Cybersecurity Presented by Charles Brookson OBE CEng FIET FRSA

Slides:



Advertisements
Similar presentations
Fostering worldwide interoperabilityGeneva, July 2009 Overview of Security work in ETSI Presenter: Mike Sharpe, VP ETSI ESP Source: Charles Brookson,
Advertisements

Cloud computing security related works in ITU-T SG17
David A. Brown Chief Information Security Officer State of Ohio
SACM IETF-92 Meeting ETSI TC CYBER and SACM 27 March 2015 Tony Rutkowski,
Geneva, Switzerland, September 2014 ETSI TC Cyber Charles Brookson Chairman ETSI TC Cyber Zeata Security Ltd and Azenby Ltd ITU.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
ETSI Security activities Charles Brookson Chairman OCG Security Source: ETSI GTSC-1 Agenda item For: Information GSC
Security Controls – What Works
Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.
World Class Standards © ETSI 2007 All rights reserved ETSI Tomorrow’s World Today.
SEC835 Database and Web application security Information Security Architecture.
Security and LI; ETSI’s role in standards
PRESENTATION OF ETSI © ETSI All rights reserved Sophia Antipolis, 22 May 2014 Luis Jorge Romero Director General, ETSI.
Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Jeju, 13 – 16 May 2013Standards for Shared ICT Cybersecurity Activities in ETSI Presenter: Adrian Scrase ETSI Chief Technical Officer (CTO) Document No:
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
ETSI SECURITY WORK UPDATE Dr. Carmine Rizzo CISA, CISM, CMP, ITIL, PRINCE2 © ETSI 2015 All rights reserved ITU-T SG17 Meeting – 8 April 2015.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Security activities in ETSI Presenter: Mike Sharpe, ETSI VP ESP (ETSI Standardization Projects) Document.
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Cybersecurity Presented by Charles Brookson OBE CEng FIET FRSA
International Telecommunication Union ETSI Security Standardization Dr. Carmine Rizzo CISA, CISM, CISSP, ITIL, PRINCE2 ITU-T Workshop on “New challenges.
Critical Security Controls & Effective Cyber Defense Hasain “The Wolf”
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
International Telecommunication Union ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004 Infrastructure Security: The impact on Telecommunications.
Update on ETSI Security work Charles Brookson OCG Security Chairman DOCUMENT #:GSC13-PLEN-57 FOR:Information SOURCE:Charles Brookson AGENDA ITEM:6.3
Information Security tools for records managers Frank Rankin.
Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: All-Hazards.
OFFICE OF VA ENTERPRISE ARCHITECTURE VA EA Cybersecurity Content Line of Sight Report April 29, 2016.
Best Cyber Security Practices for Counties An introduction to cybersecurity framework.
Security and resilience for Smart Hospitals Key findings
Principles Identified - UK DfT -
ANSI – ESOs meeting Washington February 2017
Quality Management System Deliverable Software 9115 revision A Key changes presentation IAQG 9115 Team March 2017.
© ETSI All rights reserved
Cybersecurity - What’s Next? June 2017
Critical Security Controls
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March
Consolidated M2M standards boost the industry
Security Standard: “reasonable security”
ISO Smart and Sustainable Cities developments
Security Activities in ETSI
Implementing Mobile Network Energy Efficiency Standards
Leverage What’s Out There
Medical Device Cybersecurity Legislative Activities - Overview
Cyber Protections: First Step, Risk Assessment
NYBA 2017 Technology, Compliance &
Technical Organization and approval procedures
Dirk Weiler, chairman of the board, ETSI
Implementing and Auditing the Critical Controls
AFRICAN UNION- 23RD-27TH July 2018 PRESENTER: Mr. Nawa J.T Samatebele
Update on Security and LI activities in ETSI
Security Activities in ETSI
Standards fraud conference April 2018
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
National Cyber Security
County HIPAA Review All Rights Reserved 2002.
ISO Smart and Sustainable Cities developments
Security and Lawful Intercept (LI)
Cybersecurity Activities in ETSI
Security and Lawful Intercept (LI)
Cybersecurity Threat Assessment
ETSI Standardization Activities on Smart Grids
ESO response to EU RFID Mandate M/436
Reinhard Scholl, GTSC-7 Chairman
ESO response to EU RFID Mandate M/436
Presentation transcript:

Cybersecurity Presented by Charles Brookson OBE CEng FIET FRSA © All rights reserved Cybersecurity Presented by Charles Brookson OBE CEng FIET FRSA

Cybersecurity overview © All rights reserved Cybersecurity overview Looking at the work around the world

What is Cybersecurity? Many definitions!! Security of: © All rights reserved What is Cybersecurity? Many definitions!! Security of: Systems, Devices, Networks, Infrastructure Can extend to Information, Data. NIST says …. Cybersecurity – The ability to protect or defend the use of cyberspace from cyber attacks. Cyberspace – A global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. 3

© All rights reserved European Eco System 4

© All rights reserved World Eco System 5

Council on Cybersecurity Top Twenty Controls © All rights reserved Council on Cybersecurity Top Twenty Controls Inventory of Authorized and Unauthorized Devices Inventory of Authorized and Unauthorized Software Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers Continuous Vulnerability Assessment and Remediation Malware Defenses Application Software Security Wireless Device Control Data Recovery Capability Security Skills Assessment and Appropriate Training to Fill Gaps Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Limitation and Control of Network Ports, Protocols, and Services Controlled Use of Administrative Privileges Boundary Defense Maintenance, Monitoring, and Analysis of Audit Logs Controlled Access Based on the Need to Know Account Monitoring and Control Data Protection Incident Response and Management Secure Network Engineering Penetration Tests and Red Team Exercises *The Critical Security Controls for Effective Cyber Defense Version 5.0 http://www.counciloncybersecurity.org/attachments/article/12/CSC-MASTER-VER50-2-27-2014.pdf 6

CESG (UK Government) 10 Steps to Risk Management © All rights reserved CESG (UK Government) 10 Steps to Risk Management Information risk management regime Secure configuration Network security Managing user privileges User education & awareness Incident management Malware protection Monitoring Removable media controls Home & mobile working 7

3GPP SA3 SECAM and GSMA SG NESAG © All rights reserved 3GPP SA3 SECAM and GSMA SG NESAG 3GPP SA3 (Security) Established SECAM: Study on Security Assurance Methodology for 3GPP network products Technical specifications with security requirements and corresponding test cases collected in a document named SAS (Security Assurance Specification) Follows Common Criteria model GSMA Security Group Established a new Network Equipment Security Assurance Group (NESAG) Complements SECAM on the administrative framework and Accreditation Body aspects 8

NIST Cybersecurity Framework and Roadmap © All rights reserved NIST Cybersecurity Framework and Roadmap 9

© All rights reserved Cybersecurity in ETSI Looking at ETSI

ETSI TC CYBER Working with CEN and CENELEC (CSCG) © All rights reserved ETSI TC CYBER Working with CEN and CENELEC (CSCG) Feb 2014 CSCG provided Recommendations for a Strategy on European Cyber Security Standardization GOVERNANCE (coordination, scope, trust) HARMONISATION (PKI/cryptography, requirements/evaluation, EU security label, interface with research) GLOBALISATION (harmonisation with international key players, global promotion of EU Cyber Security standards) Receives Directives from EC - Examples Network and Information Security, Privacy. Works with other Standards bodies ISO, ITU-T, 3GPP, NIST etc. 11

ETSI TC CYBER – Terms of Reference © All rights reserved ETSI TC CYBER – Terms of Reference Cyber Security Standardization Security of infrastructures, devices, services and protocols Security advice, guidance and operational security requirements to users, manufacturers and network and infrastructure operators Security tools and techniques to ensure security Creation of security specifications and alignment with work done in other TCs and ISGs Coordinate work with external groups such as the CSCG with CEN, CENELEC, the NIS Platform and ENISA Collaborate with other SDOs (ISO, ITU, NIST, ANSI...) Answer to policy requests on Cyber Security and ICT security in broad sense 12

Security in ETSI – 1 Mobile and Wireless telecommunication © All rights reserved Security in ETSI – 1 Mobile and Wireless telecommunication GSM, UMTS, LTE TETRA DECT Satellite Radio Frequency Identification - RFID Reconfigurable Radio Systems - RRS Intelligent Transport Systems - ITS Machine to Machine - M2M Lawful Interception Electronic Signatures Algorithms 13

© All rights reserved Security in ETSI – 2 Identify and Access Management for Networks and Services Information Security Indicators - ISI Smart Cards Future Networks Emergency and Public Safety Telecommunications - EMTEL - MESA Aeronautics Maritime 14

Security in ETSI – 3 Network Functions Virtualisation - NFV © All rights reserved Security in ETSI – 3 Network Functions Virtualisation - NFV Quantum Key Distribution Quantum Safe Cryptography Broadcasting Media Content Distribution Security Testing IPv6 ePassport Readers IPCablecomm 15

© All rights reserved TC CYBER Work Items 13 documents (2 published, 1 approved for publication) 9 Reports, 3 Specifications, 1 ETSI Guide TR 103 303, Protection measures for ICT in the context of Critical Infrastructure TR 103 304, PII Protection and Retention TR 103 305, Security Assurance by Default; Critical Security Controls for Effective Cyber Defence (published and under revision) TR 103 306, Global Cyber Security Ecosystem (approved, to be published soon) TS 103 307, Security Aspects for LI and RD interfaces TR 103 308, A security baseline regarding LI for NFV and related platforms TR 103 309, Secure by Default adoption – platform security technology (published) TR 103 369, Design requirements ecosystem TR 103 370, Practical introductory guide to privacy TR 103 331, Structured threat information sharing EG 203 310, Post Quantum Computing Impact on ICT Systems TS 103 485, Mechanisms for privacy assurance and verification TS 103 486, Identity management and naming schema protection mechanisms 16

Finally! Looking at the ways we can work together © All rights reserved Finally! Looking at the ways we can work together

Use the useful information for yourselves Work together to: © All rights reserved Together Read our information Use the useful information for yourselves Work together to: Highlight issues, gaps, improvement, stop duplication Areas of common interest Raise Work Items? Co-operation agreement? 18

TC CYBER Reference material © All rights reserved TC CYBER Reference material TC CYBER on ETSI portal and ToR https://portal.etsi.org/cyber https://portal.etsi.org/cyber/Cyber_ToR.asp ETSI Security White Paper 7th Edition Published January 2015 Achievements, ongoing work, list of publications www.etsi.org/securitywhitepaper 19

Charles Brookson – TC CYBER Chairman charles@zeata.co.uk © All rights reserved Contact details Charles Brookson – TC CYBER Chairman charles@zeata.co.uk Carmine (Lino) Rizzo – TC CYBER Technical Officer carmine.rizzo@etsi.org 20