
 
PPTX
National cyber security policy final
byIndian Air Force
 
PPT
TALK Public Policy 2022
byDawn Yankeelov
 
PPT
cybersecurity_policy.ppt Criminal Law: Recent Developments
byMANISHKUMAR777120
 
PDF
Comprehensive U.S. Cyber Framework Final Report
byLandon Harrell
 
cyber security and impact on national security (3)
byTughral Yamin
 
Unit-4 National Cyber Security Policy ,2013.pptx
byhimanshukumarviplava2
 
NOTES FOR CYBER SECURITY INITIATIVES BY THE INDIAN GOVERNMENT
byBobby Murugesan
 
CybersecurityTFReport2016 PRINT
byAimee Shuck
 
National cyber security policy final
byIndian Air Force
 
TALK Public Policy 2022
byDawn Yankeelov
 
cybersecurity_policy.ppt Criminal Law: Recent Developments
byMANISHKUMAR777120
 
Comprehensive U.S. Cyber Framework Final Report
byLandon Harrell
 

Similar to 6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt

PPTX
2016 - Cyber Security for the Public Sector
byScott Geye
 
PPTX
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
byWCIT 2014
 
PDF
Securing Cyber Space- Eljay Robertson
byEljay Robertson
 
PPTX
CYBERSECURITY LEGISLATION
by3.com
 
DOCX
Vision By 2023, the Departme.docx
byjessiehampson
 
PPTX
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
byBrian K. Dickard
 
PDF
American Bar Association guidelines on Cyber Security standards
byDavid Sweigert
 
PDF
Asymmetric threat 5_paper
byMarioEliseo3
 
PDF
2015 Cyber Security Strategy
byMohit Kumar
 
PDF
The Growing Need for Cyber Security in India
byyams12611
 
PPTX
What Should We Do about Cyber Attacks?
byMercatus Center
 
PPTX
CST 20363 Session 6 Cybersecurity Policy
byoudesign
 
PDF
U.S. Approach to Cybersecurity Governance
byGwanhoo Lee
 
PPTX
Cyber Security: Threats and Needed Actions
byJohn Gilligan
 
PDF
Ii congresso de crimes eletrônicos e formas de proteção – 27 09-2010 – aprese...
byFecomercioSP
 
PDF
Cyber Security India & Cyber Crime
byDeepak Kumar (D3)
 
PPTX
Cyber Crime and Security (Ways to protect yourself on the internet)
byAshishPanda24
 
PDF
Overview of National Cybersecurity Strategy 2023.pdf
byNiloufer Tamboly
 
PDF
India is Cyber Vulnerable
byThe eCore Group
 
PPTX
Introduction to Cybersecurity and Ethical Hacking.pptx
byraamtheinternet
 
2016 - Cyber Security for the Public Sector
byScott Geye
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
byWCIT 2014
 
Securing Cyber Space- Eljay Robertson
byEljay Robertson
 
CYBERSECURITY LEGISLATION
by3.com
 
Vision By 2023, the Departme.docx
byjessiehampson
 
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
byBrian K. Dickard
 
American Bar Association guidelines on Cyber Security standards
byDavid Sweigert
 
Asymmetric threat 5_paper
byMarioEliseo3
 
2015 Cyber Security Strategy
byMohit Kumar
 
The Growing Need for Cyber Security in India
byyams12611
 
What Should We Do about Cyber Attacks?
byMercatus Center
 
CST 20363 Session 6 Cybersecurity Policy
byoudesign
 
U.S. Approach to Cybersecurity Governance
byGwanhoo Lee
 
Cyber Security: Threats and Needed Actions
byJohn Gilligan
 
Ii congresso de crimes eletrônicos e formas de proteção – 27 09-2010 – aprese...
byFecomercioSP
 
Cyber Security India & Cyber Crime
byDeepak Kumar (D3)
 
Cyber Crime and Security (Ways to protect yourself on the internet)
byAshishPanda24
 
Overview of National Cybersecurity Strategy 2023.pdf
byNiloufer Tamboly
 
India is Cyber Vulnerable
byThe eCore Group
 
Introduction to Cybersecurity and Ethical Hacking.pptx
byraamtheinternet
 

Recently uploaded

PPTX
PRE-MARRIAGE ORIENTATION Updated.pptx sadw
byfrancisbedua
 
PDF
15th anniversary of the Lancaster House Treaties
byInstitut de recherche sur la Résolution Non-violente des Conflits
 
PPTX
The Work and Financial Plan (WFP): Mastering Accomplishment Reporting
byCashmir Pangandaman
 
PDF
Canadian Immigration Tracker - Third Quarter 2025
byAndrew Griffith
 
DOCX
Exploring the Tribes of Madhya Pradesh_ A Journey Into Indigenous Heritage.docx
byadivasivikasparishad
 
PDF
EFOW Briefing: G20 Leaders Summit- Key Outcomes 2025
byEnergy for One World
 
PPTX
E Waste Management Rules,2022 in India.pptx
byaeunit3swm
 
PPTX
德国硕士毕业证美茵茨大学成绩单学位证书JGU学费发票制作本科文凭真实学历认证
by文凭定制西安大略大学学历认证【Q微号:1954 292 140】UWO毕业证成绩单
 
PDF
YCAC_2022_SCIENCE_TECHNOLOGY detail for use by professionals and students bot...
byGUDAGUDA
 
PPTX
AFP ORGANIZATION CHART AND CHAIN OF COMMAND IN MILITARY.pptx
byEmilVinceCumilang
 
PDF
Making of the Constitution of India- Exhibition (English).pdf
bybondsec7
 
PDF
The Education Act of jamaica an act taht explain the whole educational manage...
bysherlynramos2
 
PDF
A Guide to Gift-Giving in Nonprofits by Nikolas Velikopoljski
byNikolas Velikopoljski
 
PDF
EFOW Briefing : Key Outcomes COP30 Belem
byEnergy for One World
 
PPTX
3rd-DFIMMEA-and-UPSKILLING-OF-SHADAS-AND-AO-II-ACCOUNTING-MATTERS.pptx
byAvaglez
 
PPTX
Natural History Museum – Wildlife Photographer Of The Year Marcom Plan
bykarisbrayoh
 
PDF
How DIVA Saves Donyell Holland’s Life.pdf
byAnnaDomino2
 
PPTX
California Lutheran University Diploma
by澳洲詹姆斯库克大学学位证书快速办理【Q微号:1954 292 140】JCU毕业证成绩单
 
PPTX
PresentationEYFpostReform-EN - V28nov2025.pptx
byEuropeanYouthFoundation
 
PRE-MARRIAGE ORIENTATION Updated.pptx sadw
byfrancisbedua
 
15th anniversary of the Lancaster House Treaties
byInstitut de recherche sur la Résolution Non-violente des Conflits
 
The Work and Financial Plan (WFP): Mastering Accomplishment Reporting
byCashmir Pangandaman
 
Canadian Immigration Tracker - Third Quarter 2025
byAndrew Griffith
 
Exploring the Tribes of Madhya Pradesh_ A Journey Into Indigenous Heritage.docx
byadivasivikasparishad
 
EFOW Briefing: G20 Leaders Summit- Key Outcomes 2025
byEnergy for One World
 
E Waste Management Rules,2022 in India.pptx
byaeunit3swm
 
德国硕士毕业证美茵茨大学成绩单学位证书JGU学费发票制作本科文凭真实学历认证
by文凭定制西安大略大学学历认证【Q微号:1954 292 140】UWO毕业证成绩单
 
YCAC_2022_SCIENCE_TECHNOLOGY detail for use by professionals and students bot...
byGUDAGUDA
 
AFP ORGANIZATION CHART AND CHAIN OF COMMAND IN MILITARY.pptx
byEmilVinceCumilang
 
Making of the Constitution of India- Exhibition (English).pdf
bybondsec7
 
The Education Act of jamaica an act taht explain the whole educational manage...
bysherlynramos2
 
A Guide to Gift-Giving in Nonprofits by Nikolas Velikopoljski
byNikolas Velikopoljski
 
EFOW Briefing : Key Outcomes COP30 Belem
byEnergy for One World
 
3rd-DFIMMEA-and-UPSKILLING-OF-SHADAS-AND-AO-II-ACCOUNTING-MATTERS.pptx
byAvaglez
 
Natural History Museum – Wildlife Photographer Of The Year Marcom Plan
bykarisbrayoh
 
How DIVA Saves Donyell Holland’s Life.pdf
byAnnaDomino2
 
California Lutheran University Diploma
by澳洲詹姆斯库克大学学位证书快速办理【Q微号:1954 292 140】JCU毕业证成绩单
 
PresentationEYFpostReform-EN - V28nov2025.pptx
byEuropeanYouthFoundation
 

6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt

  • 1.
    CYBER WARFARE &NATIONAL SECURITY: IMPLICATIONS AND CHALLENGES DR TUGHRAL YAMIN ASSOCIATE DEAN CIPS, NUST
  • 2.
    AIM TO HIGHLIGHT THESTRUCTURAL & POLICY SHORTCOMINGS WITH REGARDS TO CYBER SECURITY IN THE OVERALL FRAMEWORK OF PAKISTAN’S NATIONAL SECURITY
  • 3.
    NATIONAL SECURITY CONCEPT • NATIONALSECURITY CALLS UPON A GOVERNMENT, ALONG WITH ITS PARLIAMENT TO PROTECT THE STATE AND ITS CITIZENS AGAINST ALL KIND OF THREATS THROUGH A VARIETY OF POWER PROJECTION MEANS, SUCH AS – POLITICAL POWER – DIPLOMATIC INFLUENCE – ECONOMIC CAPACITY – MILITARY MIGHT • MANY COUNTRIES INCLUDING PAKISTAN ARROGATE THE RESPONSIBILITY OF COORDINATING NATIONAL SECURITY MATTERS TO THE NATIONAL SECURITY COUNCIL (NSC) SLICES OF NATIONAL SECURITY TERRITORIAL POLITICAL ECONOMIC ENERGY & NATURAL RESOURCES HOMELAND HUMAN ENVIRONMENTAL CYBER FOOD
  • 4.
    ESSENTIAL ELEMENTS OFA COMPREHENSIVE SECURITY FRAMEWORK • STRONG LEADERSHIP TO PROVIDE – VISION – ACROSS THE BOARD COORDINATION • CLEAR CUT POLICY & STRATEGY WITH PRECISE MISSION STATEMENT • ADEQUATE FUNDS & HUMAN/MATERIAL RESOURCES • UNAMBIGIOUS SET OF LAWS & LAW ENFORCEMENT CAPACITY LEADERSHIP RESOURCES POLICY & STRATEGY LAWS
  • 5.
    CYBER SECURITY REFERS TOPROTECTION OF OFFICIAL AND PERSONAL COMPUTER AND DATA PROCESSING INFRASTRUCTURE AND OPERATING SYSTEMS (OS) FROM HARMFUL INTERFERENCE, FROM OUTSIDE OR INSIDE THE COUNTRY INVOLVES NOT ONLY NATIONAL DEFENSE & HOMELAND SECURITY BUT ALSO LAW ENFORCEMENT
  • 6.
    CYBER WARFARE &CYBER ATTACKS DEFINITION AN INTERNET-BASED CONFLICT INVOLVING ATTACKS ON THE ADVERSAY’S INFORMATION & INFORMATION SYSTEMS PURPOSE OF CYBER ATTACKS DEFACE WEBSITES DISABLE NETWORKS DIRUPT/ DISABLE ESSENTIAL SERVICES CRIPPLE FINANCIAL SYSTEMS STEAL OR ALTER DATA
  • 7.
    MANIFESTATION OF CYBERATTACK • SECURITY BREACHES • ECONOMIC LOSSES • PSYCHOLOG ICAL TRAUMA • PHYSICAL DAMAGE DISRUPTION OF COMPUTER SYSTEMS – LONG DOWN TIME FEAR & PANIC FLIGHT KNEEJERK REACTION SMALLSCALE ID THEFTS MASSIVE DATA BREACHES FRAUD LARGESCALE MONETARY THEFT
  • 8.
    HOW CAN CYBERATTACKS HURT NATIONAL SECURITY? CYBER ATTACKS CAN: • PARALYSE THE GOVERNMENT’S DECISION MAKING SYSTEMS • CRIPPLE A NATION’S CRITICAL INFRASTRUCTURE • CAUSE MASSIVE PANIC & TRIGGER INADVERTENT WARS PARALYSIS COLLAPSE PANIC
  • 9.
    TYPES OF CYBERATTACKS • VIRUSES • WORMS • TROJAN HORSES • MISLEADING INFORMATION TO DISTRACT OR COVER OWN TRACKS SYNTACTIC ATTACKS SEMANTIC ATTACKS
  • 10.
    CYBER TARGETS • PERSONALCOMPUTERS • COMPUTER NETWORKS MANAGING THE INFORMATION SYSTEMS OF ORGANIZATIONS, BUSINESSES, FINANCIAL INSTITUTIONS ETC • CRITICAL INFRASTRUCTURE (VITAL ASSETS OF A NATION – VIRTUALLY/PHYSICALLY) CONTROLLED BY SUPERVISORY CONTROL & DATA ACQUISITION (SCADA) CRITICAL INFRASTRUCTURE COMPUTER NETWORKS PERSONAL COMPUTERS
  • 11.
    HOW DOES ATYPICAL CYBER ATTACK TAKES PLACE? MALICIOUS ACTS ORIGINATING FROM AN ANONYMOUS SOURCES HACKING INTO A SUSCEPTIBLE SYSTEM TO EITHER • STEAL • ALTER OR • DESTROY A SPECIFIED TARGET
  • 13.
    WHO CAN LAUNCHCYBER ATTACKS? • STATE ACTORS • NON STATE ACTORS • CRIMINALS • HACKTIVISTS • FREELANCERS • KID IN THE BASEMENT • INSIDERS
  • 14.
    PROBLEMS WITH CYBERRESPONSES NO RULES OF ENGAGEMENT PROBLEM IN DETERMINING A PROPORTIONATE RESPONSE DIFFICULTY IN ATTRIBUTION
  • 15.
    BROAD SPECTRUM OFCYBER ATTACKS
  • 16.
    US CYBER SECURITYAGENCIES • OFFICE OF THE CYBER SECURITY COORDINATOR • DEPARTMENT OF HOMELAND SECURITY (DHS) • NATIONAL SECURITY AGENCY (NSA) • CYBER COMMAND (CYBERCOM)
  • 17.
  • 18.
  • 21.
    LEVEL AUSTRALIA UK STRATCYBER SECURITY POLICY & COORD COMMITTEE (LEAD AGENCY: THE ATTORNEY GENERAL’S DEPARTMENT) FUNCTION: INTERDEPARTMENTAL COMMITTEE THAT COORDS DEVELOPMENT OF CYBER SECURITY POLICY FOR THE GOVT OFFICE OF THE CYBER SECURITY (OCS) FUNCTION: PROVIDES STRAT LEADERSHIP & COHERENCE ACROSS ALL DEPTS OF THE GOVT TAC CYBER SECURITY OPERATIONS CENTRE (UNDER DEFENCE SIGNALS DIRECTORATE) FUNCTION: PROVIDES GOVET WITH ALL SOURCE CYBER SITREP CYBER SECURITY OPS CENTRE (CSOC) FUNCTION: ACTIVELY MONITORS THE HEALTH OF CYBERSPACE & COORDS INCIDENCE RESPONSE OP CERT AUSTRALIA GOVCERTUK
  • 22.
    PM OFFICE/ CABINET SECY(PMO/ CAB SEC) MINISTRY OF HOME AFFAIRS (MHA) MINISTRY OF EXTERNAL AFFAIRS (MEA) MINISTRY OF DEFENCE (MOD) MINISTRY OF COMMON INFO TECHNOLOGY (MCIT) NON GOVT ORGANISATION (NGO) NATIONAL SECURITY COUNCIL (NSC) NATIONAL CYBER COORD CENTRE (NCCC) AMBASSADORS & MINISTERS TRI SERVICE CYBER COMMAND DEPARTMENT OF INFORMATION TECHNOLOGY (DIT) CYBER SECURITY AND ANTI HACKING ORGANISATION (CSAHO) National Technical Research Org (NTRO) Directorate of Forensic Science (DFS) Defence Attaches Army (MI) Department of Telecom (DoT) Cyber Society of India (CySI) National Critical Info Infrastructure Protection Centre(NCIIPC) National Disaster Mgt Authority (NDMA) Joint Secretary (IT) Navy (NI) Indian Computer Emergency Response Team CERT-IN Centre of Excellence for Cyber Security Research & Development In India (CECSRDI) Joint Intelligence Group (JIG) Central Forensic Science Lab (CFSLs) Air Force (AFI) Education Research Network (ERNET) Cyber Security of India(CSI) National Crisis Management Committee (NCMC) Intelligence Bureau (IB) Def Info Assurance & Research Agency (DIARA) Informatics Center (NIC) National Cyber Security of India (NCS) Research & Analysis Wing (RAW) Defence Intelligence Agency (DIA) Centre for Development of Advanced Computing C-DAC Cyber Attacks Crisis Management Plan of India (CACMP) Multi Agency Center (MAC) Defence Research Dev Authority (DRDO) Standardisation, Testing and Quality Certification (STQC) National Information Board (NIB) CYBER SECURITY HIERARCHY IN INDIA
  • 23.
    U S F O C U S O N IT SE C U RI TY COMPUTERS/ICT FORM THEFOUNDATION OF US ECONOMY AND DRIVE THE TECHNOLOGICAL CHANGE THAT ALLOWS SMALL AND MEDIUM-SIZED BUSINESSES TO COMPETE IN THE GLOBAL MARKETPLACE ECONOMIC GROWTH IS THREATENED BY A CORRESPONDING GROWTH IN CYBER THREATS INCREASING DATA BREACHES, THEFT OF INTELLECTUAL PROPERTY THROUGH CYBER MEANS, AND CYBER ATTACKS ARE RESULTING IN REAL COSTS AND CONSEQUENCES FOR THE AMERICAN ECONOMY US GOVERNMENT IS TAKING ACTIONS TO BETTER PREPARE ITSELF, ITS ECONOMY, AND THE NATION AS A WHOLE TO DEFEND AGAINST GROWING CYBER THREATS CYBER THREATS POSE ONE OF THE GRAVEST NATIONAL SECURITY DANGERS TO THE US
  • 24.
    US BUDGETARY STRATEGYFOR CYBERSECURITY SEVERAL BUDGETARY, PROGRAMMATIC & LEGISLATIVE STRATEGIES TO IMPROVE THE CYBERSECURITY INFRASTRUCTURE AND COMBAT GROWING CYBER THREAT DOMESTICALLY AND GLOBALLY UPDATED CYBERSECURITY LEGISLATIVE PROPOSAL THAT WILL PROVIDE THE FEDERAL GOVERNMENT AND PRIVATE SECTOR THE NECESSARY TOOLS TO IMPROVE NATIONAL CYBERSECURITY IN FY 2016, THE PRESIDENT'S BUDGET PROPOSES $14 BILLION IN CYBERSECURITY FUNDING FOR CRITICAL INITIATIVES AND RESEARCH
  • 25.
    US STRATEGIC INVESTMENTSIN CYBER SECURITY DHS TO LEAD IMPLEMENTATION OF THE CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) NATIONAL CYBERSECURITY PROTECTION SYSTEM BETTER KNOWN AS EINSTEIN OSS-AGENCY PRIORITY GOAL AND IMPLEMENT POSTWIKILEAKS SECURITY IMPROVEMENTS ON CLASSIFIED NETWORKS, PURSUANT TO E.O. 13587 $582 MILLION
  • 26.
    US PRESIDENT’S BUDGETFY 2016 OUTREACH TO PRIVATE SECTOR SHAPING THE FUTURE CYBER ENVIRONMENT NATIONAL SECURITY AND CYBER THREATS $149 MILLION $243 MILLION $514 MILLION
  • 27.
    CYBERCOM XXXX TO BE BROUGHT TO FULL STRENGTH USDEPARTMENT OF DEFENSE BUDGET FEDERAL CIVILIAN CYBER CAMPUS $227 MILLION TO FUND THE 1ST PHASE OF CONSTRUC TION CYBER INTELLIGENCE INTEGRATION, ANALYSIS & PLANNING WITHIN THE FEDERAL GOVERNMENT $35 MILLION
  • 28.
    2015 US CYBERSECURITYLEGISLATIVE PROPOSAL THREE CENTRAL ELEMENTS AIM AT ENSURING NATIONAL SECURITY, WHILE ALSO PROTECTING THE PERSONAL DATA AND PRIVACY OF CITIZENS BY: •FACILITATING GREATER VOLUNTARY SHARING OF CYBER THREAT INFORMATION BETWEEN THE GOVERNMENT AND PRIVATE SECTOR •INCENTIVIZING FURTHER DEVELOPMENT OF INFORMATION SHARING AND ANALYSIS ORGANIZATIONS TO IMPROVE THE VOLUNTARY SHARING OF CYBER THREAT INFORMATION WITHIN THE PRIVATE SECTOR AND BETWEEN THE PRIVATE SECTOR AND THE GOVERNMENT. PROTECTS THE PRIVACY OF AMERICANS BY REQUIRING PRIVATE ENTITIES THAT SHARE VOLUNTARILY UNDER THE PROPOSAL'S AUTHORITY, TO COMPLY WITH CERTAIN PRIVACY RESTRICTIONS, SUCH AS REMOVING UNNECESSARY PERSONAL INFORMATION IN ORDER TO QUALIFY FOR LIABILITY PROTECTION ESTABLISH DATA BREACH STANDARDS •ESTABLISHING A SINGLE FEDERAL STANDARD FOR NOTIFYING INDIVIDUALS IN A TIMELY, CONSISTENT WAY WHEN PRIVATE SECTOR DATA BREACHES OCCUR; THIS HELPS BUSINESSES AND CONSUMERS BY SIMPLIFYING AND STANDARDIZING THE EXISTING PATCHWORK OF 47 STATE LAWS THAT CONTAIN DATA BREACH REPORT REQUIREMENTS INTO ONE FEDERAL STATUTE. THIS IS PART OF OUR COMMITMENT TO BALANCE SECURITY AND PRIVACY, ENSURING CITIZENS RECEIVE TIMELY INFORMATION ON THEIR DATA IN THE EVENT OF A BREACH. THIS WILL: – PROVIDE A SINGLE THRESHOLD FOR NOTIFICATION – ESTABLISH DEADLINES FOR NOTIFICATION OF CYBER INCIDENTS
  • 29.
    US POLICY TOMODERNIZE LAW ENFORCEMENT AUTHORITIES ENSURE LAW ENFORCEMENT HAS THE TOOLS TO INVESTIGATE, DISRUPT & PROSECUTE CYBERCRIME  ALLOW PROSECUTION FOR THE SALE OF BOTNETS ENABLE LAW ENFORCEMENT TO PROSECUTE THE OVERSEAS SALE OF STOLEN FINANCIAL INFORMATION LIKE CREDIT CARD AND BANK ACCOUNT NUMBERS EXPANDS FEDERAL LAW ENFORCEMENT AUTHORITY TO DETER THE SALE OF SPYWARE USED TO STALK OR COMMIT ID THEFT COURTS TO BE GIVEN THE AUTHORITY TO SHUT DOWN BOTNETS ENGAGED IN DISTRIBUTED DENIAL OF SERVICE ATTACKS AND OTHER CRIMINAL ACTIVITY
  • 30.
  • 31.
    INDIA’S CYBER-SECURITY BUDGET ‘WOEFULLYINADEQUATE’: EXPERTS • INDIA'S CYBER-SECURITY BUDGET WAS MORE THAN DOUBLED LAST YEAR. YET, IT IS “WOEFULLY INADEQUATE” IN THE WAKE OF REVELATIONS MADE BY US NATIONAL SECURITY AGENCY CONTRACTOR EDWARD SNOWDEN AND INCREASING CYBER-ATTACKS ON GOVERNMENT INFRASTRUCTURE, ACCORDING TO EXPERTS. • IN 2014-15, THE DEPARTMENT OF IT HAS SET ASIDE RS 116 CRORE FOR CYBER SECURITY. THE COUNTRY HAS PROPOSED TO SET UP A NATIONAL CYBER COORDINATION CENTRE (NCCC) WITH A SEPARATE BUDGET OF RS 1,000 CRORE. THE COORDINATION CENTRE IS STILL AWAITING CABINET CLEARANCE. “ALLOCATION IS WOEFULLY INADEQUATE GIVEN SNOWDEN'S REVELATIONS - WE NEED AT LEAST 10 TIMES THAT AMOUNT,” SAID SUNIL ABRAHAM, EXECUTIVE DIRECTOR AT CENTER FOR INTERNET AND SOCIETY. THE ECONOMIC TIMES 28 JANUARY 2015
  • 32.
    CYBER SECURITY ARCHITECTURE & COORDMECHANISM CYBER SECURITY POLICY CYBER LAW CYBER EMERGENCY RESPONSE SLOW PROGRESS LITTLE OR NO PROGRESS SURROUNDED BY CONTROVERSY LITTLE PROGRESS CYBER FUNDS ????????? W HI T H ER CY BE R SE C U RI TY IN P A KI ST A N ?
  • 33.
    WHO IS RESPONSIBLE FORCYBER SECURITY IN PAKISTAN? NO DESIGNATED LEAD AGENCY MULTIPLE STAKEHOLDERS GOVERNMENT INDUSTRY ACADEMIA CIVIL SOCIETY PUBLIC
  • 34.
    CYBERSECURITY STAKEHOLDERS GOVERNMENT • CABINETCOMMITTEE ON NATIONAL SECURITY • NATIONAL SECURITY COUNCIL (NSA: LTG N.K. JANJUA) • SENATE COMMITTEE ON DEFENCE (CHAIR: SEN. M.H. SAYED) • SENATE COMMITTEE ON TECH & IT (CHAIR: SEN. SHAHI SAYED) • NA STANDING COMMITTEE ON TECH & IT (CHAIR: CAPT SAFDAR) • MINISTRY OF DEFENCE • MINISTRY OF INTERIOR • MINISTRY OF FOREIGN AFFAIRS • MINISTRY OF IT • JS HQ • INTELLIGENCE AGENCIES PUBLIC • PAKISTAN SOFTWARE HOUSES ASSOCIATION (PASHA) • INTERNET SERVICE PROVIDERS ASSOCIATION OF PAKISTAN (ISPAK) • PAKISTAN INFORMATION SECURITY ASSOCIATION (PISA) • E COMMERCE ENTREPRENEURS • DIGITAL RIGHTS ACTIVISTS (BOLO BHI) • SOCIAL MEDIA ACTIVISTS • ORDINARY CITIZENS
  • 35.
    SENATE COMMITTEE FOR DEFENCEACTION PLAN FOR CYBER SECURE PAKISTAN (JULY 2013) • POINT 1. RELEVANT LEGISLATION TO PRESERVE, PROTECT AND PROMOTE PAKISTAN’S CYBER SECURITY • POINT 2. CYBER SECURITY THREAT TO BE ACCEPTED AND RECOGNIZED AS NEW, EMERGING NATIONAL SECURITY THREAT BY THE GOVERNMENT OF PAKISTAN, SIMILAR TO THREATS LIKE TERRORISM AND MILITARY AGGRESSION • POINT 3. ESTABLISH A NATIONAL COMPUTER EMERGENCY RESPONSE TEAM (PKCERT). • POINT 4. ESTABLISH A CYBER-SECURITY TASK FORCE WITH AFFILIATION WITH MINISTRY OF DEFENCE, MINISTRY OF IT, MINISTRY OF INTERIOR, MINISTRY OF FOREIGN AFFAIRS, MINISTRY OF INFORMATION AND OUR SECURITY ORGANIZATIONS PLUS RELEVANT AND LEADING PROFESSIONALS FROM THE PRIVATE SECURITY SO THAT PAKISTAN CAN TAKE STEPS TO COMBAT THIS NEW EMERGING THREAT AND FORMULATE CYBER SECURITY STRATEGY FOR PAKISTAN. • POINT 5. UNDER THE OFFICE OF THE CHAIRMAN JOINT CHIEFS OF STAFF COMMITTEE, AN INTER- SERVICES CYBER COMMAND SHOULD BE ESTABLISHED TO COORDINATE CYBER SECURITY AND CYBER DEFENCE FOR THE PAKISTAN ARMED FORCES. • POINT 6. WITHIN THE FRAMEWORK OF SAARC, PAKISTAN SHOULD TAKE THE INITIATIVE TO INITIATE TALKS AMONG THE 8-MEMBER STATES PARTICULARLY INDIA TO ESTABLISH ACCEPTABLE NORMS OF BEHAVIOR IN CYBER SECURITY AMONG THE SAARC COUNTRIES SO THAT THESE COUNTRIES ARE NOT ENGAGED IN CYBER WARFARE AGAINST EACH OTHER. • POINT 7. SPECIAL MEDIA WORKSHOPS ON CYBER SECURITY AWARENESS
  • 36.
    NATIONAL CYBER SECURITYCOUNCIL BILL (INTRODUCED 14.04.2014) • WITHIN SIXTY DAYS OF THE ENACTMENT OF THIS ACT, THE SENATE STANDING COMMITTEE ON DEFENCE SHALL CONSTITUTE THE NATIONAL CYBER SECURITY COUNCIL • NO ACT OF THE COUNCIL SHALL BE INVALID BY REASON ONLY OF THE EXISTENCE OF ANY VACANCY AMONG ITS MEMBERS OR ANY DEFECT IN ITS CONSTITUTION DISCOVERED AFTER SUCH ACT OR PROCEEDING OF THE COUNCIL: PROVIDED THAT AS SOON AS SUCH DEFECT HAS BEEN DISCOVERED, THE MEMBER SHALL NOT EXERCISE THE FUNCTIONS OR POWERS OF HIS MEMBERSHIP UNTIL THE DEFECT HAS BEEN RECTIFIED • THE COUNCIL SHALL MEET AT LEAST ONCE IN EACH QUARTER OF A YEAR • THE COUNCIL MAY FROM TIME TO TIME DELEGATE ONE OR MORE OF ITS FUNCTIONS AND POWERS TO ONE OR MORE OF ITS MEMBERS, HOWEVER, UNDER NO CIRCUMSTANCE SHALL BE FURTHER DELEGATED. • DECISIONS OF THE COUNCIL SHALL BE TAKEN BY A MAJORITY OF THE MEMBERS. • SAVE AS PROVIDED HEREIN, THE TERMS AND CONDITIONS OF SERVICE OF THE MEMBERS OF THE COUNCIL SHALL BE SUCH AS MAY BE PRESCRIBED. • CHAIR. CHAIRMAN SENATE STANDING COMMITTEE ON DEFENCE • MEMBERS – FEDERAL GOVT (21) – PRIVATE SECTOR (9)
  • 37.
    MANDATE OF THENATIONAL CYBER SECURITY COUNCIL • DEVELOP POLICY, RENDER ADVICE, CONDUCT RESEARCH AND ESTABLISH START UP INITIATIVES • ESTABLISH A NATIONAL CYBER SECURITY STRATEGY WHICH MAY BE UPDATED FROM TIME TO TIME, AS AND WHEN DEEMED APPROPRIATE, BUT NOT LATER THAN EVERY THREE YEARS • ESTABLISH AN INTERNATIONAL CYBER SECURITY STRATEGY WHICH MAY BE UPDATED FROM TIME TO TIME, AS AND WHEN DEEMED APPROPRIATE BUT NOT LATER THAN EVERY THREE YEARS • UNDERTAKE INITIATIVES AS PROVIDED FOR UNDER SECTION 6; • DEVELOP AND DRAFT POLICY, GUIDELINES AND GOVERNANCE MODELS RELATED TO EVER EMERGING CYBER SECURITY THREATS; • ADVISE AND MAKE RECOMMENDATIONS TO THE SENATE AND THE NATIONAL ASSEMBLY, JUDICIARY AND ALL MINISTRIES, DEPARTMENTS AND BRANCHES OF GOVERNMENT ON POLICY AND LEGISLATION WITH RESPECT TO CYBER SECURITY; • MONITOR LEGISLATION AND PROVIDE ADVICE AND RECOMMENDATIONS WITH THE OBJECTIVE OF ENSURING THAT LEGISLATION REFLECTS INTERNATIONAL BEST PRACTICES WITH RESPECT TO CYBER SECURITY; • ADVISE AND MAKE RECOMMENDATIONS TO GOVERNMENT DEPARTMENTS ON MECHANISMS TO IMPLEMENT POLICIES RELATED TO CYBER SECURITY AND MONITOR AND HAVE PERFORMANCE AUDIT CONDUCTED THEREOF; • MAKE RECOMMENDATIONS TO THE GOVERNMENT FOR ADOPTION EITHER THROUGH POLICIES AND REGULATORY MEANS OF STANDARDIZATION, HARMONIZATION AND ACCREDITATION WITH REGARDS TO CRITICAL INFORMATION INFRASTRUCTURE; • COORDINATE AND CONSULT WITH ALL REPRESENTATIVE STATE AND NON-STATE ACTORS ON IMPLEMENTATION OF POLICIES, INITIATIVES AND LEGISLATION ON CYBER SECURITY; • FACILITATE COMMUNICATIONS BETWEEN THE GOVERNMENT AND PRIVATE SECTOR ENTITIES, ACADEMIA, CYBER SECURITY EXPERTS THROUGH MULTI-STAKEHOLDER MEETINGS HELD WITH SUCH FREQUENCY AS DETERMINED NECESSARY BY THE COUNCIL;
  • 38.
    • ESTABLISH THEADVISORY GROUPS AS PROVIDED BY SECTION 10 TO PROVIDE NON BINDING INPUT TO THE NATIONAL CYBER SECURITY COUNCIL ON STRATEGIC PLANS AS AND WHEN CALLED UPON TO DO SO FROM TIME TO TIME; • IN PARTICULAR ADVISE, ASSIST, COLLABORATE AND COORDINATE WITH NATIONAL SECURITY APPARATUS OF THE STATE OF PAKISTAN FOR CONTINUALLY IMPROVING THE STATE OF CYBER SECURITY WITH RESPECT TO ALL ASPECTS AND INTERESTS OF THE STATE; • COORDINATE, COLLABORATE AND CONDUCT EXCHANGES WITH INTERNATIONAL BODIES, FORA AND ENTITIES, INTERALIA, IN CONNECTION WITH THE FUNCTIONS AND POWERS HEREIN; • CAUSE RESEARCH AND DEVELOPMENT TO BE CONDUCTED WITH RESPECT TO KALEIDOSCOPIC CYBER SECURITY THREATS, DEVELOPMENTS, BEST PRACTICES AND INTERNATIONAL LAWS AND OBLIGATIONs; • PROMOTE GENERAL AWARENESS WITH RESPECT TO CYBER SECURITY AWARENESS, PARTICULARLY THE IN-HOUSE ROLE AND RESPONSIBILITY OF INDIVIDUALS, CORPORATE ENTITIES AND ORGANIZATIONS ; • DEVELOP A TEN YEAR AND TWENTY YEAR VISION WITH REGARDS TO CYBER SECURITY; • LEGISLATE AND UPDATE SUCH RULES FOR THE INTERNAL ADMINISTRATION AND OPERATIONS OF THE COUNCIL, ITS PERSONNEL AND ADVISORY GROUPS, AS IT MAY CONSIDER APPROPRIATE FOR CARRYING OUT THE PURPOSES OF THIS ACT; • INCLUSIVELY, COLLABORATE WITH THE CORPORATE ENTITIES, PRIVATE SECTOR, CYBER SECURITY ACADEMIA, PROFESSIONALS, CIVIL SOCIETY AND COMMUNITY TO ACHIEVE THE OBJECTIVES; • THE COUNCIL MAY DELEGATE THE FUNCTIONS AND POWERS TO ANY ONE OR MORE OF THE ADVISORY GROUPS, AS IT DEEMS APPROPRIATE.
  • 39.
    2015 JOINT STATEMENTBY PRESIDENT BARACK OBAMA AND PRIME MINISTER NAWAZ SHARIF CYBERSECURITY • RECOGNIZING THE OPPORTUNITIES AND CHALLENGES PRESENTED BY INFORMATION AND COMMUNICATIONS, TECHNOLOGIES PRESIDENT OBAMA AND PRIME MINISTER SHARIF AFFIRMED THAT INTERNATIONAL COOPERATION IS ESSENTIAL TO MAKE CYBERSPACE SECURE AND STABLE • BOTH LEADERS ENDORSED THE CONSENSUS REPORT OF THE 2015 UN GROUP OF GOVERNMENTAL EXPERTS IN THE FIELD OF INFORMATION AND TELECOMMUNICATIONS IN THE CONTEXT OF INTERNATIONAL SECURITY • THE LEADERS LOOKED FORWARD TO FURTHER MULTILATERAL ENGAGEMENT, AND DISCUSSION OF CYBER ISSUES AS PART OF THE US-PAKISTAN STRATEGIC DIALOGUE
  • 40.
    ARCHIT ECTURE POLICY & LAWS FUNDS & RESOURCES AWARENESS& PREPAREDNESS DEVELOPMENT PLAN INTERNATIONAL RELATIONS NATIONAL CYBER SECURITY COUNCIL TO BE MADE PART OF THE NSA PK CERT TO BE ESTABLISHED WITHOUT FURTHER DELAY GOVERNMENT SHOULD ALLOCATE ADEQUATE FUNDS & RESOURCES FOR CYBER SECURITY PROPOSALS COMPREHENSIVE CYBER SECURITY POLICY TO COORDINATE & ENSURE ALL CYBER MATTERS WHILE ADDRESSING THE CITIZEN’S RIGHT TO PRIVACY CYBER SECURITY AWARENESS TO BE CREATED WITHIN THE GOVT, CORPORATE SECTOR, INDUSTRY, PRIVATE BUSINESSES & ACADEMIA •DEVELOP OWN HARDWARE & INFRASTRUCTURE •DEVELOP INDEPENDENT OS FOR THE ARMED FORCES & SECURITY ORGANIZATIONS •IN THE LONGTERM DEVELOP OWN INTERNET •BRING FORTH NATIONAL VIEWPOINT ACCURATELY IN THE UN GGE & OTHER INTERNATIONAL MEETINGS •CONCLUDE CYBER CBMs WITH INDIA (SAARC SUMMIT 2016)
  • 41.
    PROPOSED CYBER COMMAND ARMYAIR FORCE NAVY CYBERCOM SECTT
  • 43.
    EXAMPLES OF CYBERATTACKS & THEIR IMPACT ON NATIONAL SECURITY THE CASE OF ESTONIA (APRIL 2007) • ESTONIA RELOCATED THE BRONZE SOLDIER OF TALLINN, A SOVIET- ERA GRAVE MARKER TO THE ANNOYANCE OF THE RUSIANS • A SERIES OF CYBER ATTACKS WERE LAUNCHED AGAINST ESTONIA SWAMPING WEBSITES OF ORGANIZATIONS, INCLUDING THE PARLIAMENT, BANKS, MINISTRIES, NEWSPAPERS AND BROADCAST STATIONS • DISTRIBUTED DENIAL OF SERVICE (DDOS) LAUNCHED AGAINST THE GENERAL PUBLIC, RANGING FROM SINGLE INDIVIDUALS USING VARIOUS METHODS LIKE PING FLOODS TO EXPENSIVE RENTALS OF BOTNETS USUALLY USED FOR SPAM DISTRIBUTION • SPAMMING OF BIGGER NEWS PORTALS COMMENTARIES AND DEFACEMENTS INCLUDING THAT OF THE ESTONIAN REFORM PARTY WEBSITE
  • 44.
    CYBER & PHYSICALATTACK ON GEORGIA • 20 JULY 2008. ZOMBIE COMPUTERS ATTACK GEORGIAN NETWORKS. WEBSITE OF THE GEORGIAN PRESIDENT SUFFER OVERLOAD & IS TAKEN DOWN FOR 24 HOURS. TRAFFIC DIRECTED AT THE WEBSITE INCLUDED THE PHRASE "WIN+LOVE+IN+RUSIA”. • 5 AUGUST. GEORGIAN NEW AGENCIES AND TELEVISION STATIONS HACKED. • 5 AUGUST. TERRORIST ATTACK ON BAKU–TBILISI–CEYHAN PIPELINE SUBJECTED TO A TERRORIST ATTACK NEAR REFAHIYE IN TURKEY COUPLED WITH A SOPHISTICATED COMPUTER ATTACK ON LINE'S CONTROL AND SAFETY SYSTEMS THAT CAUSE AN INCREASE IN PRESSURE AND EXPLOSION. • 7-8 AUGUST. MANY GEORGIAN INTERNET SERVERS UNDER EXTERNAL CONTROL • 9 AUGUST. KEY SECTIONS OF GEORGIA'S INTERNET TRAFFIC REROUTED THROUGH SERVERS BASED IN RUSSIA AND TURKEY, WHERE THE TRAFFIC IS EITHER BLOCKED OR DIVERTED. RUSSIAN AND TURKISH SERVERS ARE ALLEGEDLY CONTROLLED BY THE RUSSIAN HACKERS. • 10 AUGUST. RIA NOVOSTI NEWS AGENCY'S WEBSITE DISABLED FOR SEVERAL HOURS • 10 AUGUST. MANY ONLINE GEORGIAN SITES SUSPECTED TO BE FAKE • 11 AUGUST. GEORGIA ACCUSES RUSSIA OF WAGING CYBER WARFARE ON GEORGIAN GOVERNMENT WEBSITES SIMULTANEOUSLY WITH A MILITARY OFFENSIVE • 14 AUGUST. CEASEFIRE
  • 45.
    NORTH KOREAN ATTACKON SONY PICTURES • NOVEMBER 24, 2014. CONFIDENTIAL DATA BELONGING TO SONY PICTURES ENTERTAINMENT RELEASED • DATA INCLUDES PERSONAL INFORMATION ABOUT THE EMPLOYEES AND THEIR FAMILIES, E-MAILS BETWEEN EMPLOYEES, INFORMATION ABOUT EXECUTIVE SALARIES, COPIES OF (PREVIOUSLY) UNRELEASED SONY FILMS, AND OTHER INFORMATION • HACKERS CALLING THEMSELVES GUARDIANS OF PEACE (GOP) DEMAND CANCELLATION OF PLANNED RELEASE OF THE INTERVIEW, A COMEDY FILM ABOUT A PLOT TO ASSASSINATE NORTH KOREAN LEADER KIM JONG-UN • US BLAME NORTH KOREA FOR THE HACKING. NORTH KOREANS DENY COMPLICITY. SOME CYBERSECURITY EXPERTS CAST DOUBT ON THE EVIDENCE, ALTERNATIVELY BLAMING CURRENT OR FORMER SONY OFFICIALS FOR THE BREACH
  • 46.
    US CYBER ATTACKSAGAINST NORTH KOREA
  • 47.
    STUXNET ATTACK • STUXNET,A COMPUTER WORM WAS DISCOVERED IN JUNE 2010 • IT IS DESIGNED TO ATTACK INDUSTRIAL PROGRAMMABLE LOGIC CONTROLLERS (PLCs) • PLCs ALLOW THE AUTOMATION OF ELECTROMECHANICAL PROCESSES SUCH AS THOSE USED TO CONTROL MACHINERY ON FACTORY ASSEMBLY LINES, AMUSEMENT RIDES, OR CENTRIFUGES FOR SEPARATING NUCLEAR MATERIAL • EXPLOITING FOUR ZERO-DAY FLAWS, STUXNET FUNCTIONS BY TARGETING MACHINES USING THE MICROSOFT WINDOWS OPERATING SYSTEM AND NETWORKS, THEN SEEKING OUT SIEMENS STEP7 SOFTWARE • STUXNET IS TYPICALLY INTRODUCED TO THE TARGET ENVIRONMENT VIA AN INFECTED USB FLASH DRIVE • STUXNET COMPROMISED IRANIAN PLCs, COLLECTING INFORMATION ON INDUSTRIAL SYSTEMS AND CAUSING THE FAST- SPINNING CENTRIFUGES TO TEAR THEMSELVES APART, DESTROYING ALMOST ONE-FIFTH OF IRAN'S NUCLEAR CENTRIFUGES
  • 48.
    SPOOFING OF AMERICANDRONE OVERFLYING IRAN • ON 4 DECEMBER 2011 AN AMERICAN RQ170 SENTINEL UAV WAS SPOOFED AND FORCED TO LAND IN EASTERN IRAN • AIRCRAFT WAS DETECTED IN IRANIAN AIRSPACE 225 KILOMETERS (140 MI) FROM THE BORDER WITH AFGHANISTAN • ON 9 DECEMBER 2011, IRAN LODGED A FORMAL COMPLAINT TO THE UN SECURITY COUNCIL OVER THE UAV VIOLATING ITS AIRSPACE • ON 12 DECEMBER 2011, US ADMINISTRATION ASKED IRAN TO RETURN THEIR DRONE. IRANIANS REFUSED.
  • 49.
    WHAT IS SPOOFING? •SPOOFING IS THE CREATION OF TCP/IP PACKETS USING SOMEBODY ELSE'S IP ADDRESS • ROUTERS USE THE DESTINATION IP ADDRESS IN ORDER TO FORWARD PACKETS THROUGH THE INTERNET, BUT IGNORE THE SOURCE IP ADDRESS • THAT ADDRESS IS ONLY USED BY THE DESTINATION MACHINE WHEN IT RESPONDS BACK TO THE SOURCE
  • 50.
    DATA BREACH –US OFFICE OF THE PERSONNEL MANAGEMENT (OPM) • DATA BREACH STARTING MARCH 2014, AND POSSIBLY EARLIER, NOTICED BY THE OPM IN APRIL 2015 • IN JUNE 2015, OPM ANNOUNCED THAT IT HAD BEEN THE TARGET OF A DATA BREACH EFFECTING THE RECORDS OF AS MANY AS FOUR MILLION PEOPLE. LATER, FBI PUT THE NUMBER AT 18 MILLION. • INFORMATION TARGETED IN THE BREACH INCLUDED PERSONAL INFORMATION SUCH AS SOCIAL SECURITY NUMBERS, AS WELL AS NAMES, DATES AND PLACES OF BIRTH, AND ADDRESSES. • THE HACK ALSO INVOLVED THEFT OF DETAILED BACKGROUND SECURITY- CLEARANCE-RELATED BACKGROUND INFORMATION OF PEOPLE DEPLOYED ON SENSITIVE MISSIONS • ON JULY 9, 2015, THE ESTIMATE OF THE NUMBER OF STOLEN RECORDS INCREASED TO 21.5 MILLION. THIS INCLUDED RECORDS OF PEOPLE WHO HAD UNDERGONE BACKGROUND CHECKS, BUT WHO WERE NOT NECESSARILY CURRENT OR FORMER GOVERNMENT EMPLOYEES. • SOON AFTER, KATHERINE ARCHULETA, THE DIRECTOR OF OPM, AND FORMER NATIONAL POLITICAL DIRECTOR FOR BARACK OBAMA'S 2012 REELECTION CAMPAIGN, RESIGNED
  • 51.
    CYBER WARGAME SCENARIO INA CYBER WARGAME CONDUCTED IN THE US IN JULY 2015 • THE SCENARIO IN THE WAR GAME BEGAN WITH A MAJOR EARTHQUAKE HITTING SOUTHERN CALIFORNIA • FOLLOWED BY A SERIES OF COORDINATED CYBERATTACKS, INCLUDING OIL AND GAS PIPELINE DISRUPTION • INTERFERENCE AT A MAJOR COMMERCIAL PORT IN THE U.K. • ATTACKS ON PENTAGON NETWORKS • A FREEZE ON ACCESS TO CASH AT BANKS AND LONG LINES FOR FOOD AT STORES.
  • 52.
    CYBER ATTACKS BYNON STATE ACTORS
  • 53.
    CYBER CBMs • CYBERSECURITY IS A NON-CONTERVERSIAL AREA BUT HAS THE POTENTIAL OF CONFLICT • THERE IS NO CYBER SECURITY COOPERATION IN SOUTH ASIA • ISSUE NEEDS TO BE PUT ON THE AGENDA OF THE NEXT SAARC SUMMIT