Loading...
Publication
Cibersegurança das infraestruturas críticas nacionais
| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 2.28 MB | Adobe PDF |
Authors
Advisor(s)
Abstract(s)
Segundo o Conceito Estratégico de Defesa Nacional (CEDN) aprovado em 2013, o novo ambiente de segurança obriga a uma capacidade de resposta diferente das Forças Armadas (FFAA), isto é, os investimentos de modernização devem concentrar-se em equipamentos de indiscutível utilidade técnica e estratégica em função das capacidades necessárias ao cumprimento das missões prioritárias assumindo grande importância a definição de uma estratégia civil e militar integrada. Assumindo que os ciberataques se manifestam como uma ameaça crescente às Infraestruturas Críticas (IC) em que os potenciais agressores poderão incapacitar totalmente a estrutura tecnológica de um estado nação moderno (CEDN, 2013), este trabalho discute a proteção das IC na perspetiva da gestão do risco relacionado com a cibersegurança e a ciberguerra, e no envolvimento e contribuição potencial das FFAA e das forças de segurança para a gestão desse mesmo risco. Em particular, este trabalho estuda a possível participação das FFAA na ciberdefesa/cibersegurança das Infraestruturas Críticas Nacionais (ICN).
Com base numa recolha de documentação da União Europeia, Força Aérea Portuguesa e Forças Armadas, bem como da informação recolhida em entrevistas aos especialistas, é realizada uma análise aos conceitos de ciberdefesa e cibersegurança e às metodologias de gestão de risco RAMCAP e ISO 31000, e será da interligação destes conceitos com a informação retirada das entrevistas aos especialistas que serão estabelecidas as conclusões do trabalho.
Conclui-se que as FFAA têm espaço não só na ciberdefesa das ICN mas também na cibersegurança, intervindo não só nos três casos de exceção previstos na lei, mas também na monitorização constante do ciberespaço, sendo a segurança e defesa do ciberespaço o resultado de um trabalho conjunto e combinado.
Finalmente, este trabalho recomenda que as FFAA, como parte interessada na cibersegurança das ICN, passem a apoiar na definição dos requisitos de segurança das mesmas em conjunto com o Centro Nacional de Cibersegurança (CNCS) e com a Autoridade Nacional de Proteção de Civil (ANPC).
In accordance with the ‘National Defense Strategic Concept (CEDN)’, approved in 2013, the current security environment requires a different response capacity from the Armed Forces. In essence, this means that investment in modernization should focus on equipment of indisputable technical and strategic utility according to the capacities necessary to carry out priority tasks, thus assuming a greater level of importance in defining a civil and military integrated strategy. Assuming that cyber-attacks manifest themselves as an escalating threat to the CI in which potential aggressors may fully incapacitate the technological structure of a modern nation state (CEDN, 2013), the current paper discusses the protection of the IC within the perspective of risk management related to cyber-security and cyber-warfare, as well as the involvement and potential contribution of the Armed Forces and security forces in the management of the risk in question. In particular, this work studies the possible role of the Armed Forces in ICN cyber-defense/cyber-security. In this dissertation, a collection of European Union, Portuguese Air Force and Armed Forces documentation, as well as information gathered during interviews with experts, has been used as a basis for analysis in the light of the concepts of Cyber Defense and Cyber Security, and to the risk management methologies RAMCAP and ISO31000. Through linking the information derived both from theory and from the information gathered during the interviews, we find the interconnection that allows us to the conclusions. We can conclude that the Armed Forces have the necessary space, not only in relation to cyber-defense of the NCI, but also in terms of cyber-security; intervening not only in the three exceptional cases predicted by law, but also in the constant monitoring of cyberspace. The security and defense of cyberspace come as a direct result of this combined work. Ultimately, this paper recommends that the Armed Forces, as an interested party in ICN cyber-security, take part in defining the respective security requirements jointly with the CNCS and ANPC.
In accordance with the ‘National Defense Strategic Concept (CEDN)’, approved in 2013, the current security environment requires a different response capacity from the Armed Forces. In essence, this means that investment in modernization should focus on equipment of indisputable technical and strategic utility according to the capacities necessary to carry out priority tasks, thus assuming a greater level of importance in defining a civil and military integrated strategy. Assuming that cyber-attacks manifest themselves as an escalating threat to the CI in which potential aggressors may fully incapacitate the technological structure of a modern nation state (CEDN, 2013), the current paper discusses the protection of the IC within the perspective of risk management related to cyber-security and cyber-warfare, as well as the involvement and potential contribution of the Armed Forces and security forces in the management of the risk in question. In particular, this work studies the possible role of the Armed Forces in ICN cyber-defense/cyber-security. In this dissertation, a collection of European Union, Portuguese Air Force and Armed Forces documentation, as well as information gathered during interviews with experts, has been used as a basis for analysis in the light of the concepts of Cyber Defense and Cyber Security, and to the risk management methologies RAMCAP and ISO31000. Through linking the information derived both from theory and from the information gathered during the interviews, we find the interconnection that allows us to the conclusions. We can conclude that the Armed Forces have the necessary space, not only in relation to cyber-defense of the NCI, but also in terms of cyber-security; intervening not only in the three exceptional cases predicted by law, but also in the constant monitoring of cyberspace. The security and defense of cyberspace come as a direct result of this combined work. Ultimately, this paper recommends that the Armed Forces, as an interested party in ICN cyber-security, take part in defining the respective security requirements jointly with the CNCS and ANPC.
Description
Aspirante a Oficial-Aluno Piloto-Aviador 137731-A Eduardo Luís Gonçalves Pequeno de Oliveira e Silva.
Júri:
Presidente: Cor/EngEl Luís Filipe Basto Damásio;
Orientador: Professor Doutor Paulo Cardoso do Amaral;
Coorientador: TCor/EngInf José Manuel António Gorgulho;
Vogal: TCor/EngInf Ana Cristina Domingos de Oliveira Rodrigues Telha
Keywords
ICN FFAA Ciberdefesa Cibersegurança Guerra da informação National critical infrastructure Armed Forces Cyber defense Cyber security Information warfare
Citation
Publisher
Academia da Força Aérea