Information Assurance Advisory Council

1
(No Transcript)
2
CYBER HOOD WATCH Empowering the Digital Citizen
Dr Andrew Rathmell CEO, IAAC
22 May 2002 Information Security in the Public
Sector
3
The Wired Society

• In the wired society, security is everyones
  problem
• Effective management of your own risks and
  enforcement of a security policy for your
  organisation is not enough
• With universal (broadband) access to public
  services and e-business, the critical
  vulnerabilities in the system are more than ever
  located out in society

4
The Intelligent Society

• Citizens need to recognize their responsibility
  for protecting themselves to become risk-aware
  risk literate
• Society needs to become an intelligent,
  self-aware and self-healing system

5
The Role of Local Govt

• Local government needs to protect itself
• Local government touches the citizen
• Local government has the need and capability to
  build trusted e-communities
• But local government, citizens and other
  stakeholders need to work in partnership

6
What do Citizens Need?

• Information in an accessible form
• From trusted sources
• Based on facts, not hype
• Solutions that are easy to apply
• Somewhere to turn to when things go wrong

7
What are others doing?

• USA National Cyber-Security Alliance
• Belgium e-Security Platform
• New York Electronic Crimes T-F

8
Cyber Hood Watch
To create a culture of security amongst the UKs
citizens

•  

Empowerment
Information Advice
Ethical responsible behaviour
Self-help
Building trusted electronic communities
9
The Concept

• CERT/CSIRT for technical security community
• ISACs for large corporate members
• Awareness campaigns (eg UK Online for Business)
  are passive
• Combine awareness/education with warnings/alerts
  in user-friendly language

10
How?
Education Awareness
Police responders
Solutions
Local CHW coordinator
Warnings Alerts
WARP
11
Warning, Advice Reporting Points

• Receive, assess re-issue warnings
• Provide email/phone advice
• Record security incidents
• Share incident reports with other WARPs, etc
• Core of 3 staff
• Various funding models

12
The WARP Model
WARP
e-COMMUNITY
Trade association, interest group, local
government, industry sector
13
Who?

• Use existing trusted communities
• a local authority
• a trade association
• a group of companies or NGOs
• companies with online B2C presence
• Central government can facilitate, stimulate
  provide expertise as well as channelling
  information
• ISPs and B2C organisations (e.g. finance, e-tail)
  are key players in the information sharing
  network
• Long-term possible tie-in to police reporting
  crime prevention infrastructure

14
A National Awareness Campaign

• These grassroots initiatives need to be supported
  by a national awareness campaign, including
• A consumer-friendly web-site
• Educational materials coordinated with schools
  and UK Online
• A telephone/email help-line
• Innovative tools (e.g. online games for kids)

15
To Participate

• Pilots in local authorities (roundtable 26 June)
• IAAC studies on information sharing public
  education
• NISCC information sharing initiative
• Background
• Foresight reports on e-crime financial services
• EU work on Warning Information Sharing
  (www.ddsi.org)

16

• CYBER HOOD WATCH

EMPOWERING THE DIGITAL CITIZEN BUILDING
TRUSTED COMMUNITIES
www.cyberhoodwatch.org.uk
17
(No Transcript)