Presentation is loading. Please wait.

Presentation is loading. Please wait.

WMO IT Security Incident Process

Published byJari Aaltonen Modified over 6 years ago

Similar presentations

Presentation on theme: "WMO IT Security Incident Process"— Presentation transcript:

1 WMO IT Security Incident Process
Phil Chamberlain ET-CTS 3-1 Expert Team on Communication Techniques and Systems ET-CTS2017 13-17 November 2017, Geneva

2 Agenda What is our task? Where are we now? What to we need to do?
Status of proposal Status of actions Wider considerations What to we need to do? What is the plan for that work?

3 1. What is our task? Decision 25 (CBS-16) Decides that there is a need for a security incident response process that can be used by organizations participating in the operation of WIS;

4 1. What is our task? (1) To continue the development of a common security incident management process that: (a) Encourages a centralized and definitive view on security incidents, reduces misinformation and prevents individual Members from undue levels of queries; (b) Provides a single and definitive national contact point for security incidents that will have the authoritative voice for organizations in that Member, increasing clarity and reducing misinformation; (c) Accommodates requirements relating to the security incidents of all organizations participating in the operation of WIS;

5 1. What is our task? (2) To provide a recommended process to the CBS Management Group for review and subsequent consideration by the Executive Council at its sixty-ninth session; Requests the Secretary-General to provide the necessary support to the development and implementation of a common security incident management process; Urges Members to participate in the development and implementation of a sustainable security incident management process.

6 2. Where are we now? 2.1 Status of current proposal Draft proposal was submitted to CBS-16. Annex 3 to Recommendation 36 (CBS-16) Inter-commission task team the WMO Information System (ICTT-WIS) provided some small amendments, concerning confidentiality of communications. ( Changes accepted by ET-CTS. Specific actions were proposed in the document. Document is not perfect! Inconsistencies in terminology.

7 2. Where are we now? 2.2 Status of Actions
2.2.1 ”Proposals to be adopted” Amend the draft procedure to ensure that it is internally consistent Recommend to ICT-ISS (Jan 2018) Inclusion the content of the draft paper as a Appendix to the Guide to WIS (WMO-No. 1061) with ‘hook’ in the Guide itself and the Manual on WIS To draft terms of reference for [WMO IT Security Focal Point] - see Annex to Decision 9 (CBS-16) Terms of reference of national focal points supporting the work of the OPAG-ISS Draft terms of reference for IT Security Focal Points at GISCs will include some addition actions with respect to general WIS Centres, e.g. the coordination of incident response within their AMDCN The provisions in the Manual on WIS will require GISCs and Member states to follow the security incident response procedure; which as a minimum is the nomination of a [WMO IT Security Focal Point] and the consideration of what IT security information they can share.

8 2. Where are we now? 2.2.2 Agree mechanism for WMO single point of contact Draft request to Secretary General to make provision for the 24x7 coordination of IT security incident response among WIS Centres, by establishing a contact point whose terms of reference are defined in the security incident response procedure, including provision of a summary report on an annual basis about security incidents identified by WIS Centres

9 2. Where are we now? 2.2.3 Agree that GISC [staff] will be trained to enact these processes Given GISC will be asked to nominate their contact point (Focal Point), Secretariat to coordinate training (e.g. Webinar) to ensure that all designated Focal Points understand their role and responsibilities - especially with respect to confidentiality of information and the coordination of incident response within their AMDCN

10 2. Where are we now? 2.2.4 Agree mechanism for hosting the contact list and collaboration mechanism Request Secretariat to establish a private WMO mailing list and the IT Security incident information sharing as a closed space on WMO WIS wiki resource (with private access groups - global, GISCs, and for each AMDCN) and associated Wiki-Tracker for easy publication of incident details.

11 2. Where are we now? 2.3 Wider considerations Conversation between group and Kate Gagnon of UNICC, as thought they might have a solution to our requirements. They were unware of our constraints, so a mandatory regulatory process will not be pursued. However, the conversation was useful, as it aligned with thinking on GISC accreditation and ET-CAC introduction of an (IT Security) maturity model & risk-based approach, and use of tools like IDS could be shown as best practise.

12 2. Where are we now? 2.3 continued Rather than prescribing a specific technical solution, ET-CTS recommends amending the WIS Centre audit criteria to include an IT Security ‘maturity model’ approach to determine how well WIS centres understand and mitigate cyber security issues. This audit should define the minimum level of maturity expected for WIS centres (noting this may differ between GISC, DCPC, NC).

13 2. Where are we now? 2.3 summary
There is no need for further engagement with UNICC at this time.  The draft security incident response procedure describes a ‘minimal’ information sharing mechanism, but it is the best compromise possible for the federated WIS system where there is no centralized control. Other aspects, such as the demonstration of maturity in cyber security approaches and provision of cyber security training can be taken forward by the expert teams of OPAG-ISS.

14 3. What do we need to do? 3.1 Proposal Review
Existing draft proposal to be reviewed: Consistent use of terms. Agreed use of “focal point” rather than contact point for all non-WMO roles. Roles to be fully defined for all the stakeholders. Make suitable for use as annex to WIS guide.

15 3. What do we need to do? 3.2 Additional Documents
Changes to existing WMO documents also needed: Manual on WIS Guide to WIS New document: Draft terms of reference for IT Security Focal / Contact Points.

16 3. What do we need to do? 3.3 Decisions still to be made Information Security requirements for IT Security information shared on the WIS-wiki (lessons learned, incidents, shared best practise information) to be defined. Roles & responsibilities to be fully defined for all the actors.

17 4. Plan for work ACTION: ET-CTS (Phil Chamberlain) (by Jan 2018, ICT-ISS) to make final decisions, update the draft document, and prepare amendments to the Manual on WIS and Guide to WIS  ACTION: ET-CTS (Phil Chamberlain) (by Jan 2018, ICT-ISS) draft terms of reference for the focal/contact points

18 Thank you Merci

Download ppt "WMO IT Security Incident Process"

Similar presentations

INSAG DEVELOPMENT OF A DOCUMENT ON HIGH LEVEL SAFETY RECOMMENDATIONS FOR NUCLEAR POWER Milestone Issues: Group C. Nuclear Safety. A. Alonso (INSAG Member)

INSAG DEVELOPMENT OF A DOCUMENT ON HIGH LEVEL SAFETY RECOMMENDATIONS FOR NUCLEAR POWER Milestone Issues: Group C. Nuclear Safety. A. Alonso (INSAG Member)
Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.

Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.
Public health, innovation and intellectual property 1 |1 | The Global Strategy on Public Health, Innovation and Intellectual Property Technical Briefing.

Public health, innovation and intellectual property 1 |1 | The Global Strategy on Public Health, Innovation and Intellectual Property Technical Briefing.
Capacity Building in: GEO Strategic Plan 2016 – 2025 and Work Programme 2016 Andiswa Mlisa GEO Secretariat Workshop on Capacity Building and Developing.

Capacity Building in: GEO Strategic Plan 2016 – 2025 and Work Programme 2016 Andiswa Mlisa GEO Secretariat Workshop on Capacity Building and Developing.
World summit on the information society 1 WSIS: Building the Information Society: a global challenge in the new Millennium Tim Kelly, Claudia Sarrocco.

World summit on the information society 1 WSIS: Building the Information Society: a global challenge in the new Millennium Tim Kelly, Claudia Sarrocco.
ICG-WIGOS-6 Report from the Commission for Basic Systems

ICG-WIGOS-6 Report from the Commission for Basic Systems
Secretariat 12 to 16 February 2017 Abu Dhabi, UAE

Secretariat 12 to 16 February 2017 Abu Dhabi, UAE
WIGOS regulatory and guidance material

WIGOS regulatory and guidance material
Monitoring Forest Resources for SFM in the UNECE Region

Monitoring Forest Resources for SFM in the UNECE Region
Russell Stringer (Australia)

Russell Stringer (Australia)
A proposed Security Incident Management Process for WMO Member States

A proposed Security Incident Management Process for WMO Member States
16th Session of RA II (Asia)

16th Session of RA II (Asia)
Proposed Organisation of Evaluation of the Romanian NSRF and Operational Programmes, 2007-2013 Niall McCann, Technical Assistance Project for Programming,

Proposed Organisation of Evaluation of the Romanian NSRF and Operational Programmes, Niall McCann, Technical Assistance Project for Programming,
5th Session of the Task Team on WIGOS Metadata

5th Session of the Task Team on WIGOS Metadata
Secretariat 12 to 16 February 2017 Abu Dhabi, UAE

Secretariat 12 to 16 February 2017 Abu Dhabi, UAE
WORKING PRINCIPLES ECONOMIC COOPERATION ORGANIZATION REGIONAL COORDINATION CENTRE FOR IMPLEMENTATION OF THE ECO/FAO REGIONAL PROGRAMME FOR FOOD SECURITY.

WORKING PRINCIPLES ECONOMIC COOPERATION ORGANIZATION REGIONAL COORDINATION CENTRE FOR IMPLEMENTATION OF THE ECO/FAO REGIONAL PROGRAMME FOR FOOD SECURITY.
Agenda 5.11 General Regulations cbs-16@wmo.int.

Agenda 5.11 General Regulations
Work Plan Management GEO Work Plan Symposium 30 April – 2 May 2012

Work Plan Management GEO Work Plan Symposium 30 April – 2 May 2012
WIGOS Pre-operational Phase

WIGOS Pre-operational Phase
Roadmap to Enhanced Technical Regulations of WMO

Roadmap to Enhanced Technical Regulations of WMO

Similar presentations

Ads by Google