National Infrastructure Security Co-ordination Centre

Slides:

Advertisements

Similar presentations

Employability and Employer Engagement

Advertisements

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Are you Resilient? Diane Howorth Business Development Manager European Telecommunications Resilience & Recovery Association.

Professor Dave Delpy Chief Executive of Engineering and Physical Sciences Research Council Research Councils UK Impact Champion Competition vs. Collaboration:

Mental Health Development Project Where are we now ? Jane Taylor Community First.

Civil Contingencies Act: Business Continuity Advice to Commercial and Voluntary Organisations Tony Part Civil Contingencies Act Team Cabinet Office.

Information: to share or not to share? BCS HC 2012 Conference London 2 nd May Dame Fiona Caldicott.

Local Safeguarding Children Board

Thailand National Focal Point for IFCS Chemical Safety Section Food and Drug Administration Ministry of Public Health July 2003.

KENT JOINT POLICY AND PLANNING BOARD (HOUSING) – WORKING WITH PARTNERS ACROSS KENT Tracey Kerly – Head of Customers, Homes and Properties at Ashford Borough.

Kenneth Watson Partnership for Critical Infrastructure Security Partnership for Critical Infrastructure Security.

The UK Space Agency: Our plan for space Dr Alice Bunn, Director of Policy November 2014.

DHS, National Cyber Security Division Overview

Digital public services and innovation

National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.

-NEW EDUCATIONAL PATWAY FOR GLOBAL PUBLIC HEALTH SECURITY- (2) South Eastern Europe (SEE) PUBLIC HEALTH PREPAREDNESS SUPERCOURSE NETWORK Elisaveta Stikova,

11 th International Symposium Loss Prevention and Process Safety Promotion in the Process Industries 1 OECD Workshop on Sharing Experience in the Training.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Improving Communications & Engagement with Business: The national view Dan Jones Strategy & Communications, CCS Cabinet Office Business Advisory Group.

1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

Integration, cooperation and partnerships

Building Strong Partnerships to Improve Health – Mandy Chambers Head of Health Improvement NHS Derbyshire & Chair of Bolsover Partnership (BLSP)

WHO ARE WE? COMMERCE Skill Share, Warsaw 21st April 2010 Jakub Bojczuk, Senior Travel Plan Officer for SWELTRAC Sarah Cummings, Transport for London Relationship.

The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.

Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &

REGIONAL REPRESENTATION IN BRUSSELS Securing effective working on the European Agenda Jeremy Howell Economic Development and European Policy Consultant.

Peter Burnett Head of Information Sharing National Infrastructure Security Co-ordination Centre.

1 Presentation On Disaster and preparedness situation in Uganda At SILVER SPRINGS HOTEL, UGANDA 16 th -SEPTEMBER-2011 BY LAZARUS OCIRA

Scottish Higher Performers Forum ‘Influencing health and safety within Scotland’ 1 st May 2007.

Tackling Fuel Poverty: Towards integrated approaches in London boroughs Chris Church Community Environment Associates.

Eshboev B.A. Head of the Department for Monitoring of implementation of national development programmes of the Ministry of Economic Development and Trade.

PREPAREDNESS AND RESPONSE TO CYBER THREATS REQUIRE A CSIRT By Jaco Robertson, Marthie Lessing and Simon Nare*

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Japanese Government’s Efforts to Address Information Security Issues October, 2007 National Information Security Center (NISC)

FBAG Flood Risk Assessment and Mapping. Purpose Review role of FBAG sub-group Summarise research/project agenda.

Managing Risks, Countering Threats: Protecting Critical National Infrastructure Against Terrorism Martin Rudner Canadian Centre of Intelligence and Security.

Protecting the CNI BCS ELITE 9 June 2005 Mick Morgan Head of Response.

Workshops DeSIRE and DeFINE CNR, Pisa 25 th -27 th November, 2002 Dr. Stefano Bruno and Daniel Bircher, Ernst Basler + Partners Ltd. Ernst Basler + Partners.

Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

Crosswalk of Public Health Accreditation and the Public Health Code of Ethics Highlighted items relate to the Water Supply case studied discussed in the.

Communications-Electronics Security Group. Excellence in Infosec.

© Crown copyright Met Office PWS in support of disaster prevention and mitigation How to improve collaboration and coordination Sarah Davies UK Met Office.

Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.

Creating A CERT at WARP Speed.

THE REPUBLIC OF SLOVENIA MINISTRY OF HIGHER EDUCATION, SCIENCE AND TECHNOLOGY e: Kotnikova 38, 1000 Ljubljana p:

World Health Day. World Health Day is celebrated every year on 7 April, under the sponsorship of the World Health Organization (WHO). In 1948, the World.

Advanced attack techniques Advanced attack techniques Increased by passing techniques against the existing detection methods such as IDS and anti- virus.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson THE LINK BETWEEN.

Peter Burnett Head of Information Sharing National Infrastructure Security Co-ordination Centre

25th - 26 th February Sadiyat Island Abu Dhabi Developing National Capabilities for Crisis & Disaster Management Major General Michael Charlton-Weedy CBE.

NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS

The Norwegian Climate Change Vulnerability and Adaptation Assessment The role of local government.

International Telecommunication Union ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004 Infrastructure Security: The impact on Telecommunications.

ISACA Ireland Cyber Security Policy 9 February 2016.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

Reforming the State System for the provision of social services, setting the vision, aims and objectives: The United Kingdom Experience Mr Sean Holland.

Dr Jenean Spencer Director Pandemic Preparedness Section Office of Health Protection Department of Health and Ageing Public-Private Partnerships for Pandemic.

Business Continuity Management Business Continuity Management (BCM) is a holistic management process that identifies potential impacts that threaten an.

1 Establishing the West Midlands Regional Forum on Ageing Chris Eade Assistant Director : Worklessness and Later Life Government Office West Midlands.

University of Piraeus Research Centre (UPRC) Assistant Professor Nineta Polemi “PREVENTION, PREPAREDENESS AND CONSEQUENCE MANAGEMENT OF.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Prevent - Stopping People Becoming Terrorists or Supporting Terrorism Detective Chief Superintendent Alan Lyon National Coordinator Prevent

Cybersecurity, competence and preparedness

Ken Watson 9 Sep 2003 Critical Infrastructure Assurance: Business Case for Public-Private Partnership Ken Watson 9 Sep 2003

Critical Infrastructure Protection Policy Priorities

National Cyber Security Programme Local : Building Resilience Together

The U.S. Department of Homeland Security

Strategic development goals and priorities of the Republic of Tajikistan . National monitoring and evaluation system for their achievements. Eshboev.

Presentation transcript:

National Infrastructure Security Co-ordination Centre NISCC – Interdepartmental Organisation. Mission – to help protect Critical National Infrastructure from Electronic Attack – Hacking, DDoS, Viruses, Worms, etc Peter Burnett Head of Information Sharing www.niscc.gov.uk

Home Secretary 1999 “…working with the private sector…to ensure adequate standards of protection for the key systems falling within the critical national infrastructure… raising awareness and standards of information security more generally in the private sector… developing a dialogue with international partners I have established the NISCC to act as a point of contact for those involved in this work in both government and the private sector.”

What is NISCC? NISCC is an interdepartmental centre which co-ordinates activity in support of this aim across a range of organisations. Each of these contributes resources and expertise to NISCC’s programme of work according to its own remit, its own priorities, in relation to the challenge in hand, and depending on what value it can add.

“an Interdepartmental Centre” Security Service Cabinet Office – Civil Contingencies Secretariat (CCS) Communications-Electronics Security Group (CESG) Office of e-Envoy CSIA DSTL (ex DERA) Department of Trade & Industry (DTI) National Hi-Tech Crime Unit (NHTCU) Ministry of Defence Home Office

What is the CNI? Those parts of the United Kingdom’s infrastructure for which continuity is so important to national life that loss, significant interruption or degradation of service would have life-threatening, serious economic or other grave social consequences for the community, or would otherwise be of immediate concern to the Government. NISCC’s aim is to minimise the risk to the critical national infrastructure from electronic attack.

The CNI Sectors Telecommunications Energy Finance Central Government Water and Sewerage Health Services Emergency Services Transport Hazards Food

INFORMATION SHARING NISCC Functional Model Investigating and Assessing the threat of eA Promoting Protection and Assurance Vulnerabilities Exploits Responding to incidents Critical National Infrastructure Research and Development/ Policy/ Mapping INFORMATION SHARING

NISCC – Information Sharing Strategic Objectives Increase IT Security Awareness, Education : Healthier e-environment (reduce Viruses, Worms, Trojans, DDoS etc) Provide useful and timely warnings Gather IT security incident reports Crime reports (only with consent) Statistics, Trends, Threat assessment Attack detection

Information Sharing UK CERTs forum Encouraging new CERTs in UK Encouraging Information Sharing Bodies Reporting System (NHTCU/NISCC) National Warning System Partnership arrangements Symantec, Microsoft Conceive & establish Information Exchanges Finance, Telecomms, SCADA, MSPs Conceive & promote WARPs Warning, Advice & Reporting Points

Local authority, trade association, interest group, industry sector The WARP model CERTs, WARPs, etc WARP This is roughly how a WARP could work – first identify a community. This community might be a regional group of SMEs who already cooperate under a Business Llink scheme for example, or a group with special requirements not served well by commercial services, e.g. partially-sighted users, a group of schools, educational consultants, a group of banks, or any group of businesses or individuals that have some common concerns, or a specialised requirement for software or hardware. A WARP for all local authorities is one clear community. A single local or regional authority may then wish to extend this concept down to its own community to encourage safe use of IT right down to the home user, for the benefit of local e-government. There is scope for a lot of research required to establish the best models for different sectors, but there is also a need for action today. There is a lot of work out there to draw upon from the ISACs and CERTs, and UNIRAS is willing to help any new WARPs to get established. The WARP would be linked into a network of other WARPs, CERTs, ISACs possibly, security research centres, CIP organisations perhaps, any European Warning and Information Sharing system. Incident Reports Problems Warnings Advice e-COMMUNITY Local authority, trade association, interest group, industry sector

The WARP Model - Functions NISCC – Information Sharing The WARP Model - Functions Issue Warnings to its community Provide Advice on Internet problems & share Good Practice amongst members Gather, sanitise, and share Incident Reports This is the model we conceived to do it. Very much like a CERT, but with different responsibilities, level of resourcing, skill sets, and especially, very low-cost. 3 key activities, which will develop roughly in this order.

WARP for London Boroughs (www.lcwarp.org) LondonConnects WARP London Borough A London Borough C etc. London Borough B Future ‘LA’ WARPs CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure link Supported by SOCITM, OeE & NISCC 1 Technical FTE 1 Admin.

The WARP TOOLBOX Toolbox Business Cases Security Policy Filtered Warning & Alerting System (FWAS) Tick-List Software Good Practice & Advice Brokering Service (GPABS) Bulletin Board Reporting and Trusted Sharing Service (RTSS) Business Cases Security Policy Commercial sponsorship Independent Study

A Shared Solution WARP WARP Warnings Advice Problems e-COMMUNITY Open Sources, CERTs WARP WARP Problems Warnings Advice This is roughly how a WARP could work – first identify a community. This community might be a regional group of SMEs who already cooperate under a Business Llink scheme for example, or a group with special requirements not served well by commercial services, e.g. partially-sighted users, a group of schools, educational consultants, a group of banks, or any group of businesses or individuals that have some common concerns, or a specialised requirement for software or hardware. A WARP for all local authorities is one clear community. A single local or regional authority may then wish to extend this concept down to its own community to encourage safe use of IT right down to the home user, for the benefit of local e-government. There is scope for a lot of research required to establish the best models for different sectors, but there is also a need for action today. There is a lot of work out there to draw upon from the ISACs and CERTs, and UNIRAS is willing to help any new WARPs to get established. The WARP would be linked into a network of other WARPs, CERTs, ISACs possibly, security research centres, CIP organisations perhaps, any European Warning and Information Sharing system. Filter Prioritise Supplement Add Value Incident Reports Good Practice Solutions Skills e-COMMUNITY e-COMMUNITY Experience, Expertise, Solutions

Kent Gets its Own WARP

Thank You for listening patiently

Contact me on 020 7821 1330 ext 4508 peterb@niscc.gov.uk QUESTIONS ? Contact me on 020 7821 1330 ext 4508 peterb@niscc.gov.uk