Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection (CIIP)
& Cybersecurity Forensics Workshop
Meeting Agenda
Description: At the start of the 21st century, modern societies have a growing dependency on information and communication technologies (ICTs) that are globally interconnected. This interconnectivity creates interdependencies and risks that must be managed at national, regional and international levels. At the national level, each nation should consider organizing itself to take coordinated action related to the prevention of, preparation for, response to, and recovery from cyber incidents. Such action requires coordination and cooperation among national participants, i.e., those in government, business, and other organizations, as well as individual users who develop, own, provide, manage, service and use information systems and networks. At the regional and international level, nations with compatible approaches and interests can engage in cooperation and coordination to further common objectives through mutually beneficial activities. The formulation and implementation of a common national framework for cybersecurity and critical information infrastructure protection (CIIP) represents a first step in addressing the main challenges arising from globally interconnected ICT infrastructures.
This workshop, hosted by ictQATAR and organized in collaboration with the Q-CERT, the Qatar National Program for Information Security, aims to identify the main challenges faced by countries in the region in developing frameworks for cybersecurity and CIIP, to consider best practices, share information on development activities being undertaken by ITU as well as other entities, and review the role of various actors in promoting a culture of cybersecurity. The workshop, one in a series of regional events organized by ITU-D, is organized in response to Resolution 130: Strengthening the role of ITU in building confidence and security in the use of information and communication technologies (Antalya, 2006) and the 2006 Doha Action Plan establishing ITU-D Study Group Question 22/1: Securing information and communication networks: Best practices for developing a culture of cybersecurity. As part of this activity, ITU is developing a Report on Best Practices for a National Approach to Cybersecurity which outlines a Framework for Organizing a National Approach to Cybersecurity identifying five key elements of a national effort, including: 1) Developing a national cybersecurity strategy; 2) Establishing national government-industry collaboration; 3) Creating a national incident management capability; 4) Deterring cybercrime; and 5) Promoting a national culture of cybersecurity.
|
MONDAY 18 FEBRUARY 2008 |
|
08:00−09:00 |
Meeting Registration |
|
09:00−10:15 |
Meeting Opening and Welcome |
| |
Welcoming Address: Representative from ictQATAR
Opening Remarks: Representative from ITU
Presentation: Setting the Stage ― The Changing Cybersecurity Threat Environment |
|
10:15−10:30 |
Coffee/Tea Break |
|
10:30−10:45 |
Adoption of Workshop Agenda and Practical Information |
|
10:45−12:00 |
Session 1: Towards a Framework for Cybersecurity and Critical Information Infrastructure Protection |
|
|
Session Description: The necessity of building confidence and security in the use of ICTs, promoting cybersecurity and protecting critical infrastructures at national levels is generally acknowledged. As national public and private actors bring their own perspective to the relevant importance of issues, in order to have a consistent approach, some countries have established cybersecurity/CIIP institutional framework structures while others have used a light-weight and non-institutional approach. This session will review, from a broad perspective, different approaches to such frameworks and their often similar components in order to provide meeting participants with a broad overview of the issues and challenges involved.
Session Moderator: TBD
Presentation: ITU Efforts Towards Building Frameworks for Cybersecurity and CIIP
Presentation: ITU-D’s Activities in the Area of Cybersecurity and CIIP, including ITU-D Study Group Question 22/1: Report on Recommended Best Practices for Achieving Cybersecurity |
|
12:00−13:30 |
Lunch |
|
13:30−15:15 |
Session 2: Management Framework for Organizing National Cybersecurity/CIIP Efforts |
|
|
Session Description: Increasingly, electronic networks are being used for criminal purposes, or for objectives that can harm the integrity of critical infrastructure and create barriers for extending the benefits of ICTs. To address these threats and protect infrastructures, each country needs a comprehensive action plan that addresses technical, legal and policy issues, combined with regional and international cooperation. What issues should be considered in a national strategy for cybersecurity and critical information infrastructure protection? Which actors should be involved? Are there examples of frameworks that can be adopted? Sessions 2 and 3 seek to explore in more detail various approaches, best practices, and identify key building blocks that could assist countries in establishing national strategies for cybersecurity and CIIP. The ITU Framework for Organizing a National Approach to Cybersecurity and its five key elements of national cybersecurity effort, including 1) Developing a national cybersecurity strategy; 2) Establishing national government-industry collaboration; 3) Creating a national incident management capability; 4) Deterring cybercrime; and 5) Promoting a national culture of cybersecurity, will be explored in detail.
Session Moderator: TBD
Presentation: Promoting a Culture of Cybersecurity
Presentation: Government―Industry Collaboration
Presentation: Incident Management Capabilities
|
|
15:15−15:30 |
Coffee/Tea Break |
|
15:30−17:00 |
Session 3: Management Framework for Organizing National Cybersecurity/CIIP Efforts (Continued) |
|
|
Session Description: See above.
Session Moderator: TBD
Presentation: Legal Foundation and Enforcement
Presentation: Legal Foundation and Enforcement
Presentation: A National Cybersecurity Strategy
|
|
17:00−17:15 |
Daily Wrap-Up and Announcements |
|
18:00− |
Welcome Reception |
|
TUESDAY 19 FEBRUARY 2008 |
|
09:00−10:15 |
Session 4: Country Case Studies |
|
|
Session Description: In order to further explore how different countries are currently implementing the five pillars of the Management Framework for Organizing National Cybersecurity/CIIP Efforts, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Incident Management Capabilities, Legal Foundation and Enforcement, and Developing A National Cybersecurity Strategy sessions 4, 5, and 6 are dedicated to specific country case studies. Session 4 looks closer at Promoting a Culture of Cybersecurity and Government ― Industry Collaboration.
Session Moderator: TBD
Presentation: Country Case Study ― Promoting a Culture of Cybersecurity
Presentation: Country Case Study ― Government―Industry Collaboration
Presentation: Country Case Study ― Government―Industry Collaboration
|
|
10:15−10:30 |
Coffee/Tea Break |
|
10:30−12:00 |
Session 5: Country Case Studies (Continued) |
|
|
Session Description: In order to further explore how different countries are currently implementing the five pillars of the Management Framework for Organizing National Cybersecurity/CIIP Efforts, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Incident Management Capabilities, Legal Foundation and Enforcement, and Developing A National Cybersecurity Strategy sessions 4, 5, and 6 are dedicated to specific country case studies. Session 5 looks closer at Incident Management Capabilities and the need for Legal Foundation and Enforcement.
Session Moderator: TBD
Presentation: Country Case Study ― Incident Management Capabilities
Presentation: Country Case Study ― Legal Foundation and Enforcement
Presentation: Country Case Study ― Legal Foundation and Enforcement
|
|
12:00−13:30 |
Lunch |
|
13:30−15:00 |
Session 6: Country Case Studies (Continued) |
|
|
Session Description: In order to further explore how different countries are currently implementing the five pillars of the Management Framework for Organizing National Cybersecurity/CIIP Efforts, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Incident Management Capabilities, Legal Foundation and Enforcement, and Developing A National Cybersecurity Strategy sessions 4, 5, and 6 are dedicated to specific country case studies. Session 6 looks closer at the building blocks needed to develop a successful National Cybersecurity Strategy.
Session Moderator: TBD
Presentation: Country Case Study ― A National Cybersecurity Strategy
Presentation: Country Case Study ― A National Cybersecurity Strategy
Presentation: Country Case Study ― A National Cybersecurity Strategy
|
|
15:00−15:15 |
Coffee/Tea Break |
|
15:15−17:00 |
Session 7: Review and Discussion: Management Framework for Organizing National Cybersecurity/CIIP Efforts |
|
|
Session Description: To be added.
Session Moderator: TBD
Panelist: Promoting a Culture of Cybersecurity (TBD)
Panelist: Government ― Industry Collaboration (TBD)
Panelist: Incident Management Capabilities (TBD)
Panelist: Legal Foundation and Enforcement (TBD)
Panelist: A National Cybersecurity Strategy (TBD)
|
|
17:00−17:15 |
Daily Wrap-Up and Announcements |
|
19:00− |
Dinner |
|
WEDNESDAY 20 FEBRUARY 2008 |
|
09:00−10:30 |
Session 8: ITU National Cybersecurity/CIIP Self-Assessment Toolkit: An Exercise |
|
|
Session Description: The ITU National Cybersecurity/CIIP Self Assessment Toolkit is based on studies underway in the ITU Telecommunication Development Sector’s Study Group 1, Question 22/1: Securing information and communication networks: Best practices for developing a culture of cybersecurity. The toolkit is intended to assist national governments in examining their existing national policies, procedures, norms, institutions, and relationships in light of national needs to enhance cybersecurity and address critical information infrastructure protection.
The toolkit is directed to leadership at the policy and management levels of government, and addresses the policies, institutional framework, and relationships for cybersecurity. It seeks to produce a snapshot of the current state of national policy and capability, of institutions and institutional relationships, of personnel and expertise, of relationships among government entities and relationships among government, industry and other private sector entities. Sessions 8 and 9 of the workshop aim to take countries through the self-assessment process to help governments understand their existing efforts, identify gaps that require attention, and prioritize national efforts and practical implications of the framework presented in the ITU-D Study Group 1 Question 22/1 Report on Recommended Best Practices for Achieving Cybersecurity.
Session Moderator: TBD
|
|
10:30−10:45 |
Coffee/Tea Break |
|
10:45−12:30 |
Session 9: ITU National Cybersecurity/CIIP Self-Assessment Toolkit: An Exercise (Continued) |
|
|
Session Description: See above.
Session Moderator: TBD |
|
12:30−14:00 |
Lunch |
|
14:00−15:30 |
Session 10: Regional and International Cooperation |
|
|
Session Description: Regional and international cooperation is extremely important in fostering national efforts and in facilitating interactions and exchanges. This session will review some of the ongoing regional and international cooperation initiatives in order to inform meeting participants and to further these regional and international efforts.
Session Moderator: TBD
Speaker: TBD
Speaker: TBD
Speaker: TBD
Speaker: TBD
|
|
15:30−15:45 |
Coffee/Tea Break |
|
15:45−16:45 |
Session 11: Wrap-Up, Recommendations and the Way Forward |
|
|
Session Description: The final session of the meeting reports some of the main findings from the event, and aims to elaborate recommendations for future activities in order to enhance cybersecurity and increase protection of critical information infrastructures in the region.
Session Moderator: TBD
Panelist: TBD
Panelist: TBD
Panelist: TBD
Panelist: TBD
Panelist: TBD
|
|
16:45−17:00 |
Meeting Closing |
|
|
Closing remarks: Representative from ictQATAR
Closing remarks: Representative from ITU |
|
|
|
|
CYBERSECURITY FORENSICS WORKSHOP
INCIDENT ANALYSIS, CYBER FORENSICS, AND ENGAGEMENT WITH LAW ENFORCEMENT
|
|
THURSDAY 21 FEBRUARY 2008 |
|
09:00−09:30 |
Session 1: Presentation of an Incident |
|
|
Session Description: This session presents a structured walk-through of a modern office scenario where a cybercrime may have occurred. The demonstration emphasizes how traditional investigative techniques might miss important evidence and may actually damage a cyber-investigation. The session also identifies critical junctures in the investigation and which cyber-forensics techniques are appropriate at each point, each of which will be described or demonstrated in a subsequent conference session.
Speaker: TBD
|
|
09:30−10:00 |
Session 2: Forensically-Safe Techniques for Crime Scene Investigation |
|
|
Session Description: This session seeks to appraise
the crime scene, identify “items of investigative interest”, and
describe proper handling techniques for these devices.
Speaker: TBD
|
|
10:00−11:00 |
Session 3: Live Memory Acquisition and Analysis |
|
|
Session Description: In some cases, the crime scene
contains evidence that can only be acquired while the machines are
running, and file systems are “open”. In such a case, turning off
the machine can render evidence inaccessible. The session will
describe techniques for capturing and examining device memory and
storage of live, running systems.
Speaker: TBD
|
|
11:00−11:15 |
Coffee/Tea Break |
|
11:15−12:30 |
Session 4: Device Imaging and Analysis |
|
|
Session Description: A forensic analysis of any modern computing device must include an appraisal of its memory and permanent storage areas. However, performing this analysis on the original piece of evidence may damage the device, or potentially change its “state”, and therefore render it inadmissible as evidence. Any such device must be “imaged”, such that the analysis can be performed on a verifiable copy of the original device, and the original device retained in its initial state and kept properly as evidence. This session demonstrates techniques for imaging devices, and shows how to conduct routine analysis procedures such as recovering lost files, or searching for evidence of criminal conduct.
Speaker: TBD |
|
12:30−13:30 |
Lunch |
|
13:30−14:00 |
Case Study: Judicial Evidence in Cybercrimes
– Case Study from the Sultanate of Oman |
|
|
14:00−14:45 |
Session 5: Cyber-Forensics and the Role of Expert Witnesses |
|
|
Session Description: This session explores the role
that technical specialists have in legal proceedings to support or
reject claims made in judicial proceedings.
Speaker: TBD
|
|
14:45−15:30 |
Session 6: Engagement with Law Enforcement |
|
|
Session Description: One of the highest priorities for national incident response teams, world-wide, is how best to engage with the law enforcement community. This session will address their mutual roles, and challenges to establishing mutually beneficial cooperation.
Panelist: TBD
Panelist: TBD
Panelist: TBD
|
|
15:30−16:00 |
Session 7: Reviewing the Results of the Analysis |
|
|
Session Description: In this session the results of the preceding steps will be reviewed in the context of the original simulated incident, and explore the possible outcomes, based on the results. What is known, and with what level of confidence?
Speaker: TBD
|
|
16:00−16:15 |
Cybersecurity Forensics Workshop Closing |
|
|
Closing remarks: Representative from ictQATAR
|
|
|
|
 |
|
