critical information infrastructure protection ciip
play

Critical Information Infrastructure Protection (CIIP) National - PowerPoint PPT Presentation

Sep 07, 2022 •302 likes •517 views

Critical Information Infrastructure Protection (CIIP) National Knowledge Network (NKN) Annual workshop 17 - 19 Oct 2013, IISc, Bangalore Presentation Outline Government Cyber Security Architecture CII Overview & Definitions Critical

  1. Critical Information Infrastructure Protection (CIIP) National Knowledge Network (NKN) Annual workshop 17 - 19 Oct 2013, IISc, Bangalore

  2. Presentation Outline Government Cyber Security Architecture CII – Overview & Definitions Critical Sectors Threats Approach to CIIP International Efforts & Practices Lateral Developments NKN Annual Workshop: 17 - 19 Oct' 13

  3. National Security Council National Information Board Engagement Enabling with private Threat Assurance & R&D and Deterrence / Policies sector and Monitoring Certification Indigenization Operations Academia NKN Annual Workshop: 17 - 19 Oct' 13

  4. CII - Those facilities, systems, or functions, whose incapacity or destruction would cause a debilitating impact on national security, governance, economy and social well- being of a nation. In India, as per Section 70 of IT (Amendment) Act 2008, CII is defined as - The computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety. CIIP - To take all measures, including R&D, relating to protection of CII NKN Annual Workshop: 17 - 19 Oct' 13

  5. NKN Annual Workshop: 17 - 19 Oct' 13

  6. Situation Government Awareness/ Threat Analysis Private CIIP NKN Annual Workshop: 17 - 19 Oct' 13

  7. Assurance Government CERT-C Situation Centre CERT Analysis Technology CIIP NKN Annual Workshop: 17 - 19 Oct' 13

  8. Information not to be divulged Information shared within one sector Information restricted within CII Information that can be publicly shared NKN Annual Workshop: 17 - 19 Oct' 13

  9. • Defence - Army, Air Force, Navy, Defence Production, and Defence Research. • Energy - Nuclear, hydro, Thermal/Coal, Oil & Gas. • Finance - Stock Exchange, Depositories, banks and Financial Institutions, Direct/Indirect Revenue Services. • • Space - Space Research, Launching, Command & Control, Remote Space - Space Research, Launching, Command & Control, Remote Sensing. • Information and Communication Technology - Internet Services – DNS, Web, Mail – Date Networks, Satellite, Terrestrial and wireless, Data Centre, Telecom – Fixed and mobile. • Information & Broadcasting - Broadcasting Services. • Transportation - Railways, Civil Aviation, shipping, Surface Transport. • Public Essential Services and Utilities - Medical Services, Fire Services, Water Supply. • Law Enforcement and Security - Police, Security Agencies. NKN Annual Workshop: 17 - 19 Oct' 13

  10. Vertical Dependency Horizontal Dependency NKN Annual Workshop: 17 - 19 Oct' 13

  11. • Internal Threats – IT sabotage, Fraud, Information Security breach and Theft of Confidential or proprietary information • External Threats – Terrorist attacks on CII, Espionage, Cyber/Electronic – Terrorist attacks on CII, Espionage, Cyber/Electronic warfare, Cyber Terrorism, Malware/Spyware, Natural disaster etc. • Threats may cause unauthorized access, modification, use, disclosure, disruption, incapacitation or destruction to CII. NKN Annual Workshop: 17 - 19 Oct' 13

  12. • Top-down structure: Government – Coordinated protection for op Down Approach larger entities. T-D Approach Military Departments CEERT – CERT (or equivalent). Large Industry • Bottom-up Structure: Top D Public Public Private Private T – Community-based – Community-based protection for smaller Universities of Research Institution stakeholder. Other Tertiary Institution – C-SAW (Community B-U Approach oriented Security, Advisory Bottom-up Small Academic Institutions & Warning) structure. CSAW Small & Medium Business • Holistic Development: Individuals – Creating an ‘all- encompassing’ CIIP structure. NKN Annual Workshop: 17 - 19 Oct' 13

  13. Planning Controls 10) Hardening of Hardware and 1) Identification of CIIs Software 2) Vertical & Horizontal 11) Testing and Evaluation of Interdependencies Hardware & Software 3) Information Security Departments Departments 12) DOS/ DDOS Protection 12) DOS/ DDOS Protection 4) Information Security Policies 13) Penetration Testing 14) Risk Assessment Management Implementation Control 15) Physical Security 5) Access Control Policies 16) Identification & Authentication 6) Limiting Admin Privileges 17) Maintenance Plan 7) Perimeter Protection 18) Maintaining Monitoring & 8) Incident Response Analysis Log. 9) Network Device Protection Source: Guidelines prepared by JWG of NCIIPC under NTRO NKN Annual Workshop: 17 - 19 Oct' 13

  14. 30) Outsourcing and Vendor Security Operation control 31) Critical Information Disposal and 19) Data Storage – Hashing & Transfer Encryption Backup control 20) Training & Skill up-gradation 32) Disaster Recovery Site 21) Data Loss Prevention 33) Contingency Planning 22) Cloud Security 34) Predictable Failure Prevention 35) Information / Data Leakage 23) Wi-Fi Security Protection 24) Intranet Security 36) Data Backup Plan 25) Web Application Security 37) Secure Architecture Deployment 26) Advanced Persistent Threats Audit Controls Protection 38) Period Audit 27) Feedback Mechanism 39) Compliance of Security Recommendation 28) Security Certification 40) Checks and Balances for 29) Asset & Inventory Management Negligence NKN Annual Workshop: 17 - 19 Oct' 13

  15. Identification of CII • Interdependency & Criticality Assessment • Risk Assessment • Vulnerability Assessment • Threat Analysis • Assessment of existing level of Cyber Security measures / Assessment of existing level of Cyber Security measures / • • assurance Establishment of Early warning detection system • Incident Management • Crisis Management Plan • Capacity Building • Training & Awareness • CIIP R&D including modeling & Simulation and SCADA • Security. NKN Annual Workshop: 17 - 19 Oct' 13

  16. • SCADA system are deployed worldwide in CIs e.g. power, transport, industry etc. • Critical to our well-being & economy. • Original design & subsequent evolution failed to • Original design & subsequent evolution failed to adequately consider risk of deliberate attack. • Need to understand link between SCADA security and cyber warfare. • Research and Indigenisation would be extremely beneficial in securing CII. NKN Annual Workshop: 17 - 19 Oct' 13

  17. • UN Resolution 58/199 “Creation of Global Culture of Cyber Security and the Protection of Critical Information Infrastructure.” • G8 Principles for Protecting Critical Information Infrastructures (www.justice.gov/criminal/cybercrime/g82004/G8_CIIP_Principles.pdf ) • ITU: A Generic National Framework for Critical Information Infrastructure Protection (CIIP) August 2007 • Organisation for Economic Co-operation and Development (OECD): – – Development of policies for the protection of the critical information Development of policies for the protection of the critical information infrastructure infrastructure – Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security (http://www.oecd.org/) • International Standards – ISO/IEC Standards 27001,27002, 27003, 27004, 27005, 27021, 27031,27035, 31000, 31010 – ISACA: Cobit 4.1, Cobit 5 – ITIL etc • International Multilateral Partnership Against Cyber Threats (IMPACT) www.impact-alliance.org • Information Sharing and Analysis Centers Council (ISAC Council): A Functional Model for Critical Infrastructure Information Sharing & Analysis (www.isaccouncil.org) NKN Annual Workshop: 17 - 19 Oct' 13

  18. • Clear policies & objectives with support from national leadership. • Entity at national level that develops security standards and guidelines. • National risk management • National risk management strategy & framework – strategy & framework – Highest level of government to operators. • International cooperation. • Partnership to address common challenges. • Information sharing on international level at both operational & policy level. NKN Annual Workshop: 17 - 19 Oct' 13

  19. • Cyber Security R&D – Network and Communication Security. – Cryptology. – Enterprise Security • Indigenization • Indigenization – Networking/ routing devices, NMS etc – threat analysis, threat management, threat intelligence • Human Resource Development in Cyber Security. NKN Annual Workshop: 17 - 19 Oct' 13

  20. NKN Annual Workshop: 17 - 19 Oct' 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive

Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive

S T A T D E Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive Software O H F C F R I A C E E S University Research Initiative Program O E F R N L A A V Welcome to the 3 rd

318 views • 14 slides
Critical Information Infrastructure July 15 th 96 American president signed Executive Order

Critical Information Infrastructure July 15 th 96 American president signed Executive Order

6/21/2012 Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs 2012 Workshop on Cyber Security and Global Affairs and Global Security Forum UPC Barcelona Jun.

216 views • 9 slides
NERC Critical Infrastructure Protection Committee (CIPC) Highlights John Hochevar, ATC MRO

NERC Critical Infrastructure Protection Committee (CIPC) Highlights John Hochevar, ATC MRO

NERC Critical Infrastructure Protection Committee (CIPC) Highlights John Hochevar, ATC MRO Board of Directors Meeting October 4, 2018 NERC CIPC MRO Representatives Encompass Four Industry Sectors and Cyber, Physical, and Operations Security

816 views • 5 slides
Critical Infrastructure Protection and Suspicious Activity Reporting Texas Department of Public

Critical Infrastructure Protection and Suspicious Activity Reporting Texas Department of Public

Critical Infrastructure Protection and Suspicious Activity Reporting Texas Department of Public Safety Intelligence & Counterterrorism Division GOAL: Prevent terrorist attacks in Texas and prevent criminal enterprises from operating

421 views • 27 slides
Risk Analysis Methodology for New IT Service IT Infrastructure Protection Division IT

Risk Analysis Methodology for New IT Service IT Infrastructure Protection Division IT

Risk Analysis Methodology for New IT Service IT Infrastructure Protection Division IT Infrastructure Protection Division IT Infrastructure Protection Planning Team IT Infrastructure Protection Planning Team Korea Information Security Agency

407 views • 12 slides
"CYBER SECURITY AND SPACE CRITICAL INFRASTRUCTURE PROTECTION. STUDY CASE: SATCOM" - 67

"CYBER SECURITY AND SPACE CRITICAL INFRASTRUCTURE PROTECTION. STUDY CASE: SATCOM" - 67

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/308780834 "CYBER SECURITY AND SPACE CRITICAL INFRASTRUCTURE PROTECTION. STUDY CASE: SATCOM" - 67 slides Conference Paper

1.17k views • 68 slides
Mapping the Dutch Critical Infrastructure Razvan C. Oprea Fahime Alizade Supervised by Benno

Mapping the Dutch Critical Infrastructure Razvan C. Oprea Fahime Alizade Supervised by Benno

Mapping the Dutch Critical Infrastructure Razvan C. Oprea Fahime Alizade Supervised by Benno Overeinder Wednesday, July 3, 13 The initial question Critical infrastructure sectors What is the network level representation of the critical

392 views • 24 slides
Big data in critical infrastructure: Production and failover infrastructure in DWD's central data

Big data in critical infrastructure: Production and failover infrastructure in DWD's central data

Big data in critical infrastructure: Production and failover infrastructure in DWD's central data management Daniel Lee, German Weather Service (DWD) TI12b Sep. 2015 Agenda 1. DWD's goals 2. Operational systems 3. Technical

556 views • 52 slides
The Office of Infrastructure Protection National Protection and Programs Directorate Department

The Office of Infrastructure Protection National Protection and Programs Directorate Department

5/24/2016 The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Measures for Public Gatherings Western Region Healthcare Emergency Preparedness Coalition (WRHEPC)

550 views • 12 slides
Broadband Infrastructure is Critical Infrastructure Jeff Sobotka VP & State Broadband

Broadband Infrastructure is Critical Infrastructure Jeff Sobotka VP & State Broadband

Broadband Infrastructure is Critical Infrastructure Jeff Sobotka VP & State Broadband Director Definition: Broadband is defined as networks of deployed telecommunications equipment and technologies necessary to provide high-speed

268 views • 15 slides
Protecting UK Critical National Infrastructure from Cyber Attack Kevin T National Cyber Security

Protecting UK Critical National Infrastructure from Cyber Attack Kevin T National Cyber Security

Protecting UK Critical National Infrastructure from Cyber Attack Kevin T National Cyber Security Centre (NCSC) This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation.

197 views • 8 slides
to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn

to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn

Building the Digital Keystone Cyber Threats to Critical Information Infrastructure Haythem EL MIR, CISSP CEO, keystone Group & CISRT.tn www.keystone.tn Building the Digital Keystone State Sponsored Attacks Political Warfare

519 views • 37 slides
The Office of Infrastructure Protection National Protection and Programs Directorate Department

The Office of Infrastructure Protection National Protection and Programs Directorate Department

The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Active Threat Options for Consideration Run Hide Fight Todays Discussion Training vs. Facilitated Discussion Tools

352 views • 24 slides
Critical Infrastructure Resilience Climate Resilience Webinar Series U.S. Department of Housing

Critical Infrastructure Resilience Climate Resilience Webinar Series U.S. Department of Housing

Critical Infrastructure Resilience Climate Resilience Webinar Series U.S. Department of Housing and Urban Development Disclaimer This presentation is intended to provide communities and states with the tools and information to help in

467 views • 18 slides
AI i AI in D Diagn gnos ostic Im Imagi ging: g: An An Tessa S. Cook, MD PhD CIIP

AI i AI in D Diagn gnos ostic Im Imagi ging: g: An An Tessa S. Cook, MD PhD CIIP

AI i AI in D Diagn gnos ostic Im Imagi ging: g: An An Tessa S. Cook, MD PhD CIIP Opportunity y to Reinvent the University of Pennsylvania Clinical Workf kflow @asset25 Royalties, Osler institute Board Member (SIIM, AUR)

797 views • 52 slides
Infrastructure Protection 101 IDAHO OFFICE OF EMERGENCY MANAGEMENT For the Water Source

Infrastructure Protection 101 IDAHO OFFICE OF EMERGENCY MANAGEMENT For the Water Source

Protection, Response & Recovery Infrastructure Protection 101 IDAHO OFFICE OF EMERGENCY MANAGEMENT For the Water Source Protection Workshops Nov. 14 & 16, 2016 https://ioem.Idaho.gov WebEOC Dont know NIMS? Take IS-552

383 views • 24 slides
OUR MISSION NMEC: The New Standard in Workforce Development To lead the Maritime Industry in the

OUR MISSION NMEC: The New Standard in Workforce Development To lead the Maritime Industry in the

N ATIONAL M ARITIME E DUCATION C OUNCIL New Standard in The Maritime Craft Training COMING TO A SHIPYARD NEAR YOU: Increased ROI through Standardized Curricula and Portable Credentials OUR MISSION NMEC: The New Standard in Workforce Development

521 views • 19 slides
Construction Work Packaging Best Practice A Consensus CWP Agenda Introduction CWP

Construction Work Packaging Best Practice A Consensus CWP Agenda Introduction CWP

Construction Work Packaging Best Practice A Consensus CWP Agenda Introduction CWP in the Literature Definitions EWP/CWP/IWP Flow Chart CWP Template Report Summary Introduction The subcommittees strategy for

279 views • 17 slides
Smart Safety Systems for Safer Kolkata City Roads By N Rameshkrishnan Technical Manager, JP

Smart Safety Systems for Safer Kolkata City Roads By N Rameshkrishnan Technical Manager, JP

Saving lives through accident research! Smart Safety Systems for Safer Kolkata City Roads By N Rameshkrishnan Technical Manager, JP Research India Pvt. Ltd. 10 th CII Safety Symposium & Exposition 2016 Session VI: Smart Safety Systems 8 -

331 views • 29 slides
LONG-TERM WATER CONSERVATION FRAMEWORK BRIEFING September 18, 2019 Implementation of the 2018

LONG-TERM WATER CONSERVATION FRAMEWORK BRIEFING September 18, 2019 Implementation of the 2018

LONG-TERM WATER CONSERVATION FRAMEWORK BRIEFING September 18, 2019 Implementation of the 2018 Water Conservation Legislation Primer: Water Conservation Legislation Reference Document 3 Key Elements in 2018 Legislation Urban Water Use

1.04k views • 44 slides
towards Clean Technologies for MSMEs [ Speakers Confederation of Indian Industry Company Logo]

towards Clean Technologies for MSMEs [ Speakers Confederation of Indian Industry Company Logo]

Financing for Market Transformation towards Clean Technologies for MSMEs [ Speakers Confederation of Indian Industry Company Logo] CII Sohrabji Godrej Green Business Centre Nisha Jayaram Centre of Excellence for energy,

593 views • 11 slides
CESC Limited Powering India since 1899 June 2019 1 This presentation has been prepared by and is

CESC Limited Powering India since 1899 June 2019 1 This presentation has been prepared by and is

CESC Limited Powering India since 1899 June 2019 1 This presentation has been prepared by and is the sole responsibility of CESC Limited (the Company) . By accessing this presentation, you are agreeing to be bound by the trailing

1.5k views • 33 slides
MALAYSIA INDIA BUSINESS COUNCIL CONTENTS 1 ABOUT MIBC 2 INDIA-MALAYSIA BILATERAL TIES 3

MALAYSIA INDIA BUSINESS COUNCIL CONTENTS 1 ABOUT MIBC 2 INDIA-MALAYSIA BILATERAL TIES 3

MALAYSIA INDIA BUSINESS COUNCIL CONTENTS 1 ABOUT MIBC 2 INDIA-MALAYSIA BILATERAL TIES 3 BILATERAL ORGANISATIONAL RELATIONSHIP 4 MOUS IN THE PIPELINE KEY FEATURES OF THE 8TH MICEOF ON 14TH 5 FEBRUARY 2019, KUALA LUMPUR 6 PAST

447 views • 29 slides
July 2020 TSX-V: CGC OCTQX: ALLXF TSX-V: CGC OCTQX: ALLXF DISCLAIMER Forward-Looking

July 2020 TSX-V: CGC OCTQX: ALLXF TSX-V: CGC OCTQX: ALLXF DISCLAIMER Forward-Looking

Building COLOMBIAS next MAJOR GOLD MINE Corporate Presentation July 2020 TSX-V: CGC OCTQX: ALLXF TSX-V: CGC OCTQX: ALLXF DISCLAIMER Forward-Looking Statements This presentation of Caldas Gold Corp. (the Company or Caldas) is

222 views • 20 slides

More recommend