World Security Report June 2014

torchmktg

For the latest news, features, essential analysis and comment on security, counter-terrorism, international affairs, warfare and defence

CYBER SECURITY

CYBER SECURITY

issues.

In 2013, ENISA released

“Understanding the importance

of the Internet Infrastructure

in Europe” 12 continuing

further its work in this area.

The goal of this report is to

foster security and resilience

of the Internet infrastructure in

Europe with particular attention

to critical assets and cross

border interdependencies

and work together with

Internet operational actors to

maintain the Internet globally

coherent, secure and resilient.

The report contains several

recommendations for Member

States, providers of critical

services and European Internet

operational actors:

• Member States should develop

a national overview of the Internet

infrastructure - Using the step by

step guidelines proposed in the

study, Member States are invited

to develop an insight of the

current infrastructure, the Critical

Infrastructure interdependencies

and have a baseline for future

developments.

• Member States should adopt

a standardized methodology

for the identification of Critical

Information Infrastructure assets

and services - In order to correctly

assess the criticality of specific

assets and services, Member

States should be able to adopt

a common methodology for

the identification of Critical

Information Infrastructures.

• Member States should adopt

specific physical infrastructure

guidelines - Any research should

always take under consideration

the physical component and

provide a holistic overview of

the system. When looking at

the physical infrastructure more

specific guidelines should be also

developed.

• Critical services providers should

develop requirements

for high availability

interconnections

for critical services

- During the

discussion with

operators, it was

underlined that if

providers of critical

services consider

some connectivity

relationships as

critical, they should

require for these

interconnections

higher level

of availability,

integrity and confidentiality

in order to enhance the

security and resilience of these

communications.

• National and European

bodies and cyber security

agencies should engage the

Internet community - Due to

the multi-stakeholder nature

of the Internet, we propose

national and European

bodies and cyber security

agencies (active in the area

of security and resilience of

communication networks) to

engage in a dialogue with

the Internet community and the

private sector.

• European Commission and

Member States should foster

research on infrastructure security

and resilience - The more we rely

on electronic communication

networks to build the future

European information society,

the more EU and Member State

should foster research in this

field. Moreover more research

on vulnerabilities of the core

components of the global Internet

Infrastructure such as DNS and

BGP is needed.

• European Internet operational

actors should share information

about incidents affecting physical

and logical infrastructure -

European Internet operational

actors are invited to share

information on incident affecting

physical and logical infrastructure

and use it to develop good

practices for the benefit of the

entire community.

In 2014 ENISA will follow up the

2013 report with the following

actions:

• focusing on the identification

of CIIs assets and services,

physical and logical infrastructure

vulnerabilities, procurement

guidelines for CIIs operators and

cross border cooperation

• developing a threat landscape

of the physical and logical layer of

the Internet infrastructure

• fostering the ENISA’s Internet

infrastructure security and

resilience reference group

which aims to gather subject

matter experts

from the Internet

operators’ community,

Cybersecurity

agencies, NRAs,

contingency agencies

and infrastructure

security and resilience

experts.

The goal is to develop

infrastructure security

and resilience not

only for securing

European citizens but

also the entire Internet.

The Internet is an

ordinary component

of everyday life and

considering news regarding

recent threats, it is important to

assess the current situation and

ensure the security and resilience

of citizens’ communications.

Moreover, future scenarios

such as the Internet of Things 13 ,

Interconnected Mobility 14 and

Smart city 15 are at their very

beginning and are built on

these same communication

networks. In this respect, every

citizen is a potential Internet

user as far as a service relies

on an Internet connection. For

these reasons ENISA believes

that is important to investigate

how the interconnections are

structured and understand what

is critical in order to focus efforts.

Communication networks are the

building blocks of the information

society and it is clear that the

absence of knowledge regarding

the underlying infrastructure could

severely hamper not only securing

current communications but also

the preparing for future threat

scenarios.

1

ENISA (2013), Power Supply Dependencies in the Electronic Communications Sector

2

ENISA (2013), Annual Incident Reports 2012 - Analysis of Article 13a annual incident reports, 2013

3

Massive Flooding Damages Several NYC Data Centers http://www.datacenterknowledge.com/archives/2012/10/30/majorflooding-nyc-data-centers/

4

Mediterranean Cable Disruption as Seen in RIPEstat https://labs.ripe.net/Members/mirjam/mediterranean-cable-disruption-asseen-in-ripestat

5

Dainotti, A., Squarcella, C., Aben, E., Claffy, K. C., Chiesa, M., Russo, M., & Pescapé, A. (2011). ‘Analysis of country-wide Internet

outages caused by censorship’. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference (pp.

1-18). ACM

6

YouTube Hijacking: A RIPE NCC RIS case study http://www.ripe.net/Internet-coordination/news/industry-developments/youtubehijacking-a-ripe-ncc-ris-case-study

7

ENISA (2014) Large scale UDP attacks: the 2014 trend and how to face it https://www.enisa.europa.eu/publications/flash-notes/

large-scale-udp-attacks-the-2014-trend-and-how-to-face-it

8

Cowie, J, (2013) The New Threat: Targeted Internet Traffic Misdirection http://www.renesys.com/2013/11/mitm-Internet-hijacking/

9

Google’s Public DNS intercepted in Turkey http://googleonlinesecurity.blogspot.in/2014/03/googles-public-dns-intercepted-inturkey.html

10

Toonk, A. (2013) Accidentally Stealing the Internet http://www.bgpmon.net/accidentally-stealing-the-Internet/

11

ENISA (2010) https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/inter-x/interx/report

12

ENISA (2013) Understanding the importance of the Internet Infrastructure in Europe - Guidelines for enhancing the Resilience of

eCommunication Networks http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/inter-x/

guidelines-for-enhancing-the-resilience-of-ecommunication-networks

13

Digital agenda for Europe http://ec.europa.eu/digital-agenda/en/internet-things

14

Vision of an interconnected Europe http://ec.europa.eu/news/transport/110328_en.htm

15

Smart Cities and Communities http://ec.europa.eu/eip/smartcities/

6 - World Security Report www.worldsecurity-index.com www.worldsecurity-index.com

World Security Report - 7

More magazines by this user
Similar magazines