Information Assurance Advisory Council

1
THE INFORMATION ASSURANCE ADVISORY COUNCIL
THE IAAC EXPERIENCE
Neil Fisher Vice Chair, IAAC
10 October 2002 DDSI Final Conference
2

• Neil Fisher
• Security Macro Capability Leader

3
Critical Infrastructure Protection

• Internet Economy, E-Government Military need to
  protect themselves against everyday misuse
• CIP required against low probability/high-conseque
  nce events in crises
• CIP not new (e.g. KP and EKP)
• BUT new problems/exacerbations of old problems
• Defining CNI
• Vulnerability Risk Analysis
• Threat Assessment/Early Warning
• Security vs Liberty
• Coordination, control influence

4
The Need for Trusted Partnerships

• Information infrastructure dependencies,
  vulnerabilities and threats do not fit neatly
  into established institutional structures they
  sprawl messily across our vertically integrated
  political, social and economic structures.
• Business has become used to operating in a
  deregulated environment governments need to
  protect their critical infrastructures without
  resorting to over-regulation.
• The emergence of a GII underpinning a globalised,
  post-industrial economy necessitates a rethinking
  of traditional inter-state rivalries and Cold
  War-era suspicions.
• Ways need to be found of engaging all actors and
  encouraging them to work together to secure
  information infrastructures through enlightened
  self interest.

5
HOLISTIC APPROACH e-BUSINESS
PROTECTION OF COMPANY/SECTOR INFORMATION
CAPABILITIES
PROTECTION OF NATIONAL INFRASTRUCTURE
SUPPORT FOR MERGERS, ACQUISITIONS AGAINST
COMMERCIAL PREDATORS
KNOWLEDGE, THREAT, RISK AND VULNERABILITY
CRIMINAL INVESTIGATION, LEGAL ASPECTS AFFECTING
COMPANIES
PROACTIVE PROTECTION
INFLUENCING PERCEPTIONS AND BRAND PROTECTION
6
IAAC INFLUENCE
UK LTD
CIP
INDIVIDUAL
IAAC
INTERNATIONAL OUTREACH
LAW, ORDER AND LEGISLATION
MEDIA AND BRAND MANAGEMENT
7
AREAS OF DIRECT INFLUENCE

• GOVERNMENT NON-MILITARY
• GOVERNMENT MILITARY
• BUSINESS
• ACADEMIA
• LAW AND ORDER

8
CREATE A NEUTRAL NGO

• INVOLVE GOVERNMENT
• INVOLVE BUSINESS
• INVOLVE INDIVIDUAL

9
INITIAL ACTIVITY

• CREATE A BOARD INCLUDE GOVERNMENT
• FIRST TWO YEAR SHAKE OUT
• LEARNED PAPERS
• WORKING GROUPS
• SYMPOSIUM

10
IAAC NOW

• BOARD AS LARGE AS WE CAN
• GLP
• MEMBERS
• CENTRAL ACTIVITY THEMES
• PUBLIC POLICY
• PRIVATE SECTOR RESPONSIBILITY
• INDIVIDUAL ACCOUNTABILITY

11
CENTRAL THEMES
PUBLIC SECTOR
PRIVATE SECTOR
INDIVIDUAL
12
PUBLIC SECTOR

• A MANIFESTO FOR UK
• PROTECTING THE DIGITAL SOCIETY
• 11 RECOMMENDATION GROUPS
• 41 SEPARATE RECOMMENDATIONS

13
PRIVATE SECTOR

• CORPORATE GOVERNANCE
• STUDY, RESEARCH, BENCHMARKING
• DISCUSSION AND EXAMINATION OF FINDINGS AT
  SYMPOSIUM 15 OCT 02 IN LONDON
• PUBLISH GUIDE FRAMEWORK
• FOLLOW UP ON SPECIFIC ISSUES

14
INDIVIDUAL

• COMMON TO BOTH SECTORS
• CODE OF ETHICS ON THE IAAC WEBSITE
• CYBERHOOD WATCH
• GREATER EMPHASIS IN 2003/4 IN RUN UP TO 2005
  DEADLINE

15
IAAC FUTURE

• EXPAND BOARD INTO, POSSIBLY, A SENATE
• EXPAND MEMBERSHIP, HOME AND ABROAD
• INCREASE INFLUENCE
• EXAMINE NEXT PHASE IN EVOLUTION

16
IAAC SUMMARY

• UNIQUE ORGANISATION
• GATHERING OF PROFESSIONALS WHO HAVE A GOOD
  UNDERSTANDING OF THE eSOCIETY
• ABILITY TO DRIVE POLICY WITHOUT CREATING WAVES OR
  HYPE
• OUTPUT BASED ON SOLID RESEARCH

17
THE INFORMATION ASSURANCE ADVISORY COUNCIL
THE IAAC EXPERIENCE
Neil Fisher Vice Chair, IAAC
10 October 2002 DDSI Final Conference