nis breakfast briefing
play

NIS Breakfast Briefing Secure Your Supply Chain Thursday 6 th - PowerPoint PPT Presentation

May 09, 2023 •131 likes •572 views

NIS Breakfast Briefing Secure Your Supply Chain Thursday 6 th September 2018 Agenda Welcome David Duke, Gemserv An Introduction to NIS Ian Davis, Gemserv Case Study National Energy Generator and Distributor Andy Green, Aprose

  1. NIS Breakfast Briefing Secure Your Supply Chain Thursday 6 th September 2018

  2. Agenda  Welcome David Duke, Gemserv  An Introduction to NIS Ian Davis, Gemserv  Case Study – National Energy Generator and Distributor Andy Green, Aprose  Introducing NIS into ABP Ewan Duncan, Associated British Ports Gemserv 2

  3. Agenda  Welcome David Duke, Gemserv  An Introduction to NIS Ian Davis, Gemserv  Case Study – National Energy Generator and Distributor Andy Green, Aprose  Introducing NIS into ABP Ewan Duncan, Associated British Ports Gemserv 3

  4. NIS Regulation NIS Regulation Breakfast Meeting Ian Davis – Head of Information Security

  5. Agenda  Introduction to NIS  Essential Service Scoping  Extent and complexity of the supply chain  Question and answer session Gemserv 5

  6. Network Information Security Regulation Introduction Gemserv 6

  7. Attacks on the Increase 92% 13% 600% Increase in new Overall increase in Increase in IoT downloader reported Attacks* variants* vulnerabilities* 29% 13% 54% Increase in industrial Overall increase in Increase in mobile control system (ICS) reported malware variants* related vulnerabilities* vulnerabilities* Gemserv *Source: Symantec 2018 Internet Security Threat Report 7

  8. Attacks on the Increase Initial Intelligence Stolen Modify systems Future attack Compromise gather credentials OT Gemserv 8

  9. Attacks on the Increase State and state-sponsored threats  Motivation  Political, diplomatic, technological, commercial, strategic advantage  To cause disruption  Skill  Offensive & destructive cyber capabilities  Highly funded  Covert operations and attacks  Opportunity  24/7 internet connected  Inadequate defences  Social engineering Gemserv 9

  10. Network Information Security Regulation  Raise UK Cybersecurity levels  Protect Critical National Infrastructure Gemserv 10

  11. NIS Timeline OES CAF NIS INCIDENTS OFCOM THRESHOLDS 2018 2019 Apr May Jul Aug Sep Nov Jan May CRITICAL CAF CAF 72 HOURS INCIDENTS CAF SYSTEMS FINDINGS Gemserv 11

  12. Cyber Assessment Framework Indicators of Good Practice in the Indicators of Good Practice tables CAF are: in the CAF are not:  Intended to help inform expert  A checklist to be used in an judgement inflexible assessment process  Examples of what an assessor will  An exhaustive list covering normally need to consider everything an assessor needs to consider  May need to be supplemented in some cases  Guaranteed to apply verbatim to all organisations  Designed to be widely applicable across organisations  Applicability needs to be established Gemserv 12

  13. Cyber Assessment Framework  OES’ will benefit from a mature ISMS  Audit team to complete self- assessment  Expected to take months  Continual improvement Gemserv 13

  14. Essential Service Scope 14

  15. Operator of Essential Service Thresholds 250,000 200,000 10M+ Passengers Providers of TLD 2 billion Consumers Consumers healthcare DNS 2M+ DNS 250,000 IXP 50% Gemserv 15

  16. Scope of Essential Service Thresholds Suppliers Transport IT & OT Essential Other CNI, power, Dependencies on Service water, transport, DSP sector ICS Network Processes Physical People Gemserv 16

  17. Scope of Essential Service - Threats ? OT OT Essential Service Gemserv 17

  18. Scope of Essential Service - Risk Treatment Threat Essential Likelihood Service Vulnerability Impact Asset Gemserv 18

  19. Business Impact Analysis Strategy and priority Objective: essential service Criticality, function and operating within threshold processes level Essential Service Recovery time objective (RTO) Tolerable disruption without Recovery point objective dependencies (RPO) Risk assessment Gemserv 19

  20. Extent and Complexity of the Supply Chain

  21. Extent and Complexity of the Supply Chain Essential Service Gemserv 21

  22. Extent and Complexity of the Supply Chain People  Skills shortage  Supplier culture  Leavers and movers  Physical equipment Essential  Security awareness training Service  Phishing and ransomware serious threat  Background checks  24/7 day and night shift Gemserv 22

  23. Extent and Complexity of the Supply Chain Technology, IT and OT  Network segmentation or air gap  Introduction of IoT  OT expertise with limited people  Incident response / forensics Essential capabilities for OT & IT Service  System and components  Secure engineering principles  Vulnerabilities Gemserv 23

  24. Extent and Complexity of the Supply Chain Cloud Services  Information in transit  Stored information  Physical access  Governance Essential  Background checks, user management Service  Active monitoring and audit records  Remote access, authentication  Privileged access  External interfaces Gemserv 24

  25. Extent and Complexity of the Supply Chain Supplier Security Baseline  Certification  ISO 27001  ISO 22301  Cyber Essentials Plus Essential  Procurement process Service  Security Awareness Training  BS7858 Background checks  Transparency  Contractual agreement  Notification  Incident response Gemserv 25

  26. In summary  The clock is ticking  Clear scope is essential  How exposed are you to risks from suppliers? Gemserv 26

  27. Agenda  Welcome David Duke, Gemserv  An Introduction to NIS Ian Davis, Gemserv  Case Study – National Energy Generator and Distributor Andy Green, Aprose  Introducing NIS into ABP Ewan Duncan, Associated British Ports Gemserv 27

  28. Case Study – National Energy Generator and Distributor Andy Green - Lead Security Consultant

  29. Overview  National Energy Company  Power Generation  Distribution Network Operator  Onward connectivity to other EU Power networks  Operator of Essential Service (OES) with c450k consumers  Need to comply with NIS Directive 29

  30. Organisational Scope  Large fibre network covering entire island  Distribution sub-stations  Interconnector to mainland EU  Head-office and remote offices  Power Stations  Large IT Network  OT Infrastructure including SCADA and ICS 30

  31. Cyber Security Risk Assessment  Risk Assessment followed the ISO27005 framework  Technical Risk Treatment was based the Critical Security Controls Top 20  The CSC20 has ICS alignment guidelines  Further aligned with NIST Cyber Security Framework for cyber resilience 31

  32. EU Funding  In partnership with the Home Office the risk assessment will be used as evidence for CEF funding  Connecting Europe Facility (CEF) is an EU funding programme  Objective 2: Capability development of Operators of Essential Services (OES) and Digital Service Providers (DSP) in line with the Security of Network and Information Systems Directive 32

  33. Agenda  Welcome David Duke, Gemserv  An Introduction to NIS Ian Davis, Gemserv  Case Study – National Energy Generator and Distributor Andy Green, Aprose  Introducing NIS into ABP Ewan Duncan, Associated British Ports Gemserv 33

  34. “Networked and Information Systems Regulations Introducing NIS R into ABP Ewan Duncan Group Head of Security Associated British Ports

  35. NIS R and cyber security. • ABP Context: • UK’s largest Port Operator • Humber to Silloth • Europe’s largest Cruise Liner operations (Southampton) • Reliance upon a variety of networked and information systems • Regulated by the DfT • Physical Security – PFSIs, vetting, annual audit and inspections (ISPS) • Data Protection • www.abports.co.uk 25/09/2018 35

  36. NIS R and cyber security. • We should be doing this anyway, but it’s forced upon us…. • No different to physical security – threat, risk, vulnerabilities. • NIS Regulation. • Alongside GDPR. • Impact upon Risk Management. • It came late…. • DCMS, Guidance, Direction – now ‘live’. • Cyber Security Code of Practice – not mandatory. • How important is it ? • Difficult to secure ‘buy in’. 25/09/2018 36

  37. NIS R and cyber security. • We should be doing this anyway, but its forced upon us…. • No different to physical security – threat, risk, vulnerabilities. • NIS Regulation. • Alongside GDPR. • Impact upon Risk Management. • It came late…. • DCMS, Guidance, Direction – now ‘live’. • Cyber Security Code of Practice – not mandatory. • How important is it ? • Difficult to secure ‘buy in’ – in a commercial environment.. 25/09/2018 37

  38. NIS R and cyber security. Security of Networked and Information Systems • Does this include: • Cyber Security ? • Physical Security ? • Data Protection ? • Risk Management ? • Physical processes ? 25/09/2018 38

  39. NIS R and cyber security. Security of Networked and Information Systems • Does this include: • Cyber Security ? • Physical Security ? • Data Protection ? • Risk Management ? • Physical processes ? …it does within ABP. 25/09/2018 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

WELCOME! University of Birmingham Business Club Breakfast Briefing International Business

WELCOME! University of Birmingham Business Club Breakfast Briefing International Business

WELCOME! University of Birmingham Business Club Breakfast Briefing International Business Challenges Tuesday 6 th October 2015 Benefits of being a member Access to Bizz Inn space Regular Breakfast Briefings Opportunity to

552 views • 39 slides
Working Families Breakfast Briefing: Pregnancy, maternity and returning to work after a break

Working Families Breakfast Briefing: Pregnancy, maternity and returning to work after a break

Working Families Breakfast Briefing: Pregnancy, maternity and returning to work after a break how to avoid the pitfalls and benefit from best practice Kindly Hosted By @WorkingFamUK Working Families Breakfast Briefing Pregnancy, maternity

695 views • 36 slides
WELCOME! University of Birmingham Business Club Breakfast Briefing Access to finance Sponsored

WELCOME! University of Birmingham Business Club Breakfast Briefing Access to finance Sponsored

WELCOME! University of Birmingham Business Club Breakfast Briefing Access to finance Sponsored by ART Business Loans Wednesday 20 th April 2016 Benefits of being a member Access to BizzInn space Regular Breakfast Briefings

905 views • 66 slides
prefunding New Zealand Superannuation Tim Hazledine/RPRC Breakfast Briefing University of

prefunding New Zealand Superannuation Tim Hazledine/RPRC Breakfast Briefing University of

The economics of prefunding New Zealand Superannuation Tim Hazledine/RPRC Breakfast Briefing University of Auckland Business School 28 April, 2009 Context Projected demographic blow out Doubling of over 64s, 2006 2036 .....

596 views • 26 slides
Members Day Breakfast Briefing: New members Saturday 29 March: 8:00 am Park & Ascot

Members Day Breakfast Briefing: New members Saturday 29 March: 8:00 am Park & Ascot

Members Day Breakfast Briefing: New members Saturday 29 March: 8:00 am Park & Ascot Suite @IAPOtweets #GPC2014 www.facebook.com/internationalallianceofpatientsorganizations Speakers Jo Groves, IAPO : Introduction to Congress theme

505 views • 28 slides
Breakfast Success The Importance of Eating Breakfast Breakfast Breakfast is the first meal of

Breakfast Success The Importance of Eating Breakfast Breakfast Breakfast is the first meal of

Breakfast Success The Importance of Eating Breakfast Breakfast Breakfast is the first meal of the day It is the first chance to break the fast and get nutrients in your body which provide the energy you need for the day Why is

319 views • 16 slides
Welcome to the Schneider Downs Not-for-Profit Breakfast Briefing FAQ on Tax Reform and the

Welcome to the Schneider Downs Not-for-Profit Breakfast Briefing FAQ on Tax Reform and the

Welcome to the Schneider Downs Not-for-Profit Breakfast Briefing FAQ on Tax Reform and the Not-for-Profit Sector Sc Schneider Down wns of offer ers s more ore tha than 80 uni nique ser services from om five disti stinct busine

761 views • 50 slides
Thank You to Our Sponsors! BREAKFAST & BIOMASS: A Briefing on the Pellet Market Stephen

Thank You to Our Sponsors! BREAKFAST & BIOMASS: A Briefing on the Pellet Market Stephen

Thank You to Our Sponsors! BREAKFAST & BIOMASS: A Briefing on the Pellet Market Stephen Faehner Chairman, PFI Board of Directors Friday, March 18, 2016 NEW ORLEANS, LA PELLET FUELS INSTITUTE: 2015 Annual Report & 2016 Outlook PFI

380 views • 27 slides
NPD Closure Project: Calculating the Total Waste Inventory NS DF/ NPD Breakfast Briefing 2019

NPD Closure Project: Calculating the Total Waste Inventory NS DF/ NPD Breakfast Briefing 2019

NPD Closure Project: Calculating the Total Waste Inventory NS DF/ NPD Breakfast Briefing 2019 December 04 | Andy McVeigh | NPD Health Physicist UNRESTRICTED / ILLIMIT -1- Agenda General Approach Establishing bounding source term

532 views • 31 slides
Establishing and Managing the NSDF Inventory NS DF/ NPD Breakfast Briefing 2019 December 04 |

Establishing and Managing the NSDF Inventory NS DF/ NPD Breakfast Briefing 2019 December 04 |

Establishing and Managing the NSDF Inventory NS DF/ NPD Breakfast Briefing 2019 December 04 | Jrme Besner | CNL Waste Programs Officer UNRESTRICTED / ILLIMIT -1- Outline Radioactive Waste Policy Framework Integrated Waste

664 views • 18 slides
CAMHS Transformation Programme: CYP IAPT Peter Fonagy Schools in Mind Breakfast Briefing

CAMHS Transformation Programme: CYP IAPT Peter Fonagy Schools in Mind Breakfast Briefing

CAMHS Transformation Programme: CYP IAPT Peter Fonagy Schools in Mind Breakfast Briefing April 2015 With input from Kathryn Pugh, Anne OHerlihy & Robin Barker 1 Could the profile of children and young peoples mental health get

365 views • 15 slides
Understanding the Risks in Alternative Risk Premia IAPF Breakfast Briefing January 2019

Understanding the Risks in Alternative Risk Premia IAPF Breakfast Briefing January 2019

Understanding the Risks in Alternative Risk Premia IAPF Breakfast Briefing January 2019 Amsterdam | Chicago | London | Montral | Munich | Paris | Sydney | Toronto bfinance.com This report is solely for the use of client personnel. No part of

274 views • 23 slides
Managing Performance Issues in the Workplace Employment Breakfast Briefing 23 May 2012 Adrian

Managing Performance Issues in the Workplace Employment Breakfast Briefing 23 May 2012 Adrian

Managing Performance Issues in the Workplace Employment Breakfast Briefing 23 May 2012 Adrian Crawford, Partner Amy Griffiths, Solicitor kingsleynapley.co.uk Aim Outline the legal framework which applies when dealing with performance

684 views • 49 slides
IRLA BREAKFAST BRIEFING - THE SPIKING DEBATE PLEASE TAKE YOUR SEATS 24 January 2020

IRLA BREAKFAST BRIEFING - THE SPIKING DEBATE PLEASE TAKE YOUR SEATS 24 January 2020

IRLA BREAKFAST BRIEFING - THE SPIKING DEBATE PLEASE TAKE YOUR SEATS 24 January 2020 RESTRUCTURING WELCOME & AGENDA Paul Corver IRLA Director Agenda Health & Safety Session objectives Introduction to our speakers

726 views • 23 slides
Breakfast briefing: Commercial space - optimising use, maximising value Simon Wilkes , Head of

Breakfast briefing: Commercial space - optimising use, maximising value Simon Wilkes , Head of

Breakfast briefing: Commercial space - optimising use, maximising value Simon Wilkes , Head of Business Space Development, Legal & General Investment Management, Real Assets Rory Paton , Partner - Central London Agency, Knight Frank Simon

629 views • 17 slides
Capital flows & top picks in Europe in 2018 Property EU breakfast briefing Mat Oakley 5 th

Capital flows & top picks in Europe in 2018 Property EU breakfast briefing Mat Oakley 5 th

Capital flows & top picks in Europe in 2018 Property EU breakfast briefing Mat Oakley 5 th March 2018 The economic story is looking pretty solid Average annual GDP growth 2018-2022 4,0 3,5 3,0 2,5 %pa 2,0 1,5 1,0 0,5 0,0 Sources:

498 views • 14 slides
CWB Network Information exChange Environment (NICE) Mark Cheng Central Weather Bureau, Taiwan,

CWB Network Information exChange Environment (NICE) Mark Cheng Central Weather Bureau, Taiwan,

CWB Network Information exChange Environment (NICE) Mark Cheng Central Weather Bureau, Taiwan, R.O.C. CWB NICE - Mark Cheng 1 2011/4/1 NICE A network based application framework for real time distributed data processing 1. Roles and

247 views • 23 slides
Broker Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon

Broker Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon

Broker Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon '16 Communication in Bro Tap Internal Internet Firewall Tap Network Frontend Nodes Manager + Proxy + ... ... Proxy Backend Nodes

755 views • 40 slides
Policy Options to Promote IPv6 Deployment Internet Week Guyana/LACNIC On The Move 12 October

Policy Options to Promote IPv6 Deployment Internet Week Guyana/LACNIC On The Move 12 October

Policy Options to Promote IPv6 Deployment Internet Week Guyana/LACNIC On The Move 12 October 2017 kevon@lacnic.net The new, larger version of the Internet: IPv6 Video url: https://www.youtube.com/watch?v=- Uwjt32NvVA Trends Available

365 views • 19 slides
non-traditional provider issues - policy and economic Mark Johnson MCNC Private, Not for profit

non-traditional provider issues - policy and economic Mark Johnson MCNC Private, Not for profit

non-traditional provider issues - policy and economic Mark Johnson MCNC Private, Not for profit Organization Established in 1980 as Microelectronics Center of North Carolina; Became MCNC in 1990 Founded by NC General Assembly as

81 views • 5 slides
MEETING JANUARY 10, 2018 JANUARY AGENDA Call to Order 12:00 Roll Call and Introductions,

MEETING JANUARY 10, 2018 JANUARY AGENDA Call to Order 12:00 Roll Call and Introductions,

EHEALTH COMMISSION MEETING JANUARY 10, 2018 JANUARY AGENDA Call to Order 12:00 Roll Call and Introductions, Approval of November minutes, and January Agenda and Objectives Announcements 12:05 OeHI Updates State Agency, Community Partner,

785 views • 39 slides
Supercomputers and Supercomputers and Clusters and Grids, Clusters and Grids, Oh My! Oh My!

Supercomputers and Supercomputers and Clusters and Grids, Clusters and Grids, Oh My! Oh My!

OSC Statewide Users Group Distinguished Lecture Series and OSC Statewide Users Group Distinguished Lecture Series and Ralph Regula Regula School of Computational Science Lecture Series School of Computational Science Lecture Series Ralph

468 views • 19 slides
Webinar will be recorded Supporting slides will be sent directly to all attendees and go

Webinar will be recorded Supporting slides will be sent directly to all attendees and go

Reliant on our IT please turn off your video cameras Webinar will be recorded Supporting slides will be sent directly to all attendees and go out on our social media and website for sharing Please put all questions in the chat

339 views • 31 slides
Libraries on Virtualized InfiniBand Clusters Keynote Talk at VisorHPC (January 2017) by

Libraries on Virtualized InfiniBand Clusters Keynote Talk at VisorHPC (January 2017) by

HPC Meets Cloud: Opportunities and Challenges in Designing High-Performance MPI and Big Data Libraries on Virtualized InfiniBand Clusters Keynote Talk at VisorHPC (January 2017) by Dhabaleswar K. (DK) Panda The Ohio State University E-mail:

1k views • 70 slides

More recommend