190 likes | 435 Views
NISCC WARP WORKSHOP WARPs IN CENTRAL GOVERNMENT. Advertisement. The WARP process is great for an ‘open’ environment where classification is not a problem. What if my problem is sensitive to my Department?. How do I benefit from the WARP structure
E N D
NISCC WARP WORKSHOP WARPs IN CENTRAL GOVERNMENT
Advertisement • The WARP process is great for an ‘open’ environment where classification is not a problem. • What if my problem is sensitive to • my Department? • How do I benefit from the WARP structure • when the information I’m interested in is • protectively marked above RESTRICTED?
Advertisement • We’ll show you how one Government department has approached the problem (MOD). • We’ll discuss how this approach could be • modified to both large and small • departments. • We’ll have a discussion forum to hear your • views and try to assist you with your problem • areas.
Advertisement • All in…….. 1 hour and 10 minutes However, we know the real reason you’ll come to our workshop is……..
Why come to our workshop? • We’re interesting. • We’re funny. • We’re great guys • And…….we have sweets! ……….so that’ll be the workshop on WARPS in Central Government with Andrew and Ian
NISCC WARP WORKSHOP WARPs IN CENTRAL GOVERNMENT
Workshop Overview • Introduction • MOD Alert Warning and Response Infrastructure • MOD Approach to WARPs • What should a Government WARP do? • NISCC Approach to Government WARPs • Open Forum
RELATIONSHIP BETWEEN WARPS, MRCs, SPs and SOAs OGD WARPs e.g. FCO Public Sector WARPs e.g. Kent CC Private Sector WARPs Tier 0 NISCC National Infrastructure Security Co-ordination Centre DCBMJ6 JSYCC Primary WARP Tier 1 Top Level Budget WARPs e.g. Fleet / Land / STC PJHQ Trading Fund WARPs e.g. AWE / HO / MO DARA DCIRT Primary MRC Service Provider Interface e.g. Fujitsu / BT /EDS Tier 2 SUB WARPS e.g. PJHQ deployed SUB MRCs Sub Monitoring and Reporting Centres e.g.DSTL Tier 3 UNITS / FORMATIONS e.g. HMS X / RAF Y SPs MRCs WARPs
RELATIONSHIP BETWEEN WARPS, MRCs, SPs and SOAs Tier 1 JSYCC Primary WARP WARPs SPs MRCs Service Provider Interface / GOSCC Service Operating Authority Interface / WARP Top Level Budget WARPs e.g. Fleet / Land / STC PJHQ Trading Fund WARPs e.g. AWE / HO / MO DARA DCIRT Primary MRC Tier 2 SUB MRCs Sub Monitoring and Reporting Centres e.g.DII SUB WARPS e.g. PJHQ deployed Tier 3 Service Provider IPT e.g. DFN Service Provider IPT Single Point of Contact (SPOC) UNITS / FORMATIONS e.g. HMS X / RAF Y Service Provider Service Provider e.g. Fujitsue, BT
Organisation of MOD WARPs • Top Level Budget (TLB) WARPs • e.g. Navy, Army, Air Force • Characteristics: • Large number of users • Sub-WARPs • Small but permanent staff • Trading Fund WARPs • e.g. Met Office, Hydro Office, ABRO, DARA. • Characteristics: • Small number of users • Singleton / often part-time/ITSO
UPWARD INFOFLOW (TIER 3 TO 1) BETWEEN WARPS, SPs and SOAs JSYCC Primary WARP Tier 1 Top Level Budget WARPs e.g. Fleet / Land / STC PJHQ Service Operating Authority Interface / WARP Service Provider Interface / GOSCC DCIRT Primary MRC Tier 2 Service Provider e.g. Fujitsue, BT Tier 3 Service Provider / Helpdesk for non-DII Single Point of Contact (SPOC) for DII SUB WARPS e.g. PJHQ deployed USER IN UNITS / FORMATIONS e.g. HMS X / RAF Y
DCSA MANAGED AND STAFFED NETWORKS JSYCC Primary WARP Tier 1 ALL Top Level Budget WARPs e.g. Fleet / Land / STC PJHQ GOSCC Service Provider Interface DCIRT Primary MRC CND ONLY Tier 2 SERVICE OPERATING AUTHORITY (IPT FUNCTION) e.g. DCSA DII IPT SERVICE PROVIDER e.g. FUJITSU SINGLE POINT OF CONTACT (SPOC) USER ITSO
CANNEL – MOD CIS Alert State General or Specific DirectedAttack RED AMBER Increased Risk of Compromise Normal Background Activity BLACK
PROTECTION DETECTION TOLERANCE DETERRENCE REACT CND Risk Management RECOVER ELECTRONIC ATTACK REACT
Requirements for MOD WARPs (1) • WARPs act with the authority of the PSyA for all InfoSy matters and ultimately with the full authority of the DSO. • WARP staffs must be capable of briefing both their command chain and the JSyCC on the implications and effects on their FLC/TLB/TF or Agency of the alerts that they are providing. • They must have knowledge of any systems and applications used within their command to conduct business and/or operations. • They must also have a sufficient understanding of the network architecture, service provision and information flows of the networks, which process information, to be capable of briefing both their command chain and the JSyCC on the implications of the warnings they receive. • WARPs will, therefore, require staff with the skills and competences to provide Information Security advice to their commands as well as to Tier 1 and 3 organisations.
Requirements for MOD WARPs (2) WARPs are required to act as the focal point for: • The dissemination of changes to the MOD CIS Alert State state to their Tier 3 organisations, including: • Recognition of the implications for their FLC/TLB/TF or Agency that the change of state will incur. • Briefing any significant issues both to their chain of command and the JSyCC. • The reporting of CIS Alerts to the JSyCC, in accordance with the instructions and timings laid down in MOD Information Security Incident Response System , taking due account of the fact that CND / CNE alerts must be timely and responsive and will require a 24/7 response capability, which may be on-call. • The dissemination of CIS Warnings to their Tier 3 organisations, in a timely and accurate manner, taking due account of the fact that JSyCC Alerts relating to serious vulnerabilities may require dissemination during out-of working hours, in order to be effective. • The co-ordination of Requests for Information and Directives, in accordance with the instructions and timings specified. • The collation of all information relating to an incident.
Requirements for MOD WARPs(3) • Liaison with JSyCC on all Information Security issues, which may have implications for: • Law Enforcement, including legal and forensic issues. • Counter-Intelligence. • CND. • Parliamentary Questions being raised or Briefs to Ministers required. • Press / Media interest. • WARPs are to recognise that any incident involving compromise of Defence information may have Law Enforcement and/or Counter-Intelligence (LE/CI) issues attached..
Requirements for MOD WARPs (4) In essence: A MOD WARP needs to understand the operations and business processes of its TLB/TF and be able to translate to the chain of command (business process owner) the impact of a change in risk (brought about by a change in threat or vulnerability) on those processes. The WARP should also be able to do something about the risk even if only to notify the chain of command.