A word from the editor Cyber Security Awareness Month UK Cyber by pengxiang


									                                       Ladies and Gentlemen,
                                                                                       The contribution from the UK's Office for
                                       28-30 October should already be                 Cyber Security is a brief introduction to
                                       marked in your diaries a long time ago.         the UK’s first Cyber Security Strategy,
                                                      The date of the 5th              which was published in June 2009
                                                       Annual            Meridian      describing    the   UK     Government’s
                                                       Conference       is      fast   strategy to help keep cyber space
                                                       approaching, with DHS           secure. It underlines the growing
                                                       and      the      Program       importance of cyber space to the UK.
                                                       Committee putting the
                                                       finishing touches on a          The article submitted by ICANN gives a
                                                       conference       full      of   good description on the importance
                                                       inspiring topics. More          behind the activities of the organization.
                                                       countries     and      more     The Internet is inevitably the critical
                                                       attendees are expected          information infrastructure. The abuse of
                                                       than at any previous            DNS is a serious problem. The article
                                                       conference. This already        introduces the programs and activities
                                                     ensures a great success.          that ICANN pursues to enhance the
                                       So, as there are still about two weeks          security, stability and resiliency of the
                                       until    28   October,      last      minute    Internet.
                                       registrations are still open for invited
                                       parties. You can read a brief update on         As the EU presidency of the second half
                                       the conference on the next page.                of 2009, Sweden will deal with two
A word from the editor          ...1
                                                                                       proposals from the EU Commission
                                       With this edition of the newsletter, we         concerning the security and resilience of
Cyber Security Awareness               believe we bring you a powerful mix of          electronic communications. The first
Month                           ...2   relevant articles. As the cyber world is        proposal concerns a review of the
                                       changing, nations and organizations             regulatory framework for electronic
UK Cyber Security               ...4   must adapt to keep up with the pace.            communications. The second proposal
                                       This edition brings good examples from          concerns how the EU is to address
                                       several fields: ICANN in securing our           matters concerning critical information
ICANN Role in Enhancing                DNS space, the UK in updating its               infrastructure protection. Both of these
Internet Security, Stability           strategy for cyber security, Sweden, as         proposals will be discussed at the
and Resiliency                  ...6   the current EU president, organizing a          conference     in   Stockholm     on   5
                                       conference on the resilience of e-              November.
Network security in focus at           communications,       the    Netherlands
the PTS EU conference        ...8      promoting information exchanges for all
                                       by a boxed product.
Information Exchange
in a box                        ...9

News and Events                ...10
                                   The Dutch article is the result of a         Hope these articles will be of interest,
                                   cooperation between NICC, CPNI and           and you will once again enjoy the
                                   ENISA to create a product for the benefit    readings. See you in Washington DC!
                                   of all. Many public and private sector
                                   organizations are involved in ensuring       Sincerely,
                                   and maintaining the security of vital
                                   infrastructures. To be successful, they      Ferenc Suba
                                   need to collaborate. All the parties         Editor-in-Chief, Meridian Newsletter
                                   involved need to be prepared to share        General Manager, CERT-Hungary
                                   their     knowledge    and     exchange      Vice-Chair, ENISA MB
                                   information with the others. Information
                                   Exchange in a box helps set up an own
                                   information-sharing network.

         Our Shared Responsibility

Cybersecurity is the responsibility of everyone that uses the Internet. To
remind us of the importance of this, October has been designated as National
Cyber Security Awareness Month in the United States. The month is devoted
to educating all citizens and key public and private sector partners about                                www.dhs.gov
cyber threats and how to safeguard themselves at home, work and school.
As stated in a proclamation issued by President Barak Obama on October
1st, “During National Cybersecurity Awareness Month, we rededicate
ourselves to promoting cybersecurity initiatives that ensure the confidentiality
of sensitive information, the integrity of e-commerce, and the resilience of
digital infrastructures.” This October marks the sixth anniversary of the
Awareness Month campaign and seeks to reinforce the theme of “Our
Shared Responsibility.”

Throughout the month of October, the Department of Homeland Security’s
(DHS) National Cyber Security Division (NCSD) promotes educational efforts
to improve Americans’ understanding about the consequences of unsafe
computing practices, and the importance of protecting computers at home
and in the office. By protecting yourself on the Internet, you also protect
others. Over the past five years NCSD has made great strides in raising awareness during October and,
in turn, are better protecting the nation’s cyber infrastructure. President Obama also reinforced the
importance of cybersecurity awareness earlier this year in his Cyberspace Policy Review, which called for
increasing awareness of cyber threats and risks.

DHS Secretary Janet Napolitano kicked-off Awareness Month in Washington, DC on October 1st together
with Deputy Secretary of Defense William J. Lynn III, White House National Security Staff Acting Senior Director for
Cybersecurity Chris Painter, Deputy Under Secretary and Director of the National Cybersecurity Center Phil
Reitinger, and Director of the Secret Service Mark Sullivan. In her speech the Secretary highlighted the importance
of cybersecurity by noting that, "effective cybersecurity requires all partners-individuals, communities, government
entities and the private sector and international community - to work together to protect our networks and
strengthen our cyber resiliency."
Because cyberspace is borderless, international cooperation and collaborative action are essential to protecting
cyberspace and critical information infrastructure. Only by working together can we best address these
challenges, enhance cybersecurity, and reap the full benefits of the digital age.As a key element of its efforts to
support National Cybersecurity Awareness Month, DHS welcomes the opportunity to host the Fifth Annual
Meridian Conference from October 28-30, 2009 in Washington DC. In line with Awareness Month, the theme of
this year’s conference is “Critical Information Infrastructure Protection: Our Shared Responsibility.”

Meridian 2009 will focus on better understanding CIIP challenges, bridging
the gap between the role of policymakers and the technical community,
utilizing cyber exercises to advance CIIP objectives, and building CIIP
awareness within all sectors, from industry to academia.

This year’s conference will feature speakers ranging from global leaders in
cybersecurity policy to DHS senior leadership. Secretary Napolitano will give
the keynote address. Additionally, the program will include contributions by
CIIP leaders from around the world. This forum will provide the opportunity
for nations to discuss the challenges they are facing and the national
approaches they are implementing. Representatives observing from
    international organizations will also highlight some of key initiatives they
     are partaking in the field of CIIP.

                                  Through interactive workshops, robust discussions, and the participation of
                                  subject matter experts, Meridian 2009 promises to empower senior policymakers
                                  to work together to address information infrastructure protection challenges. In
                                  addition, participants will build strategies that promote greater security both
                                  domestically and internationally.

                                  We are pleased to announce over 40 countries will participate in this year’s
                                  conference. DHS thanks all the international partners who share our commitment
                                  to a secure cyberspace and looks forward to continuing to build enduring
                                  relationships that spread awareness of these real risks to each nation.

    Registration, Travel, and Accommodations

    Registration, travel and hotel information can be found at the conference website: http://www.meridian2009.org.
    The Meridian Conference will take place at The Fairfax at Embassy Row in Washington, DC, located at 2100
    Massachusetts Avenue, N.W., Washington, DC, 20008. A block of rooms is being held for Conference
    attendees. Attendees should first register for the conference. Registrants will then receive a confirmation email,
    which will provide important information necessary for booking accommodations at the Fairfax.
         Safety, security and resilience in cyber space

This is a brief introduction to the UK’s first Cyber Security Strategy, which
was published in June 2009 describing the UK Government’s strategy to help
keep cyber space secure. It underlines the growing importance of cyber
space to the UK.

Growing Dependence

The Government’s Digital Britain strategy showed very clearly just how
critical cyber space is to the underlying health of our nation - the £50 Billion of
online consumer sales and purchases that take place on a yearly basis
illustrate just how vital the new technology of cyber space is to our national
prosperity. Cyber space increasingly underpins the business of government,
the work of organisations across all sectors, and the activities of individual
members of the public, including banking, social networking and shopping
online, to name but a few examples. These networked, digital activities offer a
phenomenal number of benefits and opportunities, and we need to ensure
that the UK is well-placed to take advantage of them. We also have to
recognise, however, that balanced against the opportunities are a number of
real and rapidly-evolving threats; there are people who would seek to do us
harm through cyber space. What is more, technological developments and
changing patterns of utilisation make cyber space a dynamic and challenging
environment: we have to keep pace. That is why we have produced a Cyber
Security Strategy that sets out what Government is doing to ensure that we
minimise the risks and make the most of the opportunities, now and in the future.

Evolving threats

To expand on the nature of the threat: it is the low cost and anonymous nature of cyber space that makes
it particularly attractive for use by malicious actors. A low barrier to entry, coupled with the difficulties
associated with detection and attribution, mean that organised criminals, hostile states, and terrorists can and do
exploit cyber space for their own ends. We must be alive to the fact that a number of actors have a level of intent
and capability that amounts to a real threat to our security and prosperity. Sophisticated state-led cyber espionage
is of course a most serious issue, but we must also keep in mind that criminals continue to exploit vulnerabilities in
government, corporate and personal IT systems using a range of methods, from phishing to the use of malware.
Aside from the financial harm for which online fraud is responsible, there is also the fundamental issue of making
sure people have the confidence to live and work online. So we must consider and pre-empt attacks on government
systems and our essential infrastructure and attacks on individuals and businesses.

Existing Work

The new strategy should not detract from the substantial         The Home Office, Serious Organised Crime Agency and
amount of effort, resource and expertise already                 the Police all work to combat the activities of criminals in
devoted to UK cyber security. This isn’t a new problem,          cyber space. Recent initiatives have seen the formation
and the Government has been taking action to secure              of new units dedicated to tackling online crime: the Child
cyber space for several years now, on a number of                Exploitation and Online Protection Centre, and the
different fronts. The 2003 National Information                  Police Central e-crime Unit. In June, the Association of
Assurance Strategy addressed the first steps for the UK          Chief Police Officers published an e-crime strategy that
in assuring the integrity, availability and confidentiality of   will form the basis for a more consistent operational
Information & Communications Technology systems and              approach by increasing skills and capacity, and by
the information they handle: the Cyber Security Strategy         bringing e-crime into mainstream policing and law
builds on this work. There is a good deal of work already        enforcement.
going on to protect the UK from cyber threats – in
Government and in conjunction with industry and other
The Centre for the Protection of National Infrastructure      All Government Departments have access to the
(CPNI) provides advice on electronic or cyber protective      Government Secure Intranet (gsi) which securely
security measures to the businesses and organisations         connects around 200 government departments and
that comprise the UK’s critical national infrastructure       agencies and CESG, a part of GCHQ and the National
(i.e. the nine sectors which deliver essential services:      Technical Authority for Information Assurance, provides
energy, food, water, transport, communications,               government departments with advice and guidance on
government and public services, emergency services,           how to protect against, detect and mitigate various types
and health and finance). CPNI also runs a Computer            of cyber attack. CESG runs GovCertUK which provides
Emergency Response Team (CERT) service which                  warnings, alerts and assistance in resolving serious IT
responds to reported attacks on private sector networks       incidents for the public sector.
in the National Infrastructure.

A shared responsibility

All users of cyber space have a part to play in safeguarding it: the onus is on Government and business to work
together to provide more secure products and services, to operate their information systems safely and to protect
individuals’ privacy. The individual member of the public also has a responsibility to take simple security measures
to protect themselves, their families, and others in society. An un-patched home computer that is infected with
malware and harnessed as part of a botnet can be used to attack institutional targets, and this illustrates the
interconnected nature of networked threats. It also highlights the importance of getting the
message out that cyber security is something that can only succeed through a collaborative
approach. This is why the Government co-sponsors the joint public and private sector
initiative “Get Safe Online”, which aims to raise awareness of internet safety amongst the
general public and small businesses.

Next Steps

The new strategy will help to keep       will provide strategic leadership        relationships, and looked at other
the UK safe by building on existing      across Government, and a multi-          industry areas for further input, the
work, identifying gaps and overlaps      agency Cyber Security Operations         Strategy will investigate how we can
in work areas, and putting in place      Centre in Cheltenham will actively       optimise them to suit the needs of
two new organisations that will          monitor the health of cyber space        both Industry and the Government.
design, initiate and oversee a           and co-ordinate incident response,       We are also progressing work on E-
programme of work to address             enable better understanding of           crime to build the most effective
them. The Cyber Security Strategy        attacks against UK networks and          structure    that    enables    close
provides the strategic framework for     users, and provide better advice and     cooperation between SOCA, the
doing this systematically, centred       information about the risk to            Metropolitan Police and other
around clear high-level objectives:      business and the public.                 stakeholders to tackle the threats
reducing risk from the UK’s use of       Both organisations will be working       faced. On international engagement
cyber     space;     exploiting    the   towards an embryonic capacity            the UK is fully represented in all the
opportunities that cyber space           capable of releasing early products      relevant fora, as cyber becomes
presents; with both of these enabled     in Autumn 2009. One early priority       increasingly discussed, and we are
through action to improve the            will be the Cyber Security Industrial    building strong partnerships with
knowledge,       capabilities     and    Strategy, which aims to identify all     other like-minded nations. Lastly we
decision-making we need. To ensure       the different ways in which Industry     are examining the doctrine that
progress towards the Strategy’s          and the Government interact in the       underpins Cyber Security; it is a
objectives, the initial establishment    field,    from    procurement      to    new area which will require careful
of a new Office of Cyber Security        regulation. Having identified these      planning in this regard.

Transnational partnerships for a transnational problem

Cyber space is a transnational domain. As threat actors don’t respect international boundaries – in fact, they often
look to exploit them – the need for international co-ordination of cyber security efforts with our allies is self-evident.
There are strong links already in place between the UK government organisations that have a cyber security role
and their counterparts overseas – now we need to build on the existing links, bring greater coherence across them,
and establish new ones where we identify gaps. The OCS will lead work on the UK’s International Engagement on
cyber security issues, co-ordinating the development and deployment of the UK’s key messages in key fora − this
will bring greater coherence to the UK’s work with overseas partners and international organisations.

We have to secure our position in cyber space in order to give our people and businesses the confidence needed to
operate safely in that environment. There is a lot to do, and we do not underestimate the scale of the task ahead –
but with publication of the strategy we have made real progress and built a solid foundation; now we have to
maintain this momentum, and make sure it delivers.


Digital Britain Report: http://www.culture.gov.uk/what_we_do/broadcasting/6216.aspx
Cyber Security Strategy: http://www.cabinetoffice.gov.uk/reports/cyber_security.aspx
National IA Strategy: http://www.cabinetoffice.gov.uk/media/cabinetoffice/csia/assets/nia_strategy.pdf

As the Internet becomes part of the everyday life, activity in this environment
involves a wide variety of systems, stakeholders, opportunities and risks. The
ecosystem supports governments, corporations, individuals. The functioning
of the Internet is essential to public and private activities across the globe.
The Internet also supports the conduct of conflicts and criminal conduct.                            yurie.ito@icann.org
Those responsible for the governance and the operation of the Internet must
attend to the rising challenges to cyber security.

ICANN (Internet Corporation for Assigned Names and Numbers) is an
international, public benefit, non-profit organization coordinating the global
community activities supporting the Internet unique identifier systems
including the Domain Name System (DNS). The DNS underpins a wide range
of interactions that occur in today’s Internet and we understand this system is
part of critical information infrastructure. The article introduces the programs
and activities that ICANN pursues to enhance the security, stability and
resiliency of the Internet. ICANN focuses these programs on its core missions
related to the coordination of the DNS. As of 1 October, US Department of
Commerce and ICANN have entered into a new Affirmation of Commitments
that addresses a range of concerns with the preservation of security, stability
and resiliency as one of four major areas of joint commitment.

Given the nature of ICANN responsibilities under its by-      We have a small
laws it is important to delineate its role in the areas of    security team - is a Chief Internet Security
security. ICANN is not involved in the broader national       Advisor and responsible for coordinating
security issues of cyber-espionage and cyber war and          ICANN’s security, stability and resiliency
does not have a role in what constitutes illicit content in   efforts with a team of 4 other security experts.
the Internet. However ICANN has and will engage in a          ICANN’s activities in this area are conducted
continuing way in activities with both Internet               collaboratively by organizations and individuals across
communities and cyber security communities to combat          the ICANN community, not only by its security team. A
abuse of the DNS and to ensure its resiliency. ICANN          detailed description of these activities and future plans
works with a wide range of organizations, some                is available in ICANN Board approved, “ICANN Plan for
contractually obligated in the generic top-level domain       Enhancing Internet Security Stability and Resiliency.”
space, collaboratively in the country code top-level          This document and other information related to
domain space, to ensure the system as a whole is more         ICANN’s activities in this arena can be found at:
stable, secure and resilient.                                 http://www.icann.org/en/security.
Key Initiatives

ICANN's highest priority in this area is the effective and   Within ICANN’s efforts to ensure compliance with
secure functioning of the Internet Assigned Names            approved       registrars   to  ensure     the    proper
Authority or IANA function, in particular the                implementation of key security related features in
orchestration of updates to the DNS root zone in             connection with the WHOIS databases, we’ve placed
conjunction with the US Department of Commerce and           increased attention upon the obligations that come with
VeriSign. Within IANA operations, the implementation of      the revised Registrar Accreditation Agreement (RAA).
DNS Secure Extensions or DNSSEC signing for the              The        revised       RAA    is     available      at
root zone is clearly a major portion of that effort, along   www.icann.org/en/registrars/ra-agreement-21may09-
with joint working with our partners in that area. The       en.htm. As we move forward into the establishment
announcement of the joint ICANN, Department of               new gTLDs, ICANN foresees an increasing role in
Commerce, VeriSign agreement related to DNSSEC               ensuring with the gTLDs that contractual obligations are
signing of the root zone is available at                     taken into account by our contracted parties, and that
http://www.icann.org/en/announcements/announcement           there are increasing staff to conduct audits and take
-2-03jun09-en.htm. More broadly in collaboration with        corrective measures if problems are identified.
the DNS root server operators, ICANN continues to            Additionally, ICANN has developed a concept for
seek mutual recognition of roles and responsibilities        community review for a voluntary verification program
and to initiate a voluntary effort to conduct contingency    to validate a higher level of security in registry and
planning and exercises.                                      registrar operations. The High Security Zone
                                                             Verification Program concept paper is available at
With the generic TLD registries, ICANN’s focus is very       www.icann.org/en/topics/new-gtlds/high-security-zone-
much on the effective establishment of new gTLDs with        verification-04oct09-en.pdf.
proper attention to security, stability, and resiliency.
ICANN has analysed the issues surrounding the                ICANN also collaborates closely with country code TLD
potential for increased malicious conduct resulting from     community. ICANN works with the ccTLDs registries
implementation of new gTLDs and is proposing a set of        directly, in collaborative security incident response in
mitigation measures to address these concerns. An            situations such as the combating of Conficke. ICANN is
explanatory memo related to these measures is                also conducting a program jointly with the regional
available         at        www.icann.org/en/topics/new-     ccTLD associations to provide basic training regarding
gtlds/mitigating-malicious-conduct-04oct09-en.pdf.           how to dedal with the attack and contingency planning
Additionally, ICANN has undertaken a focused study           for the smaller, resource constrained ccTLDs. Active
related to understanding how increasing the number of        discussions are on-going within the ccTLD community
new gTLDs, undertaking the implementation of                 that was affected by the Conficker worm, as to how well
Internationalized Domain Names in native scripts, as         they reacted and what they need do to collaborate
well as pursing technical implementations, such as           going forward in these situations. ICANN have been
DNSSEC and IPv6, all within a compressed time                very much a part of that dialogue and want to continue
period, may present challenges at the root zone level.       to enable all those involved in operating and using the
The initial study results have been posted for public        DNS to ensure a secure system.
review at www.icann.org/en/committees/dns-root/root-

Way Forward

ICANN plans to continue to improve its contributions to the security, stability and resiliency of the Internet, focused
on its principal role in helping coordinate the Domain Name System. We are keen to work more with international
and national cyber security authorities in linking the efforts conducted within the DNS community to raise the
awareness of the need to treat the DNS as critical Infrastructure and ensure all stakeholders – governments,
operators and users – understand DNS-related security threats and undertake appropriate measure to mitigate the
growing risks.
Sweden's communications agency, the Swedish Post and Telecom Agency
(PTS), will hold an international conference entitled “Resilient Electronic
Communications – A Multistakeholder Challenge” in Stockholm on 5
November. This international conference is held in association with the
Swedish Presidency of the EU.
As the EU presidency of the second half of 2009, Sweden will deal with two
proposals from the EU Commission concerning the security and resilience of
electronic communications. The first proposal concerns a review of the
regulatory framework for electronic communications. The second proposal
concerns how the EU is to address matters concerning critical information
infrastructure protection. Both of these proposals will be discussed at the
conference in Stockholm on 5 November.

“Very timely”

In addition to these proposals, there are ongoing discussions in Europe
concerning how industry and government can work together in public-private
partnerships to meet the security challenges in the electronic
communications sector. A number of Member States have established
Government CERTs (Computer Emergency Response Teams) in Europe.
There are now plans in other Member States to establish such organisations.
The conference is divided into three tracks: Regulatory Policy, Public-Private
Partnerships and Government CERT Policy. There will be three sessions with three speakers in each.
PTS is seeking to promote an interactive conference and each session will consequently have scheduled
time for discussions. The government network security chiefs of Finland, Denmark and Norway will chair
and moderate the respective tracks.
“It’s these three areas, which are interlinked, that the conference will be looking at. The conference is
therefore very timely,” says Dr Marianne Treschow, Director-General of PTS.

International speakers

The majority of the speakers at the conference will be non-Swedish (primarily European speakers). The Swedish
Minister of Infrastructure Ms Åsa Torstensson, representing the Presidency, and the President of the German
Federal Network Agency and Chair of the European Regulators Group, Mr Matthias Kurth, will deliver keynote
speeches. The incoming Executive Director of the European Network and Information Security Agency, ENISA, Dr
Udo Helmbrecht, will deliver an opening speech.

    “The conference will provide an excellent forum for discussing how we can create a robust and secure
    information society. It is our hope that participants will be able to take with them many good initiatives that they
    can apply at home,” says Dr Treschow.

                              In the afternoon of 4 November, PTS will hold preparatory presentations in connection
                               with the Internetdagarna (Internet Days) conference, Sweden’s most premier Internet
                               community event. These presentations will deal with how work on European policy in
                               the area of network and information security is conducted. They will also provide an
                               introduction to the three tracks of the conference. Registrants of the international
                               conference are invited to participate in the preparatory presentations.

                              The conference is free of charge. For more information and for registering, see

                    “The conference will provide an excellent forum for discussing how we can
                    create a robust and secure information society,” says Dr Marianne
                    Treschow, Director-General of PTS.
Many public and private sector organizations are involved in ensuring and
maintaining the security of vital infrastructures. To be successful, they need to
collaborate. All the parties involved need to be prepared to share their
knowledge and exchange information with the others. Information Exchange                       annemarie.zielstra@ictu.nl
in a box helps you set up your own information-sharing network.

Information Exchange in a box is an idea developed jointly by the Centre for
the Protection of National Infrastructure (CPNI) in the United Kingdom and
the National Infrastructure against Cybercrime (NICC) programme in the
Netherlands. The idea is supported by the European Network and
Information Security Agency (ENISA). These three organizations have
accumulated a great deal of knowledge and experience in the area of                                  auke.huistra@ictu.nl
knowledge sharing and information exchange. They know the circumstances
and conditions under which people are willing and keen to share delicate
information and have developed brochures and tools on the subject. The
most important of these have been brought together in Information Exchange
in a box, and the CPNI, NICC and ENISA are distributing the box in order to
share their knowledge with as many other organizations as possible.

How to start up your own Information Exchange

The box contains the CPNI Sharing Culture Assessment Workbook, which
introduces the spider’s web model and teaches you to what extent you
yourself are ready to begin sharing knowledge with others in your network.
The CPNI and the NICC combined their experience in a booklet with
Membership Guidelines for setting up you own Information Exchange. An
NICC brochure describes the successful start up of the Dutch public-private
Information Exchange. It also includes an ENISA report on their European
stock taking investigation into good practices in information sharing in the
telecom sector.

    Information sharing is a state of mind

    Setting up your own Information Exchange takes more than just absorbing facts and using tools however. The
    most important prerequisite for its successful formation is having an open state of mind. It is for this reason that
    the CPNI, NICC and ENISA also include a game in the box: the Cyber Challenge. This game was originally
                               developed by the NICC as a way of discovering how, and under what conditions, the
                               sharing of knowledge can work – and whether you are ready to do so yourself.
                               The Cyber Challenge game was played for the first time at the European FI-ISAC
                               meeting in Amsterdam last April. This made it very apparent that people are
                               naturally inclined to keep valuable information to themselves. Sharing it is not an
                               inherent human behavioural trait but rather an ability that needs to be acquired and
Accept the Cyber Challenge

Playing this game with your co-workers or network partners is both an entertaining and very effective way to
gain insight into the way you solve problems. Are you willing and able to trust others and risk sharing
information? How effective is it really to keep valuable information all to yourself? Accept the Cyber Challenge
and find out!

You can order Information Exchange in a box via nicc@ictu.nl. A digital version of the Cyber Challenge will be
available on the Internet at the end of the year. Soon, ENISA will facilitate workshops for those countries that
are planning to set up their own Information Exchange.

                    20-21 October 2009
                    Warsaw, Poland
                                                            SECURE 2009
                                                            SECURE is the oldest IT security
                                                            conference in Poland. Every year current
                                                            issues concerning security matters of IT
                                                            systems and networks are discussed there.
                                   In this year's program we make use of the experience of
                                   specialist from CERT Polska at NASK and foreign response
                                   teams - members of the international Forum of Incidents
                                   Response and Security Teams (FIRST). Expected are also
                                   experts from other leading CERT-type teams, as well as from
                                   the ENISA.
                                   The main topic of this year conference will be responsible
                                   internet traffic filtering related to the most dangerous internet
                                   threats as well as blocking internet illegal content resources.

                                                     20-22 October 2009
                                                     London, UK
           RSA Conference Europe 2009
           Join us for the most comprehensive
           forum in information security. Come
           and learn about the latest trends
           and technologies, get access to new best practices,
           and gain insight into the practical and pragmatic
           perspectives on the most critical business issues facing
           you today. Connect and collaborate. Build your
           professional network. And mingle with the industry’s
           best and brightest.
        25-30 October 2009
        Seoul, Korea
                                            ICANN no. 36
                                            In the past several days, ICANN has
                                            announced recent milestones regarding
                                            changes in how the Internet community
                       will use the Internet in the near future. These important
                       developments include the plan for deployment of
                       Internationalized Domain Names (IDNs) in the next few
                       months and significant progress in developing the model for
                       delegating new generic top-level domains (gTLDs). Among
                       other topics, these will be discussed at the 36th
                       International Public Meeting in Seoul.

                                                  Meridian 2009
                                                  The Meridian Conference and Process aims to
                                                  exchange ideas and initiate actions for the cooperation
                                                  of governmental bodies on Critical Information
                                                  Infrastructure Protection (CIIP) issues globally. It
                                                  explores the benefits and opportunities of cooperation
                                                                between governments and provides an
                             28-30 October 2009                  opportunity to share best practices from
                             Washington, DC, USA                 around the world.

International Conference on Resilience
The purpose of the conference is for international
representatives of the business sector and public
administrations to exchange their experiences
related to initiatives to meet the challenges involved
in creating a robust and
secure information society.        4-5 November 2009
                                   Stockholm, Sweden

                 9-10 November 2009
                 Bern, Switzerland
                                                     European Financial ISAC workshop
                                                     The organizers wish to create a trusted
                                                     environment for the participants from the
                                                     banking sector, law enforcement and cyber
                                incident response to be able to freely discuss relevant topics
                                threatening banks and their customers. Participation is by
                                invitation only, more information from the Swiss host, MELANI.
                   Manage IT! Process Control Security Event
                   The 4th Process Control Security Event is about the lessons
                   learned from the Industrial Control Systems Cyber Security
                   Advanced Training in Idaho. More than 30 participants from
                   Dutch organisations within Critical Infrastructure, vendors,
                   academia and security companies attend this training in Idaho
                   from 9-13 November. During our Process Control Security
                   Event we try to translate these lesson learned to a message
                   that will be understood by the managers.
                   So "How do I tell my boss"!                 1 December 2009
                                                               Amsterdam, The Netherlands

3-4 February 2010
Hong Kong, China                         SCADA 2009
www.scadasummit.com/Event.aspx           SCADA Northeast Asia will focus on case
                                         studies and key developments in SCADA from
                                         countries that include Hong Kong, Japan,
                                         South Korea and Taiwan.
                          Key topics of discussion will highlight and include:
                            Developments on how to better control, supervise and
                                detect infrastructure assets
                            Assessing advanced systems as used by countries who
                                have significant advances in the field in Europe and the
                                United States
                            Looking into how to integrate SCADA systems with existing
                                and newer systems, such as MES and SMART Grid

                                                                                     Contact information:
                                                                            Editor-in-Chief: Ferenc Suba

                                                                   To subscribe please send an e-mail to:
     CIIP Matters is the quarterly newsletter
     compiled by the Theodore Puskas Foundation
     of Hungary, supervised by an editorial
     committee on behalf of the Steering Comitee.

     The editors wish to thank all contributions, and would like
     to provide the opportunity for submitting materials of CIIP
     interest to be published in future editions.

To top