Cyber-Strategie und MELANI HJB 2012-1

Report
Federal IT Steering Unit (FITSU)
Federal Intelligence Service (FIS)
Reporting and Analysis Centre for Information Assurance (IA)
MELANI
National Strategy for the
Protection of Switzerland against
Cyber Risks
High Level Meeting
Cyber Security Strategies Workshop
ENISA
Marc Henauer
Brussels, November 27, 2014
International
Coordination
National
Coordination
Cyber Security
Legal Basis
Critical Infrastructure
Protection
Partners from
Industry
Network
Interface
(FIS)
Cyber crime
Protection of Population
and Economy
Cyber defence
Integration of Army
for the protection
of Switzerland
Col. Gérald Vernez
FITSU / FIS
Reporting and Analysis Centre for IA MELANI
2
NCS: A comprehensive Strategy
Impact
Analysis
2017
16 Massnahmen
16 Massnahmen
16 Massnahmen
16 Massnahmen
16 Measures
FITSU / FIS
Reporting and Analysis Centre for IA MELANI
3
Strategic Goals
Strategic Goals
(Early) Recognition of
Cyber Threats
Increase Resilience
of Critical
Infrastructures
Reduction Cyber
Attacks (Crime,
Espionage,
Sabotage)
Private Sector/Critical Infrastructures
National Authorities
and
Good situation
CI are in
the Federal
interest Administration
Trojans, zero-dayanalysis, relationship
of national security
exploits nedd
International
with CI Operators,
and will Cooperation
have
observation and
CERTs
cascading effects
counter-measures
Population
FITSU / FIS
Reporting and Analysis Centre for IA MELANI
4
The Logic Framework of the NCS
Organizational
Security Measures
Personel
(IT-)Technical
Physical
Executives
NCS
Board
Builds
the the
Decides
about
Framework to of
implementation
choose
and
the
necessary
implement
the
security
measures
necessary security
measures
Builds the
Understands
Framework
to
Overall Risks for
identify
Cyber
Cyber
any
givenRisks = Risks originating from
Risks within
Process
maintaining
or supporting a process by
overall Risk
the use of IT.
Physical Risk
Physical Risk
(IT-)Technical
Personel Risk
Personel Risk
Cyber Risk
Cyber Risk
FITSU / FIS
Reporting and Analysis Centre for IA MELANI
5
Im Zentrum Widerstandsfähigkeit:
Stärkung der Cyber - Resilienz
Cyber - Resilienz
M5
M3
M2
M4
Analyse Bedrohungslage und Risiko
M6
M12
M14
Incident Handling,
Aktive Massnahmen
M15
M13
Krisen- und Kontinuitätsmanagement
Unterstützende Prozesse
Internationales
Informationsaustausch
Bildung
und
Forscung
Bildung
und Forschung
Informationsaustausch
Gesetzliche
Grundlagen
Gesetzliche Grundlagen
FITSU / FIS
Reporting and Analysis Centre for IA MELANI
M9
M10
M11
M1
M7
M8
M16
6
Implementation and Responsibilities
Risk and Vulnerability Analysis (M2)
Prevention
ICT Vulnerabilities Federal Level (M3)
Situation Analysis (M4)
Decentral Implementation:
Individual Self Responsibility,
State offers Subsidiary
Support
Incident Handling (M5)
Reaction
Case Overview (M6)
Identification Perpetrator (M14)
Risk Management:
Risk based approach, Cyber
is part of the overall risk
management
Continuity MGMT (M12)
Continuity
Crisis MGMT (M13)
Concept Crisis MGMT (M15)
Research/Competence Building (M1,7,8)
Supporting
Int. Cooperation (M9,10,11)
Flexibility:
Customised solutions and
technical and non technical
solutions
Cooperation:
Public-Private- Partnership
(PPP), Swiss Cyber Experts
Legal Basis (M16)
FITSU / FIS
Reporting and Analysis Centre for IA MELANI
7
Roadmap
FITSU / FIS
Reporting and Analysis Centre for IA MELANI
8
Responsibilities
MELANI: Information Exchange Hub
Closed Constituency: Critical Infrastructure Operators
M4
M5
M14
M2
M3
M6
M11
M12
Operative Support
M13
Identification
Evaluation
Analysis
FIS – Intelligence Gathering
and Analysis
Contact to Security Relevant
Services
FITSU / FIS
Reporting and Analysis Centre for IA MELANI
FITSU –Technological Centre of
Competence
Contact to IT-Security Relevant
Actors
9
Implementation is a Process
2013
• Swiss Cyber Strategy has set a process in motion
• First results on operative level visible for over half of the
16 measures
2014
2015 • More results on the operative level will become visible
2016
• Target reached for over half of the 16 measures
• Impact Analysis: implementation phase not terminated in
2017. It is continuous process
2017
...
• Process ahs to be continuously adapted to new threat
landscape
FITSU / FIS
Reporting and Analysis Centre for IA MELANI
10
Thank You for Your
Attention
Dr. Stefanie Frey
Coordinator National Cyber Strategy NCS
Reporting and Analysis Centre for Information
Assurance (MELANI)
Federal IT Steering Unit (FITSU)
Schwarztorstrasse 59
CH-3003 Bern
[email protected]
www.melani.admin.ch
NCS: http://www.isb.admin.ch/themen/01709/01710/index.html?lang=en
Implementation Plan NCS: http://www.isb.admin.ch/themen/01709/01711/index.html?lang=en
FITSU / FIS
Reporting and Analysis Centre for IA MELANI
11

similar documents