UNDP CYBERSECURITY ASSISTANCE FOR DEVELOPING NATIONS
Presented by: Paul RainesDate: 18 April 2016Where: CSO50 ConfabISO 9001 Quality inspected and released by: Paul Raines
AG
END
ACSO50 CONFAB
I. The changing view of developing nations
II. The cybersecurity threat
III. UNDP re-defining assistance
IV.Results to date
V. Questions
DEV
ELOP
ING
NA
TION
S
What is a developing nation anyway?
Kofi Annan, former Secretary General of the United Nations, defined a developed country as "one that allows all its citizens to enjoy a free and healthy life in a safe environment.“
• people have low life expectancy (typically < 60 years)• people have low education levels (high level of
illiteracy >25%)• people have low income (< $1026 USD/yr)
THE
CH
AN
GIN
GIT
PR
OFILE
OF
DEV
ELOP
ING
NA
TION
S
But technology is changing the profile
TH
EG
RO
WIN
GTH
REA
TTO
CY
BER
SECU
RITY
CSO50 Confab
Size of the cybersecurity threat(Or what should be keeping you awake at night)
• Hackers are costing consumers and companies between $375 and $575 billion
annually, according to a study published by the Center for Strategic and
International Studies. This number is expected to grow...
• Online crime is estimated at 0.8 percent of worldwide GDP --that rivals the
amount of worldwide GDP - 0.9 percent - that is spent on managing the narcotics
trade.
• Looked at another way, if cybercrime were a nation, it would rank 27th in the global
economy, ahead of South Africa, Singapore, Austria, Thailand and Denmark.
CY
BER
SECU
RITY
AN
D TH
REA
TS TO D
EVELO
PIN
G N
ATIO
NS
CSO50 Confab
The increased threat of cyber attacks puts the critical infrastructure of developing nations at risk. Information systems of hospitals Air traffic control facilities Factories Police and military Utilities Schools & universities Telecommunications firms Transportation Government agencies
The emerging digital economies of developing nations are also at systemic risk from cyber-criminals. Rampant fraud or hacking attacks, for example, could crash a developing nation’s
nascent digital economy. Widespread fraud could deter participants from using e-commerce and thus prevent
nations’ macro-economies from benefitting from the digital commerce.
How are developing nations affected?
CSO50 Confab
Developing nations also face risks to their critical infrastructure from more advanced nation-state actors who, in times of crisis, might use their superior cyber-attack capabilities as a means of cyber-intimidation.
Finally, protecting personal data, freedom of expression, and access to public resources for citizens in developing nations is fundamental to preserve human rights in the digital age.
How are developing nations affected?
Bottom Line: Computer crime and hacking are a growing world problem which threaten the critical national infrastructure, digital economies and basic freedoms of developing nations.
CY
BER
SECU
RITY
AN
D TH
REA
TS TO D
EVELO
PIN
G N
ATIO
NS
CSO50 Confab
Flame: Malware described as ‘the most sophisticated cyber weapon yet unleashed’. Detected in the Mid-East, Flame begins by sniffing the network traffic, taking screenshots, recording audio conversations, and intercepting keyboard presses.
Red October: Malware used for a cyber-espionage campaign that targeted many developed countries’ diplomatic and government agencies, research institutions, energy and nuclear groups, and aerospace organisations.
MiniDuke: Malware designed to steal data from government agencies and research institutions.
GhostNet: Malware allegedly originating in China which infiltrated targets in about 103 countries, including various embassies and foreign missions
Bangladesh central bank lost $81 M USD in hack of their account with U.S. Federal Reserve
Examples of recent cyber attacksC
YB
ERSEC
UR
ITY A
ND
THR
EATS TO
DEV
ELOP
ING
NA
TION
S
CSO50 ConfabC
YB
ERSEC
UR
ITY A
ND
THR
EATS TO
DEV
ELOP
ING
NA
TION
S
VISIO
NS
TATEM
ENT
• Given the effect cyberattacks were having on developing nations, the United Nations has taken action to help address the problem.
• The chief executives of UN agencies met at their annual CEB summit and passed a cybersecurity strategy to address the internal and external challenges of cybersecurity.
• The cybersecurity strategy made UNDP the lead agency in ensuring that cybersecurity programmatic assistance is providing on an “on demand” basis to developing nations.
UNDP cybersecurity strategy
CY
BER
SECU
RITY
EXC
ELLENC
EUNDP for Cybersecurity????
CY
BER
SECU
RITY
EXC
ELLENC
EUNDP for Cybersecurity!!!
• Fits UNDP mission to provide aid to
developing nations
• UNDP has a global reach with over 177
different country offices around the world
• UNDP has a stellar reputation in the field of
cyber-security. Since 2012, it has been
certified by Lloyd’s as following the best
practices of ISO 27001 & ISO 9001.
• Won major international cyber-security awards
for the past 4 consecutive years
CY
BER
SECU
RITY
SERV
ICES
UNDP cybersecurity services offered
i. Cybersecurity Training Workshops• ISO 27001 training • Risk assessment training• Resiliency training• Cyber-incident response training
UNDP also partners with the Forum of Incident Response and Security Teams (FIRST) to provide professional workshops to build capacity.
ii. Cybersecurity Risk Assessment/Mitigation• Risk assessment training• Risk mitigation plan for the client.
UNDP trains how to create a risk assessment, perform risk mitigation and build local capacity.
CY
BER
SECU
RITY
SERV
ICES
UNDP Cybersecurity Services
iii.Building Capacity in Cyber-Incident Response• Compliance with the rigorous incident response standards of the Forum of
Incident Response and Security Teams (FIRST)• Training workshops• Simulated incident response exercises• Reviewing and improving upon existing incident response capabilities and
procedures.
iv.Resiliency• UNDP can review the client’s business continuity and disaster recovery
provisions and either make recommendations for improvement • Create and help test a business continuity and disaster recovery plan for their
ICT systems and organisation• Training on how to create and maintain business continuity and disaster
recovery plans
CY
BER
SECU
RITY
SERV
ICES
UNDP Cybersecurity Services
v. Cybersecurity Policies and Standards• develop or review and makes recommended improvements to a client’s
cybersecurity policies and standards. (The client would be responsible for taking the developed policies/standards through their organization’s policy approval process.)
vi. ISO 27001 Certification• ISO 27001 training workshops• Assist a client in becoming ISO 27001 certified
• cybersecurity policy creation• risk assessment• statement of applicability• internal assessment and compliance with the requirements of the
ISO 27001:2013 standard.
PR
OG
RA
MM
EIM
PAC
TAssistance to Bangladesh•Security assessment of A2I•Risk assessment training workshop•CERT training, procedures & exercise•National cybersecurity strategy
Cybersecurity conference•Istanbul in October 2015•Participants from 23 countries•2016 conference to be held Sept 26-28 in Morocco
Assistance to MoldovaTraining on CERT
Assistance to Sri LankaAssistance with national PKI
CSO50 award for 2016
After only one year we have
WH
YU
ND
P?
CSO50 Confab
• Why use UNDP? • Global reach with offices in 177 countries• Development mission for over 50 years• Record of proven achievement in cyber-security
• 2012—ISO 9001 & ISO 27001 certified• 2013 --- Honours laureate award and 1 of 5 companies nominated
for prestigious 21st Century award for World Good• 2014 – CSO40 Award • 2015 -- CSO50 Award• 2016 -- CSO50 Award • 2016 – Computer World’s Premier 100
• We are relatively low cost, trusted in the developing world and execute quickly
AND SO, CLOSING THE CIRCLE….