Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security and Traffic Data Systems

Published byJasmin Wheeler Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyber Security and Traffic Data Systems"— Presentation transcript:

1 Cyber Security and Traffic Data Systems
17th October 2016 Dr Darren Handley Presentation Title (edit this in Insert > Header and Footer, then click 'Apply to All')

2 Cyber Security v Cyber is about securing not just enterprise architectures (IT) but also operational technologies and the services they provide. For enterprise systems the threats and effects are well known. Breaches can cause data lose and services reliant on affected systems to be affected. Operational technologies incorporate a wide breath of things, including the technologies that provide for traffic management systems, C-ITS services and platooning. These differ as they are not classic IT systems. Their make up will differ, for example they may be formed of a multitude of remote and ad-hoc device. The results of things going wrong may also differ, with outcomes including death (accidents), destruction of assets (i.e. they fail and stop working), disruption (traffic congestion) and data breaches. Ultimately getting it wrong will cost money, both to fix and potentially in fines. April 19

3 Are you prepared? Are your corporate/enterprise systems secure?
Well established IT policies and procedures Dedicated IT team Cyber Essentials Are your traffic management systems and ITS services secure? Knowledge of your systems and architectures Understand what could go wrong if your deployed assets are hacked Understand the risks of those scenarios happening Include cyber security requirements in contracts Incident response planning – how would you return assets to service? Quick check list. For deployed assets and services this is a quick checklist Do you know how secure your assets are? Do you know what assets are connected to what and how they might be accessed via the outside world (physically or via connectivity)? Are they connected to corporate systems and how? Have you assessed what could go wrong and assessed the associated risks with these systems? For those assets and services you procure have you included cyber security requirements in those procurements/contracts? This can provide assurances that cyber security has been considered and potential action paths should breaches occur. Should the worst happen – do you have remediation/response plans? Have you tested them?

4 A2M2 example of good practice
Early stage risk assessment End to end risk assessment of proposed architecture and services Used to inform design decisions and security requirements Cyber security requirements in procurement process Set expectations/requirements for bidders, against which they were scored Ensured contractual obligations to incorporate cyber security Baseline security standard used to define detailed requirements Delivery of cyber security assessed Delivery of cyber security managed & assessed within project delivery Acceptance testing against requirements for deliverables Security testing to assess if risks mitigated

5 Resources What good looks like:
For vehicles and intelligent transport systems – Principles of cyber security for CAV & ITS: For internet enabled devices – DCMS guidance on secure by design: Assess how you are doing corporately: Cyber Essentials - NCSC Network and Information Systems cyber assessment framework - Keep up to date with news via NCSC experts NCSC Cyber Information Sharing Platform - Public Authority Information Exchange – contact me. Specific bits of great guidance are available from NCSC, including: Cloud applications IoT devices: Public Authority Information Exchange is most likely to focus on a blend of local / traffic authorities and cover subjects such as the evolving threats to Smart City Initiatives, Blending HVM in to the Streetscene, Security of Intelligent Transport Systems. Composition is yet to be determined but Secretariat likely to be provided by the Chartered Institution of Highways & Transportation (CIHT).

6 Questions You can also contact me at: darren.handley@dft.gov.uk
April 19

7 Resources What good looks like:
For vehicles and intelligent transport systems – Principles of cyber security for CAV & ITS: For internet enabled devices – DCMS guidance on secure by design: Assess how you are doing corporately: Cyber Essentials - NCSC Network and Information Systems cyber assessment framework - Keep up to date with news via NCSC experts NCSC Cyber Information Sharing Platform - Public Authority Information Exchange – contact me. Specific bits of great guidance are available from NCSC, including: Cloud applications IoT devices: Public Authority Information Exchange is most likely to focus on a blend of local / traffic authorities and cover subjects such as the evolving threats to Smart City Initiatives, Blending HVM in to the Streetscene, Security of Intelligent Transport Systems. Composition is yet to be determined but Secretariat likely to be provided by the Chartered Institution of Highways & Transportation (CIHT).

Download ppt "Cyber Security and Traffic Data Systems"

Similar presentations

FIA Prague Preparation February 6, 2008. Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.

FIA Prague Preparation February 6, Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Computer Security: Principles and Practice

Computer Security: Principles and Practice
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.

INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
James Aiello PricewaterhouseCoopers Africa Utility Week 06 International Good Practice in Procurement.

James Aiello PricewaterhouseCoopers Africa Utility Week 06 International Good Practice in Procurement.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Software Development Risk Assessment for Clouds National Technical University of Ukraine “Kiev Polytechnic Institute” Heat and energy design faculty Department.

Software Development Risk Assessment for Clouds National Technical University of Ukraine “Kiev Polytechnic Institute” Heat and energy design faculty Department.
New A.M. Best Cyber Questionnaire

New A.M. Best Cyber Questionnaire
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
November 13, 2008www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza.

November 13, 2008www.infosecurity.ca.gov1 What’s New! Presented by Colleen Pedroza.
Chapter 3 Pre-Incident Preparation Spring 2016 - Incident Response & Computer Forensics.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Incorporating Road Safety Audit into Development Control Kevin Nicholson Principal Consultant.

Incorporating Road Safety Audit into Development Control Kevin Nicholson Principal Consultant.
URBACT IMPLEMENTATION NETWORKS. URBACT in a nutshell  European Territorial Cooperation programme (ETC) co- financed by ERDF  All 28 Member States as.

URBACT IMPLEMENTATION NETWORKS. URBACT in a nutshell  European Territorial Cooperation programme (ETC) co- financed by ERDF  All 28 Member States as.
Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.

Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.

Similar presentations

Ads by Google