UNDP CYBERSECURITY ASSISTANCE FOR DEVELOPING NATIONS

Presented by: Paul RainesDate: 18 April 2016Where: CSO50 ConfabISO 9001 Quality inspected and released by: Paul Raines

AG

END

ACSO50 CONFAB

I. The changing view of developing nations

II. The cybersecurity threat

III. UNDP re-defining assistance

IV.Results to date

V. Questions

DEV

ELOP

ING

NA

TION

S

What is a developing nation anyway?

Kofi Annan, former Secretary General of the United Nations, defined a developed country as "one that allows all its citizens to enjoy a free and healthy life in a safe environment.“

• people have low life expectancy (typically < 60 years)• people have low education levels (high level of

illiteracy >25%)• people have low income (< $1026 USD/yr)

THE

CH

AN

GIN

GIT

PR

OFILE

OF

DEV

ELOP

ING

NA

TION

S

But technology is changing the profile

TH

EG

RO

WIN

GTH

REA

TTO

CY

BER

SECU

RITY

CSO50 Confab

Size of the cybersecurity threat(Or what should be keeping you awake at night)

• Hackers are costing consumers and companies between $375 and $575 billion

annually, according to a study published by the Center for Strategic and

International Studies. This number is expected to grow...

• Online crime is estimated at 0.8 percent of worldwide GDP --that rivals the

amount of worldwide GDP - 0.9 percent - that is spent on managing the narcotics

trade.

• Looked at another way, if cybercrime were a nation, it would rank 27th in the global

economy, ahead of South Africa, Singapore, Austria, Thailand and Denmark.

CY

BER

SECU

RITY

AN

D TH

REA

TS TO D

EVELO

PIN

G N

ATIO

NS

CSO50 Confab

The increased threat of cyber attacks puts the critical infrastructure of developing nations at risk. Information systems of hospitals Air traffic control facilities Factories Police and military Utilities Schools & universities Telecommunications firms Transportation Government agencies

The emerging digital economies of developing nations are also at systemic risk from cyber-criminals. Rampant fraud or hacking attacks, for example, could crash a developing nation’s

nascent digital economy. Widespread fraud could deter participants from using e-commerce and thus prevent

nations’ macro-economies from benefitting from the digital commerce.

How are developing nations affected?

CSO50 Confab

Developing nations also face risks to their critical infrastructure from more advanced nation-state actors who, in times of crisis, might use their superior cyber-attack capabilities as a means of cyber-intimidation.

Finally, protecting personal data, freedom of expression, and access to public resources for citizens in developing nations is fundamental to preserve human rights in the digital age.

How are developing nations affected?

Bottom Line: Computer crime and hacking are a growing world problem which threaten the critical national infrastructure, digital economies and basic freedoms of developing nations.

CY

BER

SECU

RITY

AN

D TH

REA

TS TO D

EVELO

PIN

G N

ATIO

NS

CSO50 Confab

Flame: Malware described as ‘the most sophisticated cyber weapon yet unleashed’. Detected in the Mid-East, Flame begins by sniffing the network traffic, taking screenshots, recording audio conversations, and intercepting keyboard presses.

Red October: Malware used for a cyber-espionage campaign that targeted many developed countries’ diplomatic and government agencies, research institutions, energy and nuclear groups, and aerospace organisations.

MiniDuke: Malware designed to steal data from government agencies and research institutions.

GhostNet: Malware allegedly originating in China which infiltrated targets in about 103 countries, including various embassies and foreign missions

Bangladesh central bank lost $81 M USD in hack of their account with U.S. Federal Reserve

Examples of recent cyber attacksC

YB

ERSEC

UR

ITY A

ND

THR

EATS TO

DEV

ELOP

ING

NA

TION

S

CSO50 ConfabC

YB

ERSEC

UR

ITY A

ND

THR

EATS TO

DEV

ELOP

ING

NA

TION

S

VISIO

NS

TATEM

ENT

• Given the effect cyberattacks were having on developing nations, the United Nations has taken action to help address the problem.

• The chief executives of UN agencies met at their annual CEB summit and passed a cybersecurity strategy to address the internal and external challenges of cybersecurity.

• The cybersecurity strategy made UNDP the lead agency in ensuring that cybersecurity programmatic assistance is providing on an “on demand” basis to developing nations.

UNDP cybersecurity strategy

CY

BER

SECU

RITY

EXC

ELLENC

EUNDP for Cybersecurity????

CY

BER

SECU

RITY

EXC

ELLENC

EUNDP for Cybersecurity!!!

• Fits UNDP mission to provide aid to

developing nations

• UNDP has a global reach with over 177

different country offices around the world

• UNDP has a stellar reputation in the field of

cyber-security. Since 2012, it has been

certified by Lloyd’s as following the best

practices of ISO 27001 & ISO 9001.

• Won major international cyber-security awards

for the past 4 consecutive years

CY

BER

SECU

RITY

SERV

ICES

UNDP cybersecurity services offered

i. Cybersecurity Training Workshops• ISO 27001 training • Risk assessment training• Resiliency training• Cyber-incident response training

UNDP also partners with the Forum of Incident Response and Security Teams (FIRST) to provide professional workshops to build capacity.

ii. Cybersecurity Risk Assessment/Mitigation• Risk assessment training• Risk mitigation plan for the client.

UNDP trains how to create a risk assessment, perform risk mitigation and build local capacity.

CY

BER

SECU

RITY

SERV

ICES

UNDP Cybersecurity Services

iii.Building Capacity in Cyber-Incident Response• Compliance with the rigorous incident response standards of the Forum of

Incident Response and Security Teams (FIRST)• Training workshops• Simulated incident response exercises• Reviewing and improving upon existing incident response capabilities and

procedures.

iv.Resiliency• UNDP can review the client’s business continuity and disaster recovery

provisions and either make recommendations for improvement • Create and help test a business continuity and disaster recovery plan for their

ICT systems and organisation• Training on how to create and maintain business continuity and disaster

recovery plans

CY

BER

SECU

RITY

SERV

ICES

UNDP Cybersecurity Services

v. Cybersecurity Policies and Standards• develop or review and makes recommended improvements to a client’s

cybersecurity policies and standards. (The client would be responsible for taking the developed policies/standards through their organization’s policy approval process.)

vi. ISO 27001 Certification• ISO 27001 training workshops• Assist a client in becoming ISO 27001 certified

• cybersecurity policy creation• risk assessment• statement of applicability• internal assessment and compliance with the requirements of the

ISO 27001:2013 standard.

PR

OG

RA

MM

EIM

PAC

TAssistance to Bangladesh•Security assessment of A2I•Risk assessment training workshop•CERT training, procedures & exercise•National cybersecurity strategy

Cybersecurity conference•Istanbul in October 2015•Participants from 23 countries•2016 conference to be held Sept 26-28 in Morocco

Assistance to MoldovaTraining on CERT

Assistance to Sri LankaAssistance with national PKI

CSO50 award for 2016

After only one year we have

WH

YU

ND

P?

CSO50 Confab

• Why use UNDP? • Global reach with offices in 177 countries• Development mission for over 50 years• Record of proven achievement in cyber-security

• 2012—ISO 9001 & ISO 27001 certified• 2013 --- Honours laureate award and 1 of 5 companies nominated

for prestigious 21st Century award for World Good• 2014 – CSO40 Award • 2015 -- CSO50 Award• 2016 -- CSO50 Award • 2016 – Computer World’s Premier 100

• We are relatively low cost, trusted in the developing world and execute quickly

AND SO, CLOSING THE CIRCLE….