Republic of Croatia Office of the National Security
Republic of Croatia Office of the National Security Council Croatian Industrial Security Policy Development and Related Global Trends RACVIAC SEE Centre for Security Cooperation & Croatian Office of the National Security Council Zagreb, 4 May 2017 Dr. sc. Aleksandar Klaić, dipl. ing
Cyberspace Influence Slide 2 2
Industrial Security – Government Security Policy Area for Public-Private Classified Cooperation • NSA / DSA bodies • German DSA • Established 1962 • MISWG organization • Multinational Industrial Security Working Group • Established 1985 • NSA bodies • Cooperative arms programme • Croatia: • NATO MS since 2009 • EU MS since 2013 • Croatian NSA/DSA: • Established 2007 • FSCs issuance since 2009 • Around 100 valid FSCs • Legal person, employees, security areas, CIS • http: //www. uvns. hr/en Slide 3 3
Industrial Security Certification • Cooperation: Government Bodies – Legal entities • FSC certification request model: • Project Based - Request of a Government Body (National/Foreign) • Intention Based - Request of a Legal Entity via Ministry of Economics (international classified contracts) • Restricted Level Classified Contracts: • no FSC • Government bodies responsibility • NSA/DSA authorized for security briefings / inspections / accreditations if internationally required Slide 4 4
FSCs – Types, Levels, Validity • National Classified Contracts FSC: • Confidential, Secret, (Top Secret) • NATO/EU Classified Contracts FSC: • Confidential, Secret • Other International use of FSC based on bilateral GSA: • Translation of National FSC • Validity: • 5 years / rechecked for each new Contract • Questionnaire for the security vetting of legal entities: www. uvns. hr Slide 5 5
FSC Certification Process • Certification Contract: Legal Entity - DSA • Guidance on Information Security Measures and Standards for Legal Entities • Statements and documents from Legal Entity • Security vetting procedure: • Legal Entity, • Owners, Board Members / FSO / Project Staff • Accreditation of Physical premises / CIS • Issuance of the FSC valid for 5 years • 5 year certification contract obligation regarding: • Inspections / certification contract annexes for extended scope of classified project / FSO education and coordination … Slide 6 6
Trends in Classified Information Today • NATO • Accountable • CTS • NS • Non-accountable • (NC) • NR • UK (2014) • CI • Top Secret • Secret • Sensitive Information • . . . • NATO UNCLASSIFIED • Levels ratio - 3: 2 • CI number ratio • 1: 10 and more • Levels ratio - 2: n • Inf. number ratio - 1: n Slide 7 7
- Croatian CIS Security Accreditation Process - Example of the lowest Restricted Security Level Complexities Slide 8 8
Evolving Security Threats Environment Exposure of Classified Information Personnel (Insider Threat) Foreign Intelligence (Organised) Crime Terrorism Symmetric Asymmetric Hybrid Traditional Society -------Traditional threats Virtual Dimension of Society Cyberspace -------Cyber counterparts of traditional threats . . . Slide 9 9
Digital Market Changes • EU - Digital Single Market Strategy (05/2015) • 3 pillars: • Improving access to digital goods and services • Environment were digital networks & services can prosper • Digital as driver for growth • NATO – Warsaw Summit (07/2016) • Cyber space as military domain SECURITY TRUST • Nations • National Cyber Security Strategy Organizational aspects • Not narrow telecommunication sector any more Slide 10 10
EU NIS Directive • Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace, 7. 2. 2013, JOIN(2013)1 final • currently in revision • Directive (EU) 2016/1148, 19. 7. 2016 • https: //ec. europa. eu/digital-single-market/en/cybersecurity , • NIS (Network and Information Security) directive • Goals: • Strategic cooperation of EU MSs (Cooperation Group) • CSIRT (CERT) cooperation on EU level (CSIRT Network) • Criteria, security requirements and incident notification • Operators of Essential Services (OES), Digital Service Providers (DSP) Slide 11 11
NATO Cyber Defence and MSs • NATO – Warsaw Summit (07/2016) • Cyber space as military domain • CIS as logistic of other military domains • NATO Industry Cyber Partnership (NICP) • Shift of focus to Member States (MSs): • Cyber Defence (CD) Pledge (replacement of former CD Mo. U) • Cyber Defence Assessment of MSs (2017) • „National Cyber Defence” = Cyber Security on national level • Problem: • not only in the lack of investment • even more in the scope, prioritization and direction of investment Slide 12 12
Government Security Policy Framework • Obligation for companies doing business in certain areas/sectors • Legacy approach • Industrial Security, CIP / CIIP • Military, IT, … • Enabler for coordinated national efforts and development of national economy • Public-private partnership Contractual (e. g. EC - ECSO) • Cyberspace related industry, … Slide 13 13
Security of the Virtual Dimension of Society Communication New Emerging Threats Information Sharing e-Government CIP / CIIP Cooperation Public Electronic Services Security Awareness and Education SECURITY TRUST Slide 14 14
The Main Elements of Croatian National Cyber Security Strategy (10/2015): (www. uvns. hr/en) 15 Slide 15 15
To Conclude - be ready to shift. . . • From classified information to sensitive information • Duty of diligence & duty of care • From baseline procedures to risk management • Government to society • From obligation to partnership • Certification/accreditation • From selective security approach to digital hygiene on societal level • Criticality becomes moving target Slide 16 16
Thank You ! ? Aleksandar Klaić, Ph. D. Assistant Director for Information Security and Chairman of the National Council for Cyber Security aleksandar. klaic@uvns. hr Office of the National Security Council tel. +385. 1. 4681 222 fax. +385. 1. 4686 049 www. uvns. hr Slide 17 17
- Slides: 17