Public-Private Partnership

for Cyber Resilience

Dr. George Sharkov

National Cybersecurity Coordinator (Security Council), Adviser MoD

g.sharkov@mod.bg ; g.sharkov@government.bg

National Cyber Security Strategy - Cyber Resilient Bulgaria 2020www.cyberBG.eu

Adopted by BG Government on July 13, 2016

National Cyber Security & Resilience:A multi stakeholder engagement

www.cyberBG.eu

National strategiesUSA, UK, Netherland, Finland…

Vision: Cyber Resilient Bulgaria 2020

Initiation

2016 -2017

Growth

2018 - 2019

Maturity & Leadership

2020 +

Unknown unknowns

Known unknowns(Non CIA)

Known knowns(CIA)

Cyber Resilience

Cyber Security

InformationSecurity

3 phases for 5 years:

Phase 1: Cyber secure institutionsNational coordination platformEngaging all stakeholdersInventory & Risk assessment

Phase 2: Cyber secure societyFrom capacity to capabilitiesInternational coordination networksResilient organizations (by design)

Phase 3: Cyber resilient organizations and societyEffective collaboration at national levelInternational joint capabilities – NATO/EUSpecialization and leadership

Credit: Eurocontrol: Manual for National ATM Security Oversight

Resilience strategy “translated”:Fields of action, goals and measures

1. Establish National Cyber Security and Resilience System: governance, situational awareness, coordinated response & prevention

2. Network and information security (NIS) – the foundation for cyber resiliency: minimal NIS requirements, specific for government and state administration CIS, institutions, CI, private sector engagement (ISP), CERTs capabilities

3. Improving the protection and sustainability of digitally dependent critical infrastructures: state-operators collaboration, system modernization vs. patching, scope of CI measures (new areas)

4. Better cooperation between government-economy-citizens: information sharing platforms, ISACs/ISAOs and CERTs, NGOs, PPP, industrial and technology capacity development

5. Legal and regulatory framework: harmonization of legal, regulations and standardization, self regulation

6. Cyber crime counter fighting: capacity development (organizational and administrative), law enforcement basis update, coordination, prevention

7. Cyber Defense: defense and armed forces CIS protection, national security (incl. counter terrorism, CI protection, hybrid threats and crisis)

8. Awareness, education and innovation

9. International cooperation: EU, NATO, OSCE, UN, ITU, ICANN, and regional, cross border

Key factors: “Actionable” strategy

multi stakeholder engagement and commitmentsinternational/regional cooperationjoint capabilities = Public-Private-Partnerships (P-P-P)

CERT

US

CERT

NCSCONNational CS Coordination and Organizational Network

monitoring response

RRT

EU

CERT

Europol

EC3NCIRC

AnalyticsCenters R&D

Regulators &Standardization

CMDR

C3 112

CERTs+

ISAC

Transport

CERTs+

ISAC

Energy

…

CERTs +

ISAC

Finances

Banks

Insurance

…

MInt/Cyber Crime

Center

MoD

Mil CIRC

SANS

CSIRTs

MTITC

RRT

RRT

RRT

RRT

RRT

Council of MinistersSecurity Council

NCSCNational Cyber

Security Coordinator

National CYBER Situational Center

President Parliament

Cyber ResilienceCouncil

Commanderin

Chief

CERTs+

ISAC

Telco

ISP

Industry

RRT

RRT

RRT

SA EGov

BGCERT

Cyber Domain: Collaborative ResiliencyCollective engagement „in action “ = PPP

• Cyber Resilience Council – Strategy & Plan

Hybrid threats, counter terrorism

e-Governence + eID …

• NCSCON as PPP

• ISACs

• CERT as PPP

• RRT as PPP – elections

• Education, Qualification, Resources sharing – Cyber Reserve

• R&D as PPP: Research Labs, Industrial Labs (ICSD, SCADA)

• Standards and compliances • IoT and Indurstial

• Formats – from associations to ISACs and PPP

• CIO Club • Association Commercial Banks

National (Cyber) Resilience Nations Resilience

Cyber Domain (Wales, Warsaw), Cyber Diplomacy

NATO Hybrid Warfare strategy & playbook (2015-2016)

European CS Strategy + Directive NIS, Privacy Regalement

P-P-P models (ENISA)ENISA (2011) COOPERATIVE MODELS FOR EFFECTIVE PUBLIC PRIVATE PARTNERSHIP ● DESKTOP RESEARCH REPORT

Run by one from withinmost frequently found organizationalstructure.

Run by a coordinating entityA less frequent option is to have a bodyspecifically created

Democratically Peer ledInfrequently (desktop study)e.g. rotating chair

PPP against Cyber terrorism

Similar tactics, different goals and targets

SMEs & state under attacks (campaign)

Supply/business chain: MITM & spear phishing

Cryptolocker Ransomware

Kimi Werner, 2008 Women’s

National Spearfishing

Champion

The goal of cyberterrorism is to cause damage and send a message rather than steal data and make money

TIER ZERO[internal risks]

TIER ONE[external dependencies]

TIER TWO TIER TWOTIER THREE TIER THREE

SMEprocesses

control

assets

LegalIT &

SecurityFinancial

environment risks[context/outsourced/enablers]

supplysiderisks

demandsiderisks

Supply/Value Chains as PPPGOV & SMEs in the business lifecycle: shared cyber risk

Public-Private Partnerships (good practices)

Center for Security and Defense Management www.IT4Sec.org

https://dnbl.ncia.nato.int

Center for Cybercrime early warning & prevention

http://cmdrcoe.org/index.php

“If you are not part of the solution, you must be part of the problem”

Attributed to: Eldridge Clever (1969); African proverb, others

PPP is …. YOU (US)!