Ads 468x60px

3 May 2021

Trois jours et une vie

J’ai lu "Trois jours et une vie" de Pierre Lemaitre, dont le genre littéraire est un roman psychologique, qui a été publiée en 2016.

Pierre Lemaitre est psychologue de formation et autodidacte en littérature qui a reçu le prix de Goncourt pour son roman « Au revoir là-haut » en 2013. Il travaillait dans la formation professionnelle des adultes jusqu’en 2006, quand il a commencé à vivre de sa plume comme romancier et scénariste. 

« Trois jours et une vie » est un livre où un garçon tue un ami accidentellement. Il ne dit personne que s’est-il passé parce qu’il prend de panique, alors il se débarrasse du petit corps. Le garçon doit apprendre à grandir avec ce secret parce que les jours passent, les habitants du village se mobilisent pour retrouver l’enfant disparu et les policiers cherchent dans tous les recoins. Cependant, seulement le petit enfant connaît la vérité.

L’histoire est présentée à Beauval en France à la fin de décembre 1999 et le roman est divisé en chapitres sans titre. Le narration est faite dans la tête du petit garçon qui raconte sa vie avec angoisse et terreur permanent.

Le roman parle principalement d’un enfant qui s’appelle Antoine et qui habite seul avec sa mère divorcée Mme Courtin. Il a douze ans quand il tue l’un de ses amis - Rémi Desmedt, 6 ans. Les parents de Rémi sont voisins des Courtin et ils sont très inquiets pour retrouver son fils. Il y a aussi d'autres personnages principaux comme le docteur Dieulafoy qui est le médecin de famille, Valentine Desmedt qui est la sœur de Rémi, et Émilie Mouchotte qui est aussi la voisine d’Antonie.

À mon avis, «Trois jours et une vie» est un livre prenant, qu'on ne peut pas arrêter de lire. J’ai vraiment aimé la fin du roman. C’était inattendu.

À bientôt!

26 April 2021

F5 ASM - Using Qualys for a Security Policy

I’ve been working with vulnerability assessment tools and F5 ASM these days. In fact, I’ve been configuring F5 ASM with the Qualys Web Application Scanner (WAS). I think this kind of integration is really useful to resolve quickly vulnerabilities found by scanners such as Qualys and HP WebInspect. Actually, there are lots of vulnerabilities assessments tools and WAF appliances but I think the integration is very important to improve security policies and resolve vulnerabilities as soon as possible. You can watch in the next video how to integrate Qualys with F5 ASM!! 

Enjoy!

19 April 2021

F5 ASM – Disabling attack signatures checks

I’ve deployed a new WAF appliance with F5 ASM recently where I have to secure web applications which have lots of entities such as URLs, parameters and files. These web applications are already running in a production environment, as a result, I’ve deployed a Rapid Deployment Policy in transparent mode to see and know what’s going on. After a week, I can see lots of attacks in the learning process. Most of them are due to a web application used to store files. Employees can upload whatever they want, thus, they upload PDF files as well as .exe files and source code with javascripts. Therefore, the best to reduce potential false-positive alerts is disabling attack signatures checks for the URL where the application is hosted or the parameter used to upload files.

I’ve recorded a video where we can watch how to disable attack signatures checks for URL and parameters. It’s really easy!!

Drop me a line with the first thing you are thinking!

12 April 2021

EDNS(0) – Extension Mechanisms for DNS

I’m reading, working and studying about EDNS(0) because a customer wants something similar to a parental control service that restricts access to particular domains from particular devices, as a result, we need a device-specific identifier. We need a precise client identity information for this requirement. There will be lots of laptops on the Internet and it’s unlikely that we can configure a VPN tunnel for each laptop. Therefore, DNS servers and DNS requests will go through Internet. I’m thinking whether EDNS(0) fits this requirement.

The DNS protocol send messages by UDP and it was restricted to 512 bytes but, in 1999, there was a proposal to extend DNS to allow for new flags and response codes, and to provide support for longer responses. This extension mechanism is EDNS and it has increased the functionalities of the protocol. EDNS adds information to DNS messages in the form of pseudo-Resource Records (“pseudo-RR”). For instance, the OPT pseudo-record provides space for up to 16 flags. One of them is the DNSSEC flag but there are also flags for Client Subnet (ECS) and Device ID.

Review of OPT Option Codes

Firstly, I’ve been reading about DNSSEC which is a security extension to DNS for cryptographic authentication and data integrity, but not confidentiality, which means, all DNSSEC responses are authenticated but not encrypted. Therefore, it was designed to protect applications from using forged or manipulated DNS data, such as that created by DNS cache poisoning. This security extension doesn’t fit the requirement I’m looking for because there is no way to identify the user device.

DNSSEC - Authenticity of DNS records

Another extension I’ve been reading is Client Subnet (ECS). I was already reading about it two years ago when F5 BIG-IP DNS included this feature in v14.0. The BIG-IP places the client IP address into the EDNS0 field to determine the topology proximity of the client. This feature improves too much the use of DNS-based load balancing to select a service address near the client when the client computer is not necessarily near the recursive resolver. However, the ECS feature is not enough either to identify users’ computers.

With EDNS0 Client Subnet Support

Finally, I think I’ve found how to identify the user computer. There is already a DNS EDNS option to carry a client-specific identifier in DNS queries, but it’s still a draft. However, dnsmasq uses EDNS option code 65073 from the “Reserved for Local/Experimental Use” range to pass the client’s MAC address, or the Cisco Umbrella implementation which encodes the client’s MAC address with the option code 26946 from the “Unassigned” range. I can use F5 BIG-IP to authenticate users’ computers as DoH proxy farm and forward the DNS requests with the client identification in the EDNS field to the internal DNS server for analysis, filtering, cache control and recurses the request. What do you think?

Building a private DoH infrastructure

To sum up, EDNS has improved a lot the DNS protocol and it’s really useful for client identification, DNS-based load balancing and DNS Security.

Regards my friends! Have you ever configured EDNS?

5 April 2021

F5 LTM – DoH & DoT to DNS Proxy

I’ve come across an F5 class about DNS over HTTPS/DNS over TLS which is really interesting to learn how to configure these services with F5 BIG-IP. I’ve recorded a video where I show how to configure F5 BIG-IP as DoH and DoT to DNS Proxy, which means that BIG-IP translates DoH and DoT requests to DNS requests. You can watch DoH to DNS is a little bit more difficult to configure than DoT to DNS because the first one requires an iRuleLX while the second one only requires an SSL certificate. As a result, DoT to DNS configuration is easier than DoH to DNS. It’s much better you watch the video.

Have a nice day!! Are you configuring these kind of services?

29 March 2021

DNS over HTTPS (DoH) - DNS over TLS (DoT)

I wrote about DNS Security weeks ago because there are increasingly remote users working outside the protected walls and companies want to increase the security of their activities and resources. The DNS-layer security should be the first line of defense against threats because DNS resolution is the first step in Internet access. Some web browsers are already relying on DoH (DNS over HTTPS) for their own IP resolution. But using DoH with an untrusted public DNS service risks misuse of browsing data and reveals applications being utilized. In order to better protect remote workers, companies should therefore instead consider extending their private DNS recursive service and manage the DoH themselves.

Building a private DoH infrastructure

On the one hand, if you are going to install a DNS over HTTPS (DoH) infrastructure, you’ll need to configure a proxy farm to take HTTPS requests and sending it to traditional DNS servers. F5 BIG-IP can work as a proxy farm to transpose the data from HTTPS requests and translate into a traditional DNS request. Thanks to iRulesLX engine based on Node.js, BIG-IP can handle DoH translations. DoH requests either arrive at the BIG-IP in an HTTPS POST with a binary payload or a base64url-encoded GET request parameter. These requests are translated from HTTPS to DNS easily by F5 BIG-IP.

DoH to DNS Proxy

On the other hand, if you are going to deploy a DNS over TLS (DoT) infrastructure, you’ll also need to configure a proxy farm to take TLS requests and sending it to traditional DNS servers. BIG-IP can also work as a proxy farm to transpose the data from TLS requests and translate into a traditional DNS request. However, DoT-to-DNS configuration is easier than DoH-to-DNS configuration because proxying DoT queries to traditional DNS only require a classic BIG-IP high-performance SSL offloading profile and no iRule is needed.

DoT to DNS Proxy

These infrastructures are not difficult to configure but if you don’t know how to do it, iApps can help you. There is already a DNS over HTTP iApp which creates an iRule to perform resolution of DoH traffic. Firstly, you have to create a pool containing DNS resolvers. Secondly, install the iApp as a template. Thirdly, create the application service with the iApp. Fourthly, create a virtual server listening on port 443 with TCP, HTTP and Client SSL profile. Finally, test the deployment.

DNS over HTTP iApp

Testing the deployment is really simple because most browsers support DoH. For instance, Firefox can be used as a DoH client. It is configured in the about:config page. Firstly, we set network.trr.uri to our custom virtual server URL. Secondly, we should also enable network.trr.useGET as it’s a bit faster than using POST. Thirdly, we set network.trr.mode to 3, which means we want Firefox to only use DoH. Finally, the network.dns.skipTRR-when-parental-control-enabled disables Firefox’s feature that disables DoH when parental control via DNS is sensed on the network.

Test Driving DNS over TLS to Traditional DNS

To sum up, proxying DoH and DoT queries to traditional DNS is easy to configure and test with a BIG-IP proxy farm. It’s up to you if you want to protect your remote workers and extend your private DNS recursive service.

Have a nice day!! Would you like to deploy a DoH or DoT infrastructure?

22 March 2021

Data Access Governance

I remember once a customer asked me to audit a large file system with lots of folders and files. He wanted to know who had access to each file, when files were created and when they were changed for the last time, as well as, he wanted to know the categorization of each file, what kind of files (text, image, video, etc) were in NAS systems and how much space these files were using in the file system. We installed Data Access Governance (DAG) tools for that project and it was really successful. Today, DAG tools are increasingly deployed and it seems they will be quite useful for most companies in the near future.

Data Access Governance solutions help companies understand and secure their Structured and Unstructured Data. On the one hand, structured data is stored in databases and business applications and user access is usually provisioned to these systems by an Indentity and Access Management (IAM) platform. On the other hand, unstructured data are documents, spreadsheets, presentations and other files created by end users. These files are tipically contained in shared folders, network filers and cloud repositories such as DropBox and Amazon S3. As a result, Data Access Governance solutions help you to implement controls of your data.

Data Access Governance Solution

There are lots of use cases where Data Access Governance solutions are useful for organizations. One use case is to identify open access locations where permissions are granted to “Everyone” or “Authenticated Users” and close them down to put them under control. Another use case is to control privileged access to business applications and file systems as well as gaining visibility into what these users are doing with those permissions. One of the use case I really like is gaining visibility into Active Directory groups to know how these groups are used to grant the properly access to data. However, there are many other use cases.

Here the report you asked for boss

How this kind of solutions are deployed? Data Access Governance projects are mainly five steps. The first step is to discover where data lives to obtain a complete view of the data footprint. We have to know if data are stored in shared folders, network filers, such as NetApp or EMC, SharePoint or cloud repositories. The second step is to collect and analyze relevant data points to answer critical questions like sensitivity, access, ownership, age, etc, as well as, obtain categorization and statistics of data used.. The third step is to monitor activity to understand user interactions with data. The fourth step is to restructure access to achive least privilege principles and position for effective governance. We are going to improve security policies and modify permissions in this fourth step. Finally, the fifth and last step is to govern access ongoing to ensure security, compliance, and operational standards are met.

Securing data access begins with access to data

If you are interested in Data Access Governance, you may also be interested in Active Directory Security solutions to protect critical objects from unauthorized change or access, Data Privacy solutions to mitigate, prevent, detect and respond to advanced threats to credentials and sensitive data in real-time, and Privileged Access Management solutions to remove the user’s access completely and clean the system to match desired state.

A fresh perspective on your data

Have a nice day!! Do you govern your data?

15 March 2021

SASE - Secure Access Service Edge

There are lots of useful tools for securing the endpoint. We know lots of tools for securing servers. There are lots of tools for securing the company as well as the data which are used by employees, customers and providers. We may think we know everything for securing companies such as firewall, antivirus, SIEM, etc but the pandemic is changing companies and how we work today. There are lots of people working from home, consequently, there are new technologies for securing companies.

One of the new technology that companies are installing lately with the pandemic is SASE. This is not a product but a new architecture in security and networking. Actually, SASE consolidates several security and networking technologies, which were usually deployed one at a time. However, SASE intetrages all of them. The SASE primary functions are SD-WAN, FWaaS, SWG, CASB and ZTNA.

Components of the SASE Model

SD-WAN is one of the SASE primary function. I installed SD-WAN for the first time six years ago when a customer needed to connect eight WAN routers to a firewall. They wanted to create rules by applications in the firewall because some applications had to use specific WAN links. For instance, there was a link for VPN, another link for the webpage, another for mail and another for Internet access. SD-WAN for SASE is similar than that but for endpoints. The remote laptops, computers and smartphones are going to know whether they have to access to the datacenter throught VPN or access to SaaS applications directly. This is a great benefit because endpoints won’t have to access to the datacenter to access to SaaS applications and there is an important bandwidth savings. 

Secure SD-WAN + CASB

Most operating systems have a firewall by default which provides control for outbound and inbound internet traffic across all ports and protocols, but if we need visibility, reporting and application control, we’ll have to disable the default firewall to install a new powerful firewall. In addition, centralized management from the cloud is really useful. Therefore, Cloud-delivered firewall (CDFW) or FWaaS is another primary function in SASE architectures.

Firewall as a Service

I’ve configured lots of web filtering profiles in UTM firewall. They are useful to block access to malicious websites. We can even configure SSL inspection to protect the organization from hidden attacks. This is another primary function for SASE. We should be able to configure a Secure Web Gateway (SWG) to protect enpoints to access to malicious websites. This is another feature which requires visibility, reporting and configuration from a centralized management system when we have lots of devices.

Secure Web Gateway

The Cloud Access Security Broker (CASB) functionality and the Zero Trust Network Access (ZTNA) functionality are also two primary function of the SASE architecture. The aim of CASB is to extend visibility into cloud applications in use as well as application details and risk information. On the other hand, ZTNA has a strategic approach of eliminating trust, as a result, all resources are considered external and continously verifies trust before granting only the required access.

A typical ZTA user identity and access management implementation

Be happy my friends! Did you know SASE?

8 March 2021

DNS Security

We don’t know yet how is going to be the next years after the pandemic. It seems there will be lots of remote users working from home. There will be lots of people working out of the office. As a result, there will be more and more services published on the Internet instead of the Intranet because remote users have to access to these services for their daily working. In addition, these remote users are out of the scope of the security perimeter. Therefore, they are going to have, from time to time, direct access to the Internet.

One of the services which is mandatory required to published on the Internet is the DNS service because remote users have to resolve domain names to IP addresses for working from home. This new requirement is dangerous for DNS servers because they are going to be the target of all types of DNS-based attacks, from stealth to volumetric attacks, including cache poisoning, DDoS attacks, DNS tunneling, DGA malware and UDP flood. Consequently, DNS servers have to be protected with a DNS Guardian.

DNS Guardian

On the other hand, remote users are mainly working from home and, therefore, they are going to have direct access to the Internet. This decentralization has security challenges for the IT security team such as visibility, complexity and security. Companies want security protection on and off network for employees as well as rapid deployment and flexible enforcement levels for all ports and protocols. These security challenges can be achieved with a DNS-layer security, a secure web gateway, a security broker and a firewall.

DNS-layer Security

The DNS-layer security should be the first line of defense against threats because DNS resolution is the first step in Internet access. The aim is blocking requests to malicious and unwanted destinations before a connection is established. In addition, most IT security teams like visibility and statistics to know the DNS activity. However, most DNS-layer security tools require an agent installed on the computer where we are going to enforce the categories allowed and denied. What’s more, central management and visibility is always required when we have to manage lots of computers.

DNS Filter

I would like to highlight two useful technologies for companies who don’t want to install an agent on users’ computers for blocking requests to malicious sites. DNS over HTTPS (DoH) and DNS over TLS (DoT). Both technologies are security protocols designed to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via MITM. These protocols are supported by most operating systems and browsers, as a result, we can easily configure DNS servers and proxy servers to resolve the remote users’ DNS request and thus protect users from malicious sites.

DoH - DNS query and response transported over a secure HTTPS stream

To sum up, I think the DNS layer is increasingly important for the endpoint protection because it is the first step in Internet access but we should take into account that both, servers and clients, should be protected from malicious attacks.

Have a nice day! Are your clients and DNS servers secure?

1 March 2021

Cybersecurity Training

If you want to learn about cybersecurity, you can take training for free at FEVAL in Extremadura. This year is the fourth edition and there will be six courses. Moreover, the training is online and I’m the teacher. It’s great! Fantastic! I’m happy! In fact, there will be virtual lessons where I’m going to talk about security, systems, networks, forensics and lots of good tech things. Therefore, if you like cybersecurity, go ahead, I’m waiting for you!

Cybersecurity Training Schedule

The first two modules are about Security on Networks and Systems. I’m talking about security awareness, methodologies and tools in the basic course. For instance, we have been talking about ISO 27001 and we have also configure a virtual firewall. On the other hand, we’ll talk about Information Security Governance in the advanced course but there will also be labs with Web Application Firewall, Wireshark and web debugging proxy. Actually, I like to talk about the security stuff I’m working on.

If you love security, you can continue with the Hacking courses. There will be two modules about hacking where you can learn technical skills such as vulnerability assessment, DoS attacks or Buffer Overflow. There will be lots of labs with Kali Linux, Greenbone and the Social-Engineering Toolkit (SET). We will even develop a malicious WhatsApp Messenger where students are going to test their own malware into the smartphone. Therefore, I think these hacking training courses are for people who love attacking and protecting systems.

If you really love security, you maybe would also like learning about Forensics. Students will learn methodologies, procedures and techniques to look for electronic evidences in this course. We are going to use forensics tools such as FTG Imager, fcrackzip or exiftool. In addition, students will search CTF (Capture The Flag). I have some CTF ready for them. What’s more, we are going to dig into a Fileless Malware. It will be amazing!!

Finally, this fourth edition has a new course about Mobile Device Security. Students will learn concepts and techniques to secure mobile devices such as smartphones and tablets. In addition, they are going to learn tools to connect to remote networks and servers. We will also learn mobile architectures as well as risks and threats. I think, this is a course with lots of new interesting things where students will enjoy learning security.

To sum up, there is a cybersecurity training waiting for you. There are lots of labs, attacks and techniques ready for you in these lessons. This is maybe the beginning of your career as a security consultants. As a result, you will realise there are still lots of thing for learning. I hope see you soon in the virtual lessons.

Have a nice day! Keep studying!

22 February 2021

Cybersecurity Services

I came across an RFP last week about Cybersecurity Services for a spanish public administration which, I think, is really interesting because the RFP addresses the main cybersecurity services to protect data and services of citizens. However, these cybersecurity services can also be applied to protect data and services of any company. What’s really interesting is the well-written of the RFP where there are only cybersecurity services and not other kind of services. Therefore, cybersecurity companies can applied easily to this RFP.

First of all, the National Security Scheme, or ENS in spanish, has to be implemented as well as the General Data Protection Regulation (GDPR). As a result, ENS requires to write the adaptation plan, security policy, risk analysis, incident response plan, security awareness, etc. On the other hand, GDPR requires data protection impact assessments, record of processing activities, etc. In addition, GDPR requires a Data Protection Officer (DPO). All of these tasks are mandatory and are really important before taking the plunge to technical tasks.

The IT Security Audit should be the next step to know the security status of the organization. This is the best way to have the security measures which have to be implemented. What kind of security audit is required? A pentesting is mandatory as well as a networking audit to know the vulnerabilities of all assets connected to the network. In addition, they require IDS/IPS, NAC and VPN appliances to control all devices which are going to be connected to the network.

There is a big chapter about monitorization and protection where there are network firewalls and web application firewalls (WAF) as well as web monitorization to know availability of web applications. What’s more, there is a DNS Security service to block access to malicious websites at the DNS layer. In addition, all of these appliances and services will protect users and services from malicious attackers.

Finally, the RFP requires an Incident Response Service, Security Assessment and Training. I think these services are important to be up to date in cybersecuirty subjects because they are going to be able to ask advice of any security matter as well as they are going to have an incident response team to investigate network intrusions and mitigate data loss. Moreover, this chapter includes a SIEM appliance to get all security logs and improve security visibility.

To sum up, you can see here an overview of an RFP. You can see all services and appliances you can require. It’s up to you to require all of these services, or even include more security services or devices, but it’s highly recommended to ask only security things instead of requiring other kind of services which are not security things, because if you mix security with something else, most cybersecurity companies will not able to apply to your RFP.

Have a nice day my friends! Drop me a line with the first thing you are thinking!

15 February 2021

UK’s National Cyber Force (NFC)

I didn’t know what to write this week in the blog but I wanted to write. I’ve been reading about the new European Cybersecurity Policy, which is still a draft policy. I’ve been also reading about FortiNAC, F5 BIG-IP, Kubernetes & Nginx but I didn’t feel like writing about it. Finally, I’ve come across a news, I saved weeks ago, about the new National Cyber Force (NCF) announced by the UK government. Therefore, I’m going to write about this new taskforce and what are the principal objectives of the NCF.

At the end of the last year, the UK Primer Minister announced a new partnership: the National Cyber Force (NFC). This new partnership is the result of cooperation of four organizations: MoD, GCHQ, MI6 and DSTL. In fact, these four organizations are going to collaborate under one unified command for the first time. It seems there is no other organization like this in the world, to date. This specialist cyber unit is going to multiply tenfold the number of government employees in offensive cyber and cyber-crime roles over the next ten years, which are to be drawn from security services, the military and industry.

What’s amazing is that this specialist cyber unit has the objective to degrade, disrupt and even destroy communications systems of those that pose a security threat. Therefore, they can use whatever they want, such as hacking tools, intelligence information or deception tools, to attack to somebody, company or country who is a security threat for them. It’s also interesting the NFC will use behavioural science tactics to communicate with attackers to undermine their morale and dissuade them. All of these tactics are in contrast to the actual NCSC body which main function is to help the public sector, businesses and the public to respond to, and recover from, cyber incidents.

The change from defensive to offensive is the result of a comprehensive government review into security and defence policies. In fact, the defence spending will raise to 2,2% of GDP where there is also a budget for a new agency dedicated to Artificial Intelligence and a new "Space Command". This change, from defensive to offensive, is due to the fact that China and US are also changed to offensive operations in 2019. Moreover, Brexit and COVID-19 have increased the threats of hybrid warfare influencing the creation of NFC.

I would like to have more information about the Force’s activities but most of them will be secret and clandestine. In fact, the secrecy will be crucial for the success of operations. However, all operations will have to be approved by the government. We’ll see! As offensive operations will have to be coordinated with defensive operations, maybe, we’ll see a little bit weird defensive operations.

Have a nice day my friends! Did you know this Force?

8 February 2021

EU Cybersecurity Strategy (III)

This is the third week writing about EU Cybersecurity Strategy. I’ve already read the whole strategy. The first chapter is mainly for building European cyber security technology. The second chapter is mainly for building operational capacity to prevent, deter and respond. However, this third chapter tell us about how the EU is going to work with international partners such as third countries, international organizations and the multi-stakeholder community. In addition, this third chapter tell us how the EU wants to lead on standards, norms and frameworks in cyberspace.

The EU wants to step up its engagement in, and leadership on international standardisation processes, and enhance its representation in international and European standardisation bodies. The Commission would also like to develop an EU position on the application of international law in cyberspace as well as the EU wants to continue the leadership on the protection and promotion of human rights and fundamental freedoms. Furthermore, the EU will continue to support third countries that wish to accede to the Council of Europe Budapest Convention on Cybercrime.

There is one really interesting sentence in this third chapter, which says “No single entity, government, or international organisation should seek to control the Internet”. Therefore, the EU will strongly support and promote the multi-stakeholder model for Internet governance. This means the Commission will reinforce regular and structured exchanges with stakeholders, including the private sector, academia and civil society. What’s more, I think it’s really interesting how the Commission wants to promote the EU vision of cyberspace, and exchange information, with an informal EU Cyber Diplomacy Network.

Finally, the EU Cybersecurity Strategy would like to develop an EU External Cyber Capacity Building Agenda to steer efforts in line with the External Cyber Capacity Building Guidelines and the Agenda 2030 for Sustainable Development. In addition, I think it’s really useful that the EU continue to assist countries in tackling the growing challenge of malicious cyber activities that harm the development of societies and the integrity and security of democratic systems. Actually, it’s not only useful but also needed.

To sum up, I think this third chapter has lots of interesting initiatives. I really like the informal EU Cyber Diplomacy Network to exchange information and expand EU cyber dialogue with third countries, regional and international organisations and I also like the Commission takes into account the integrity and security of democratic systems. Obviously, the application of human rights and fundamental freedoms in cyberspace is really important. Therefore, it’s mandatory to be in the strategy.

Have a nice day my friends!

1 February 2021

EU Cybersecurity Strategy (II)

I wrote about EU Cybersecurity Strategy last week and I’m going to keep writing about it this week. I’ll write about building operational capacity to prevent, deter and respond. I’ll write about how Member State authorities are going to build a systematic and comprehensive information sharing and they are going to cooperate for a common response. This is the second chapter of the strategy where all EU institutions, bodies and agencies have to agree each other how they are going to cooperate against cyber threat.

The first step for cooperation will be a Joint Cyber Unit which will be a virtual and physical platform with a focus on operational and technical coordination against major cross border cyber incidents and threats. This Unit will have a “need-to-share” mind-set and will harness the progress achieved within the NIS Cooperation Group and the CyCLONe Network. The Unit would fulfil three main objetives: preparedness, awareness, and response.

Most people use technology and most of us have a dependence on online tools. As a result, the attack surface has increased exponentially. There are lots of types of crime with a digital component which require identification and prosecution of offenders. Therefore, tackling cybercrime effectively is another key factor in the EU Cybersecurity Strategy. The Commission wants to improve the capacity of law enforcement to investigate cybercrime, fully respecting fundamental rights and pursuing the required balance between various rights and interests.

The EU Cybersecurity Strategy also highlights the cyber diplomacy toolbox, which is a range of measures, including sanctions, for a diplomatic response to malicious cyber activities. According to the strategy, there will be a Member States’ EU cyber intelligence working group residing within the EU Intelligence and Situation Center (INTCER) to advance strategic intelligence cooperation on cyber threats and activities.

Finally, boosting cyber defense capabilities is another strategic iniciative to prevent, discourage, deter and respond to malicious cyber activities. Review the Cyber Defense Policy Framework (CDPF) and facilitate the development of an EU “Military Vision and Strategy on Cyberspace as a Domain of Operations” for CSDP military missions and operations are objetives for cyber defense capabilities, as well as, support synergies between civil, defense and space industries; and reinforce cybersecurity of critical space infrastructures under the Space Programme.

To sum up, this second chapter of the EU Cybersecurity Strategy is mainly focused on cyber defense with a new Unit, new laws and new diplomacy tools to prevent cyber threat.

Have a nice day! I encourage you to read this kind of strategies to learn deeply about Cybersecurity!

Related Posts Plugin for WordPress, Blogger...

Entradas populares