Emmanuelle Ganne, International Trade Expert and Senior Analyst, Economic Research Department at WTO thanks Shashank especially in her study for his sound technical advice. One snippet from her text:
Blockchain is much more than Bitcoin. Blockchain’s first implementation as the technology underpinning Bitcoin has led many to associate Blockchain with Bitcoin. However, the potential use of Blockchain goes well beyond the world of cryptocurrencies. For some, it is a technology that will change our lives, while for others it is a pipe dream; no technology has stirred up so much debate since the advent of the internet. However, despite the numerous headlines on Blockchain, the technology remains difficult to apprehend for many. Blockchain: a tamper-proof, decentralized and distributed digital record of transactions that creates trust and is said to be highly resilient. A blockchain is a decentralized, distributed record or “ledger” of transactions in which the transactions are stored in a permanent and near inalterable way using cryptographic techniques. Unlike traditional databases, which are administered by a central entity, blockchains rely on a peer-to-peer network that no single party can control. Authentication of transactions is achieved through cryptographic means and a Mathematical “consensus protocol”* that determines the rules by which the ledger is updated, which allows participants with no particular trust in each other to collaborate without having to rely on a single trusted third party. Thus, Blockchain is, as The Economist calls it, a “trust machine”. Participants in a blockchain can access and check the ledger at any time.
This is just one instance of how UNICC is beginning to support a host of Clients with blockchain solutions.
CSA-MISTI Host Cyber Experts in Orlando, Florida Dec 10-13, 2018
Tima Soni of UNICC presents on Cloud Security for Social Good
The Cloud Security Alliance (CSA), a leading organization dedicated to defining standards, certifications and best practices to ensure a secure cloud computing environments, held their annual congress Dec. 10-13 in Orlando, Florida. The congress was co-hosted by MIS Training Institute (MISTI), an international leader in audit, IT audit and information security training, with offices in Boston and London. This year’s event focused on areas of growth in cloud security, including standardization, transparency of controls, mobile computing, Big Data in the cloud, innovation and social good.
Over forty speakers gathered in front of hundreds of attendees, who had the additional benefit of taking training for up to 22 CPE credits from across vertical industries, such as Abacode, Adobe, Cisco, Cloud Security Alliance, Arizona State, Darktrace, Greenway Health, UNICC, Intuit, Oracle, Raytheon, Salesforce, Starbucks, Symmetry Blockchain, Tripwire, Turner BroadcastingWeb.com, Zscaler and more.
Topics ranged from Creative Disruption, Blockchain, Alexa, Where is my PII?, Re-thinking information security for the digital transformation era, Infosec for Containers and Serverless Environments to Cloud for the Homeless, A secure Internet of Things, Cloud Security for Social Good, and Devsecops.
New technologies create exciting opportunities for today’s agile enterprises. However, these same technologies have also opened the door to clever adversaries in search of new attack vectors. We’re excited to be developing an industry event that will bring together global security experts and cloud providers to discuss such critical issues as global governance, the latest technology and security innovations in order to help organizations address the new frontiers in cloud security.
Jim Reavis, co-founder and CEO of the Cloud Security Alliance
Tima’s keynote speaking session on December 12 highlighted the values and particulars of cloud security in the humanitarian international development sector.
She emphasized UNICC’s common services in many areas of information security to UN Agencies and other Partners who are leveraging cloud platforms to support humanitarian causes. Why common services? Each agency has its own people, processes and technology solutions for security – but together they can optimize and extend their security posture and delivery by learning from and collaborating with others. Common Secure services – UNICC’s inter-Agency threat intelligence network – is just one way UN entities can best secure and improve their security positioning.
Some United Nations Agencies have been leveraging cloud computing platforms for years, while others have been or still are cloud-averse. Some are avid and agile private, hybrid and public cloud users with decreasing on-premises footprints. In this keynote, Tima will share what has worked for many of UNICC and its partner agencies and how the UNICC continues to build security services that address the risks that the cloud brings in the context of delivering the sustainable development goals and other programs for social good.
Joint agency workshop on information protection and data privacy
Speakers Kadiatou Sall-Beye (ITU), Soren Thomassen (UN Women), Aldo Gomera (PAHO), Diana Rusu (UN Women) and Mila Romanoff (UN Global Pulse)
UNICEF, UN Women and UNICC hosted an all-day information security best practices workshop on October 29, 9:00-5:00 p.m. with the idea that cybersecurity can be a driver of programme delivery in a UN Agency, rather than an afterthought. Cybersecurity can be central to the new UN Strategy on New Technologies and central to an Agency’s core mission and mandate. A strong cybersecurity strategy fuels agency innovation and growth. It reduces costs and lowers risks, while also making Agencies more efficient and inventive. It helps with the development of digital offerings and business models that help Agencies win. It helps with the development of digital offerings and business models that help Agencies win. It is central to information protection and data privacy. There were forty participants from UN Women, UNICEF, UNICC, UNJSPF, IMD and UNFPA.
UNICC’s roles included assisting UNICEF with the facilitation and setup of the event, as well as three presentations (from Tima Soni, Nitesh Kudva and Tom Beulens – see below).
Today’s rapid digital and technological transformations have brought us to another critical moment. They inspire hope of immense benefits that can elevate the human condition everywhere.
UN Secretary-General Antonio Guterres, Strategy on New Technologies
Challenges and opportunities abound – data privacy and information protection remain paramount. Cyber security is a mission-enabler. Investments in digital business solutions and innovation require oversight, an enterprise outlook, with a view to integration points and security risk mitigation. Bring IT into the light through best practices by embedding security standards in programme delivery.
Description/goals: This will be an all-day workshop sponsored by UNICEF, UN Women and UNICC on the role of cyber security and information protection and data privacy best practices in delivering on organizational missions and mandates. The goal is knowledge sharing between CISOs, business units and stakeholders to highlight successes and discuss current challenges.
Venue: UN Women HQ, 220 East 42nd Street, New York, NY 10017, 19th floor, 9-5 pm (+/- 50 people)
Participants: UN Agency stakeholders in security; CIOs and CISOs, procurement management, information security and ICT management personnel, programme staff, etc. including NY-based UN Agencies: UNICEF; UNICC; UN Women; UNFPA; UNJSPF, PAHO, ITU, UNFCU, IMD, etc.
Speakers:
Soren Thomassen Chief, Information Systems and Telecommunications, UN Women
Chris Larsson Chief, Deputy Director of Strategy, Risk Management and Governance, UNICEF
Jorge Torres, Chief, IT Security, UNICEF
Mila Romanoff, Legal and Privacy Specialist, UN Global Pulse
Aldo Gomera, Information Security Officer, PAHO
Kadiatou Sall-Beye, Project Officer, LDCs, ITU
Diana Rusu, Innovation and Knowledge Management for Women’s Economic Empowerment, UN Women
Panel: Speakers above plus:
Tima Soni, Chief Information Security Officer, UN Women
Panel Moderator: Chris Larsson Deputy Director of Strategy, Risk Management and Governance, UNICEF
Afternoon Workshop Speakers above plus:
Tom Buelens, Information Security Specialist, UNICEF (from UNICC)
Nitesh Kudva, Information Security Specialist, UN Women (from UNICC)
Summary: The goal of the UN Secretary-General’s Strategy on New Technologies is to define how the United Nations system will support the use of technology to accelerate the achievement of the 2030 Sustainable Development Agenda. Cyber Security can be a natural partner to help get this right.
This workshop highlighted what UN Agencies have been up to on this front. Over recent years UN Women, UNICEF and UNICC (as well as UNDP, PAHO, IMF and others) have gone through significant changes in their ICT delivery model and cyber security postures. These have led to streamlined, secure and cost-effective solutions with an increased awareness of IT process improvement as well as a cultural shift towards IT as a service to the organization. Programme staff, solutions centre resources, business relationship managers, procurement, legal, and ICT stakeholders can learn a lot about optimising their delivery of the work these organizations deliver.
Aligning organizational operations and Information/cyber security:
Information protection and data privacy
Advancing organizational mandates with strong cyber security framework
Aligning cyber security to organizational mandates
Aligning IT/Information Security with procurement of ICT services/solutions procurement
Capturing and classifying assets. A waste-of-time and an Investment
Security Assurance Testing and Reviews
Business driven Risk Management
Operationalisation
Striking a balance with internal and external resources
Pressures, pain points and organizational challenges
ISO YES or ISO NO.
Sessions included:
Welcome Soren Thomassen
Opening Chris Larsson and Jorge Torres
Data for Humanitarian Action: a Legal Perspective – Mila Romanoff
Innovation and Security for Women’s Economic Empowerment – Diana Rusu
UNICC partnered with Microsoft, with a co-sponsorship from UN OICT and UNICEF, to organize and host a half-day Security Summit in the context of the ICT Network meeting in NYC on 26 October. This summit provided a moment of unique opportunity for all UN ICT Network organizations to get together for some joint reflection over the most recent trends in cyber threats and corresponding approaches to cyber defense and security.
Participant organizations, from the UN Secretariat, UNICEF, UNICC, UNJSPF, UNFPA, IMD, PAHO, IMF, CTBTO, IAEA, UNWTO, and UNHCR and others, had the opportunity to better understand key challenges and threats affecting global digital security, while understanding fundamentals and needs for an effective defense and protection of the UN system, while leveraging in the best way possible all the tools available on the current Microsoft 365 platform already in use by most of the UN system organizations. Alex Pinho, Global Lead of the Tech for Social Impact Group at Microsoft, was quick to welcome all participants and highlight the new partnership between UNICC and Microsoft, considering UNICC as a trusted broker to work with other UN Agencies in deploying security solutions including those from Microsoft.
The sessions included the opportunity to hear Salem Avan, Director, Global Services Division at the United Nations, give his perspective on UN cybersecurity and a cyber defense agenda, understanding the latest principles and trends of intelligent modern security, with a deeper look into Microsoft 365 integrated Security Suite and the way to best leverage for and UN system protection, with a virtual visit to one of the most advanced cyber defense centers at global scale, closing with a joint reflection and alignment on the key security principles that should be followed by all UN organizations.
UNICC has been working all fall with the Microsoft Tech for Impact Group to set up a new strategic partnership to give a new role to UNICC for UN Agencies and other related institutions, including Cloud Solution Provider and MS Security Certified Partner status.
Marco Liuzzi and Nitesh Kudva presented on behalf of UNICC, introducing UNICC’s strategic relationship with Microsoft and looking under the hood at some of UNICC’s infosec services, including the Common Secure Threat Intel Network services and UNICC’s brand-new Common Secure Operations Centre (CSOC). The session took place at the Microsoft Technology Center in New York, located at 11 Times Square (between 41nd street and 8th Avenue).
There was a strong participation of all the UN ICT Network organizations that speaks to the need for a strong conversation, good collaboration and shared services to get cyber security right.
From mobile and web apps to enterprise collaboration platforms, digital transformation strategy support, agile project management and cloud support, UNICC is there to supports its Clients and Partner Organizations
UNICC Shares Some of Its Innovations for the UN Chief Executives Board
The UN Innovation Network (UNIN) and a few of its friends have created a video montage for the Chief Executives Board (heads of UN Agencies and the Secretary General) meeting in November. They wanted to show contributions from Agency offices and staff around the globe. UNICC took the opportunity to share some snippets of what we do… some single sentences about how we support our Clients and Partner Organizations in their programme delivery. They will share it with CEB participants in a fun and informal way, making it available publicly on the UNIN website here:https://www.tribute.co/unceb/.
Several participants spoke about the Internet of Good Things. See UNICEF stories for really interesting ideas in that respect. The video is about half an hour – feel free to watch the whole thing or skip around to find your UNICC colleagues.
From top left:
› Anny Rosyani (Geneva)
› Maria Antonia Rodrigues (Geneva)
› Liliana Oceguera (Brindisi)
› Roberto Anile (Rome)
› Gianluca Nuzzo (Brindisi)
› Bill Allen (New York)
› Hung Pham Ngoc (Hanoi)
› Daniela Mezzadri (Valencia).
Specialized Agency of the United Nations since 1948
Promoting social and economic development
The Universal Postal Union (UPU) has submitted a request to become a Partner of UNICC, which was approved by the Management Committee 29 August 2018.
The UPU became a specialized agency of the United Nations (UN) on 1 July 1948. It contributes to the development of UN policies and activities that have a direct link with its mandate and missions to promote social and economic development.
Established in 1874, the Universal Postal Union with headquarters in the Swiss capital Berne, is the second oldest international organization worldwide. With its 192 member countries, the UPU is the primary forum for cooperation between postal sector players. It helps to ensure a truly universal network of up-to-date products and services.
The UPU fulfils an advisory, mediating and liaison role, and provides technical assistance where needed. It sets the rules for international mail exchanges and makes recommendations to stimulate growth in mail, parcel and financial services volumes and improve quality of service for customers.
Trusted Shared Services and Digital Business Solutions
CSOC and CSIEM for the UN Family
A Security Operations Centre (SOC), whether embedded in a huge NASA-like Emergency Operations Centre with two hundred personnel, or residing on a series of laptops securing an organizational network, has a single goal: to provide comprehensive information security. A SOC provides real-time views into networks and security setup and status, assuring that systems are not negatively affected and with the ability to execute agreed protocols and processes in a consistent manner when issues arise. The SOC provides constant monitoring of all systems, utilising tools to mitigate risk and validate the health of an organization’s security posture.
A SOC, with its certified cyber security experts and their many years of experience in the UN system, together with a qualified, best-of-breed Security Information Event Management (SIEM) solution, delivers cyber security peace of mind.
The UN Asks for a SOC; UNICC Delivers
A SOC (and SIEM) provide organizational risk mitigation, oversight for multiple and dynamic relationships as well as security intelligence for online and cloud services, networks, servers, telecommunication, messaging, databases, firewalls, mobile device management, endpoints, web services, authentication, packaged applications, storage and threat detection and mitigation.
The UNICC Management Committee approved an R&D fund for promising and innovative projects over the course of 2017. One of the two selected was a Proof of Concept (POC) for a Security Operations Centre.
UNICC ran this POC as a project over the course of 2017-2018, with UNICC staff and resources – and UN Women provided a test environment. The POC is complete, with UN Women continuing the services, and the SOC service ready for business for prospective Clients.
The SOC project established computer forensic capabilities within UNICC by identifying skills and resources to leverage for Client or Partner Organization support in conducting security incident response and computer forensic investigation and to establish a UN Computer Emergency Response Team (CERT) through which UN Agencies can support each other in case of an incident.
The new SOC and SIEM services complement existing information security services portfolio with services like Common Secure Threat Intel Network, Information Security Governance services, penetration testing SWIFT assessments and ICT Security Operations services.
SOC features
Benefits
Benefits for Clients include minimizing operational and reputation impact by improving the capability to detect and respond to information security incidents in a timely manner, protecting critical information assets by managing threats in a proactive, timely and consistent manner and improving investment and risk management decisions by providing regular metrics for management review.
The SOC provides support for cloud solutions such as Microsoft SaaS (Office365, SharePoint Online and OneDrive), Azure Windows Defender Advanced Threat Protection and Advanced Threat Analytics.
Sample SOC dashboard
Additional SOC Benefits
• Managed by experts from various information security and technology areas • Flexible and proactive approach to multiple disciplines of ICT security • Adherence to maintaining the UN Immunities and Privileges • Leveraged intelligence from Common Secure and other monitoring and reporting feeds from vendors • Deployment of shared resources to serve Clients and provide economies of scale • Improvement of security incident detection through continuous monitoring and analysis of data activity • Dedicated experts with cyber security certifications and experience with United Nations networks and processes.
Additional SIEM Benefits
• High value from investment in security technology • Comprehensive and efficient reporting • Reduced capital and operational costs • Reduced risk of noncompliance • Broader agency support for information security • Early detection of security incidents.
SOC Technology and Operations platforms
Project objectives included developing UNICC capabilities (processes and human resources) for the operations of a tiered Security Operations Centre with security monitoring with real-time monitoring, proactive hunting, and event validation and triage. Incident Response includes incident investigations, digital forensics, and malware analysis as well as threat Intelligence including early warnings, countermeasures and recommendations.
The Security Operations Centre pilot lasted one month with 4 full-time dedicated and shared human resources. The pilot developed and adopted processes and procedures for the management of security events and incidents with UN Women systems (Infrastructure, Platform and Applications) as pilot user.
Services and Features
Common Secure SOC services include security monitoring including real-time monitoring, proactive hunting, event validation and triage, incident response including incident investigations, digital forensics, and malware analysis. It also includes threat intelligence including early warnings/countermeasures and recommendations.
Features include centralized security operations and incident response, anomaly detection and misconfiguration fixes, IIS misconfiguration fixes, SQL automated services and firewall NTP misconfiguration fixes. They also include a risk-based approach for alerts, an overview of user activity, firewall configuration and traffic overviews as well as asset and vulnerability overviews.
How it works: from detection through qualification, assigning and response
The UN Secretary-General has appointed Sameer Chauhan to the position of Director, UNICC, beginning 22 August 2018. The UNICC Director (interim), directly accountable to the UNICC Management Committee that governs the organization, will assume his new post in Geneva, Switzerland.
As per his Terms of Reference, Sameer has the responsibility to lead all aspects of UNICC’s strategy and operations, to facilitate the provision of services to more than 50 Clients and Partner Organizations and establish an UNICC strategy with business goals, a two- to four-business plan and a programme of work and budget, and implementing the approved plan.
UNICC faces a number of interesting challenges today in the areas of organizational growth and in service delivery evolution. The experience Sameer has gained of UNICC and our Clients and Partners makes him an excellent choice to lead us through this interim period.
Sameer joined the International Computing Centre 1 August 2015 as Chief, Clients and Projects. In this capacity, he was responsible for strategic product development including developing new products, establishing strategic private partnerships and developing new service offerings. He is also responsible for the CRM function tasked with managing, strengthening and growing the client base.
He also spearheaded project delivery at UNICC to manage and deliver all client and internal projects, including all consulting engagements. He was also the administrative head of the New York office of UNICC.
He brings over twenty years of prior professional experience in both the Public and Private Sectors and an educational background in Computer Engineering and Computer Science. Before joining UNICC, Sameer was the Head of Knowledge Management and Digital Marketing IT for Deutsche Bank Asset and Wealth Management. Sameer played several roles at Deutsche Bank over eight years, including being the COO for an IT division of approx. 800 staff and externals worldwide. In that capacity, he handled annual budgets of over EUR 110m and provided oversight into all operational aspects including financials, audit, compliance, regulatory and operational risk, vendor management, and business continuity planning.
He also established and managed processes to govern the entire change portfolio for Deutsche Application Services IT (6,000+ headcount). He started his career at Deutsche Bank as the Product Manager responsible for developing and delivering on the online platform strategy for a multi-billion dollar client platform for DB Prime Brokerage.
Prior to Deutsche Bank, Sameer spent several years as a consultant for Deloitte, establishing a track record of delivering complex, global programs and projects for major global organizations across various industries, including Financial Services, Public Sector, Telecom, Manufacturing and Software.
Please join us in congratulating Sameer, and committing to work together to continue the important organizational transformation work at UNICC.
The 2018 of the AI for Good Global Summit was organized by ITU in Geneva on 15-17 May 2018, in partnership with XPRIZE Foundation, the global leader in incentivized prize competitions, the Association for Computing Machinery (ACM) and United Nations Agencies including many of UNICC’s Clients, including UNESCO, UNICEF, UNCTAD, UNIDO, UN Global Pulse, UNICRI, UNODA, UNIDIR, UNODC, WFP, IFAD, UNAIDS, WIPO, ILO, UNITAR, UNOPS, OHCHR, UN University, WHO, UNEP, ICAO, UNDP, The World Bank, UN DESA, CTBTO, UNISDR, UNOG, UNOOSA, UNFPA, UNECE, UNDPA, and UNHCR.
Beneficial Artificial Intelligence – use cases for the good
Carlos Correia and Shashank Rai of UNICC attended with their ears to the ground – to hear ground-breaking news on AI developments and their relevance to the United Nations family. It’s an area, like BI, Big Data and block chain, that UNICC is interested to understand and work to support as requirements arise from our Clients. The following information was gleaned from ITU’s reporting on the conference.
The AI for Good series is a leading United Nations platform for dialogue on AI. The action-oriented 2018 summit identified practical applications of AI and supporting strategies to improve quality and sustainability of life on our planet. The summit formulated strategies to ensure trusted, safe and inclusive development of AI technologies and equitable access to their benefits.
While the 2017 summit sparked the first ever inclusive global dialogue on beneficial AI, the action-oriented 2018 summit focused on impactful AI solutions able to yield long-term benefits and help achieve the Sustainable Development Goals. ‘Breakthrough teams’ demonstrated the potential of AI to map poverty and aid with natural disasters using satellite imagery, how AI assists with the delivery of citizen-centric services in smart cities, and they showed new opportunities for AI to help achieve Universal Health Coverage, and finally they demonstrated how to achieve transparency and explainability in AI algorithms.
Teams proposed impactful AI strategies able to be enacted in the near term, guided by an expert audience of mentors representing government, industry, academia and civil society. Strategies were evaluated by mentors according to feasibility and scalability, potential to address truly global challenges, degree of supporting advocacy, and applicability to market failures beyond the scope of government and industry. The exercises connected AI innovators with public and private-sector decision-makers, building collaboration to take promising strategies forward.
Our impressions? UNICC can play a role in this exciting new area of innovation to help support our Clients and achieve the Sustainable Development Goals.
The Director, UNICC is appointed by the UN Secretary General and is accountable to the UNICC Management Committee
This position is located in the International Computing Centre (UNICC). The International Computing Centre (UNICC) is an inter-organization facility that provides shared Information Technology and Communications (ICT) services to the United Nations system organizations and other users. The UNICC was founded in Geneva in 1971 by the United Nations, the United Nations Development Programme (UNDP) and the World Health Organization (WHO) pursuant to resolution 2741 (XXV) of the United Nations General Assembly.
UNICC has an annual budget of more than USD 60M and employs approximately 450 staff and contractors. The objectives of the Centre, as stated by its mandate, are to provide information and communication technology services (including training) on an inter-organizational basis. UNICC seeks to maximize the sharing of its computing and communications infrastructure, the associated systems, software, and its specialist skills, so that recipients of its services can benefit from economies of scale.
Posting Title: Director, International Computing Centre (UNICC), D2
Job code title: Director, Information Systems and Technology
Duty Station: Geneva
Posting Period: 01 Aug-14 Sep 2018
Apply at United Nations Careers
