Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

Published byEdmund Bryant Modified over 8 years ago

Similar presentations

Presentation on theme: "Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015."— Presentation transcript:

1 Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015

2 / Protecting our railway in a connected world - Digital Railway Supplier Conference Peter Gibbons B.E.M. Professional Head (Cyber Security) Network Rail July 15 th 2015

3 / AGENDA What is Cyber security and how might it impact our railway? How are we managing risks to Cyber security? What should you be doing? Conclusion

4 / Keeping our railway safe and secure What is Cyber Security? The government point of view … “our increasing dependence on cyberspace has brought new risks, risks that key data and systems on which we now rely can be compromised or damaged, in ways that are hard to detect or defend against” Rt. Hon. Francis Maude MP - The UK Cyber Security Strategy November 2011 What is Cyber Security and what does it mean to us? Cyber security is concerned with the security of cyberspace, which encompasses all forms of networked, digital activities; this includes the content of and actions conducted through digital networks All our systems and connected, computerised technology from our railway cyberspace. That includes Databases, signalling systems, level crossing, RCM, CCTV and the underpinning infrastructure and telecommunication networks they rely on

5 / How might cyber attacks impact our railway? To provide appropriate protection, we have to understand the threat As we introduce more digital technologies, we increase the opportunity for cyber attack Balance most likely with worst credible case

6 / MOTIVE MEANS (THREAT) THREAT ACTOR Terrorist Activist Foreign State Hacker Employee Terrorist Activist Foreign State Hacker Employee Financial gain Retribution Harm NR reputation Political advantage Cause loss of life/harm Create fear Financial gain Retribution Harm NR reputation Political advantage Cause loss of life/harm Create fear Phishing Virus Unauthorised security tools Unauthorised physical access Social Engineering C2 Services Malware Phishing Virus Unauthorised security tools Unauthorised physical access Social Engineering C2 Services Malware Supplier Researcher Journalist Organised Crime Competitor Supplier Researcher Journalist Organised Crime Competitor Curiosity Intellectual challenge Mischief Spread propaganda Act of war Disrupt commerce Cause civil unrest Curiosity Intellectual challenge Mischief Spread propaganda Act of war Disrupt commerce Cause civil unrest Hacking services Watering holes Botnets Ransomware Exploit kits Rootkit Trojans Hacking services Watering holes Botnets Ransomware Exploit kits Rootkit Trojans OPPORTUNITY (VULNERABILITY) Access Connectivity System Functionality Technology Access Connectivity System Functionality Technology RESULT Denial of Service Data theft Data loss Data change System interruption Unauthorised access Unauthorised operations Denial of Service Data theft Data loss Data change System interruption Unauthorised access Unauthorised operations IMPACT (CONSEQUENCE) Train delay, disruption, derailment Unplanned cost Reputational damage Lost productivity Asset damage Regulator sanction Legal breach Financial loss Harm Train delay, disruption, derailment Unplanned cost Reputational damage Lost productivity Asset damage Regulator sanction Legal breach Financial loss Harm ASSETS How are we managing cyber security risks? DETER PREVENT PROTECT LEAD PROACTIVE CAPABILITY DETECT RESPOND RECOVER UNDERSTAND REACTIVE CAPABILITY

7 / What should you be doing? Network Rail Procurements Standards for High Risk suppliers 9. The Supplier shall be certified to the government’s Cyber Essentials Scheme as a minimum requirement and shall provide evidence of its certification. Alternatively, proof of certification against ISO 27001 is acceptable, providing that the certification covers the part of the organisation that is delivering the Services. 10. The Supplier shall, as far as is reasonably practicable, categorize Assets according to the potential impact to Network Rail of their loss of confidentiality, integrity and availability (‘Categorization’); those with significant potential impact shall be notified to Network Rail. Securing technical railway products Clear security requirements Coding standards Control testing Zoning and segmentation Managing security of operational services Vulnerability discovery, disclosure and patching Incident reporting Develop and follow common good practice Securing your business Data loss prevention Access control Protect your services and your supply chain Accreditation and compliance Cyber Essentials PAS555 OWASP Common Criteria ISO27001

8 / Conclusion 1.Cyber attack is a real threat to our Railway Rail infrastructure systems have been attacked and compromised 2.Effective cyber security is a condition of entry for digitisation of the railway Our needs are not unique, as critical national infrastructure our standards must be high 3. We’re in it together We’re all a target and we’re all part of the solution

9 / Please visit the Cyber Security stand in room E1 for more information Thank you

Download ppt "Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015."

Similar presentations

Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.

Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.
Topic Outline — Information security? — Security Why? — Security approach — Vocabulary — The weakest link — Real life security sample.

Topic Outline — Information security? — Security Why? — Security approach — Vocabulary — The weakest link — Real life security sample.
1 Cyber Risk – What can you do…? Chris Clark Managing Director, Prosperity 24.7.

1 Cyber Risk – What can you do…? Chris Clark Managing Director, Prosperity 24.7.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.

Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Introduction to Network Defense

Introduction to Network Defense
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.

Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.
Nick Wildgoose 8 March 2012 BCI Workshop DELETE THIS TEXT AND PUT COMPANY LOGO IN THIS WHITE SPACE Understanding Risk within your Supply Chain SC1(V1)Jul/05/10GC/ZCA.

Nick Wildgoose 8 March 2012 BCI Workshop DELETE THIS TEXT AND PUT COMPANY LOGO IN THIS WHITE SPACE Understanding Risk within your Supply Chain SC1(V1)Jul/05/10GC/ZCA.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
Computer Crime and Information Technology Security

Computer Crime and Information Technology Security
90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.

90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.

Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
PREPAREDNESS AND RESPONSE TO CYBER THREATS REQUIRE A CSIRT By Jaco Robertson, Marthie Lessing and Simon Nare*

PREPAREDNESS AND RESPONSE TO CYBER THREATS REQUIRE A CSIRT By Jaco Robertson, Marthie Lessing and Simon Nare*
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Similar presentations

Ads by Google