1 / 17

Peter Burnett Head of Information Sharing

National Infrastructure Security Co-ordination Centre. Peter Burnett Head of Information Sharing. www.niscc.gov.uk. Home Secretary 1999. “…working with the private sector…to ensure adequate standards of protection for the key systems falling within the critical national infrastructure…

bree
Download Presentation

Peter Burnett Head of Information Sharing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. National Infrastructure Security Co-ordination Centre Peter Burnett Head of Information Sharing www.niscc.gov.uk

  2. Home Secretary 1999 • “…working with the private sector…to ensure adequate standards of protection for the key systems falling within the critical national infrastructure… • raising awareness and standards of information security more generally in the private sector… • developing a dialogue with international partners • I have established the NISCC to act as a point of contact for those involved in this work in both government and the private sector.”

  3. What is NISCC? NISCC is an interdepartmental centre which co-ordinates activity in support of this aim across a range of organisations. Each of these contributes resources and expertise to NISCC’s programme of work according to its own remit, its own priorities, in relation to the challenge in hand, and depending on what value it can add.

  4. Security Service Communications-Electronics Security Group (CESG) Cabinet Office – Civil Contingencies Secretariat (CCS) Office of e-Envoy CSIA DSTL (ex DERA) Department of Trade & Industry (DTI) National Hi-Tech Crime Unit (NHTCU) Home Office Ministry of Defence “an Interdepartmental Centre”

  5. What is the CNI? Those parts of the United Kingdom’s infrastructure for which continuity is so important to national life that loss, significant interruption or degradation of service would have life-threatening, serious economic or other grave social consequences for the community, or would otherwise be of immediate concern to the Government. NISCC’s aim is to minimise the risk to the critical national infrastructure from electronic attack.

  6. The CNI Sectors • Telecommunications • Energy • Finance • Central Government • Water and Sewerage • Health Services • Emergency Services • Transport • Hazards • Food

  7. NISCC Functional Model Critical National Infrastructure Investigating Promoting Vulnerabilities and Assessing Protection and Exploits the threat of eA Assurance Responding to incidents Research and Development/ Policy/ Mapping INFORMATION SHARING

  8. NISCC – Information Sharing Strategic Objectives • Increase IT Security Awareness, Education : • Healthier e-environment (reduce Viruses, Worms, Trojans, DDoS etc) • Provide useful and timely warnings • Gather IT security incident reports • Crime reports (only with consent) • Statistics, Trends, Threat assessment • Attack detection

  9. Information Sharing • UK CERTs forum • Encouraging new CERTs in UK • Encouraging Information Sharing Bodies • Reporting System (NHTCU/NISCC) • National Warning System • Partnership arrangements • Symantec, Microsoft • Conceive & establish Information Exchanges • Finance, Telecomms, SCADA, MSPs • Conceive & promote WARPs • Warning, Advice & Reporting Points

  10. CERTs, WARPs, etc Warnings Advice Incident Reports Problems The WARP model WARP e-COMMUNITY Local authority, trade association, interest group, industry sector

  11. NISCC – Information Sharing The WARP Model - Functions • Issue Warnings to its community • Provide Advice on Internet problems & share Good Practice amongst members • Gather, sanitise, and share Incident Reports

  12. London Borough B London Borough C etc. London Borough A Secure links Secure links Authorised users in each Borough Supported by SOCITM, OeE & NISCC Future ‘LA’ WARPs 33 London Boroughs LondonConnects WARP Secure system with fallback contingency CERTs NISCC 1 Admin. FTE Bugtraq Secure link 1 Technical FTE CSIRTs UNIRAS Sans Other WARP for London Boroughs (www.lcwarp.org)

  13. The WARP TOOLBOX • Toolbox • Filtered Warning & Alerting System (FWAS) • Tick-List Software • Good Practice & Advice Brokering Service (GPABS) • Bulletin Board • Reporting and Trusted Sharing Service (RTSS) • Business Cases • Security Policy • Commercial sponsorship • Independent Study

  14. Open Sources, CERTs Warnings Advice Filter Prioritise Supplement Add Value Problems A Shared Solution WARP WARP Incident Reports Good Practice Solutions Skills e-COMMUNITY e-COMMUNITY Experience, Expertise, Solutions

  15. Kent Gets its Own WARP

  16. Thank You for listening patiently

  17. QUESTIONS ? Contact me on020 7821 1330ext 4508peterb@niscc.gov.uk

More Related