Upload
segughana
View
290
Download
0
Tags:
Embed Size (px)
Citation preview
Information Infrastructure ProtectionProtection
Role of the CPNIThe Centre for the Protection of National Infrastructure is theThe Centre for the Protection of National Infrastructure is therecognised UK government authority for protective security advice to the National Infrastructure.
It protects national security through:
• Minimising risk to the National Infrastructure; by• Minimising risk to the National Infrastructure; by
• Delivering authoritative advice; to
• Reduce the vulnerability of the National Infrastructure to• Reduce the vulnerability of the National Infrastructure to terrorist and other threats.
Th N i l I f (NI)The National Infrastructure (NI):TelecommunicationsEEnergyFinanceGovernment & Public ServicesWater Health Emergency ServicesEmergency ServicesTransportFood
D li i ti l i tDelivering essential services to the citizenNot everything is criticalEach sector is different
Protecting the NI: Our Strategic Approach•Impact driven•Impact driven
•Vulnerability focused
•Threat informed
•Under pinned by: p y
Tripartite Relationship
International angle
Research and Technology Programme
Th Old A h t C iti litThe Old Approach to Criticality•‘CNI’ means different things to different people.O l ‘ t l ’ f EKP (S 1 2 )•Only ‘catalogue’ was for EKPs (Supers, 1s, 2s).
•Focus on the site, not the service.•Old fashioned language•Old fashioned language.•EKPs did not cover critical networks & systems.•Criteria different across sectors.•Insufficient account taken of non-’critical’ infrastructure.
U d ti th M i f C iti litUpdating the Meaning of Criticality•Focus on delivery of ‘critical services’, including information infrastructureinformation infrastructure.•Scale from 5 (most critical) down to 0.•Cat 5 = Supers; Cat 4 = EKP 1s; etc.•Common approach for sites and critical networks.•Categories 3 – 5 likely to represent ‘critical’ national infrastructure.infrastructure.•Foundation for prioritisation of advice and resources.
Criticality ScalesCriticality ScalesDefinition Example
5 Catastrophic Loss of > 20% of national gas supply for > 24 hours
4 Severe Loss of electricity for > 1m consumers for > 18 hours
3 Substantial Loss of water for > 100k consumers > 3 days
2 Significant Disruption to payment settlement systems for up to 12 hours
1 Moderate Local disruption to emergency servicesp g y
0 Minor
Criticality Scale
4
5
cale
Critical Th h ld
2
3
Crit
ical
ity s
c
Threshold1
rgen
cyer
vice
s
Ener
gy
inan
ce
Food
rnm
ent
Hea
lth
catio
ns
nspo
rt
Wat
er
Emer Se
E Fi
Gov
er
Com
mun
ic
Tran
NI Sectors
CPNI Knowledge Development
PHYSICAL SECURITY
Integrated advice…
SECURITY
INFORMATION…to reduce
vulnerability in INFORMATIONSECURITY
ythe national
infrastructure
PERSONNELSECURITY &
BEHAVIOURAL ASSESSMENTASSESSMENT
Ad i D liAdvice DeliveryInputs
C t t 2
Processes
P i iti ti f
Outputs
F d
Outcomes
R d d
External factors Contest 2
National Risk Assessment
Prioritisation of resources
Advice delivery plans
Focused consultancy
Better products &
Reduced vulnerability in CNI
Shaped
Terrorism
Espionage
IA Strategy
Knowledge:
•Threats
plans
CNI Self assessment
products & services
Better skilled advisers
Shaped environment
•Threats
•Sectors
•Technology
Requirement setting
R&D
advisers
Performance management
•People
•Criticalities
Programme
Training
Information•Vulnerabilities Information sharing
Information Exchanges
Transport Sector28 Representatives18 Companies
Pharmaceuticals Industry12 Representatives 7 Companies
Finance SectorManaged Service Providers36 Representatives 23 Companies
Finance Sector54 Representatives 34 CompaniesPIIE
MSPIE
TSIE
FSIEAerospace/Defence32 Representatives 17 Companies
SCADA
ADMIECPNIInformationExchanges
NIXIE
Northern Ireland Crossover26 Representatives14 Companies
SCADA77 Representatives 37 Companies
W t S it
SCSIE
WSIENSIE
ExchangesSPIIESpace Industries
10 Representatives7 Companies
Network Security27 Representatives 15 Companies
Water Security40 Representatives 18 Companies
V d S i
VIE VSIESRIE
NSIE
12 Exchanges
220 Companies
Security Researchers30 Representatives 15 Companies
Vendor Security23 Representatives 15 Companies
Building Trust
Fl i h i ll ith th b It i•Flourishes in small groups with the same members. It is personal.•Start small and grow – you can’t easily shrink a group.•Trust and value grow together but needs investment and an understanding of incentives.•Regular face to face contact works best Other options•Regular face to face contact works best. Other options are teleconferences and “meetings outside of meetings”.
Trust will only develop if all members contribute.
ExtranetExtranet
CPNI Website
THANK YOU