Presentation on theme: "Peter Burnett Head of Information Sharing National Infrastructure Security Co-ordination Centre www.niscc.gov.uk."— Presentation transcript:
Peter Burnett Head of Information Sharing National Infrastructure Security Co-ordination Centre
…working with the private sector…to ensure adequate standards of protection for the key systems falling within the critical national infrastructure… raising awareness and standards of information security more generally in the private sector… developing a dialogue with international partners I have established the NISCC to act as a point of contact for those involved in this work in both government and the private sector. Home Secretary 1999
What is NISCC? NISCC is an interdepartmental centre which co-ordinates activity in support of this aim across a range of organisations. Each of these contributes resources and expertise to NISCCs programme of work according to its own remit, its own priorities, in relation to the challenge in hand, and depending on what value it can add.
Communications-Electronics Security Group (CESG) Security Service Cabinet Office – Civil Contingencies Secretariat (CCS) Ministry of Defence National Hi-Tech Crime Unit (NHTCU) Home Office Office of e-Envoy CSIA DSTL (ex DERA) Department of Trade & Industry (DTI) an Interdepartmental Centre
What is the CNI? Those parts of the United Kingdoms infrastructure for which continuity is so important to national life that loss, significant interruption or degradation of service would have life-threatening, serious economic or other grave social consequences for the community, or would otherwise be of immediate concern to the Government. NISCCs aim is to minimise the risk to the critical national infrastructure from electronic attack.
The CNI Sectors Telecommunications Energy Finance Central Government Water and Sewerage Health Services Emergency Services Transport Hazards Food
NISCC Functional Model Investigating and Assessing the threat ofeA Promoting Protection and Assurance Vulnerabilities Exploits Responding to incidents Critical National Infrastructure Research and Development/ Policy/ Mapping INFORMATIONSHARING
Strategic Objectives Increase IT Security Awareness, Education : –Healthier e-environment (reduce Viruses, Worms, Trojans, DDoS etc) Provide useful and timely warnings Gather IT security incident reports –Crime reports (only with consent) –Statistics, Trends, Threat assessment –Attack detection NISCC – Information Sharing
UK CERTs forum –Encouraging new CERTs in UK Encouraging Information Sharing Bodies Reporting System (NHTCU/NISCC) National Warning System Partnership arrangements –Symantec, Microsoft Conceive & establish Information Exchanges –Finance, Telecomms, SCADA, MSPs Conceive & promote WARPs –WARP –W arning, A dvice & R eporting P oints Information Sharing
The WARP model e-COMMUNITY WARP CERTs, WARPs, etc Incident Reports Problems Warnings Advice Local authority, trade association, interest group, industry sector
The WARP Model - The WARP Model - Functions 1.Issue Warnings to its community 2.Provide Advice on Internet problems & share Good Practice amongst members share 3.Gather, sanitise, and share Incident Reports NISCC – Information Sharing
LondonConnects WARP London Borough A London Borough C etc. London Borough B Future LA WARPs CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure link Supported by SOCITM, OeE & NISCC Secure links 1 Technical FTE 1 Admin. FTE WARP for London Boroughs (www.lcwarp.org)
The WARP TOOLBOX Toolbox Filtered Warning & Alerting System (FWAS) Tick-List Software Good Practice & Advice Brokering Service (GPABS) Bulletin Board Reporting and Trusted Sharing Service (RTSS) Business Cases Security Policy Commercial sponsorship Independent Study
A Shared Solution e-COMMUNITY WARP Warnings Advice WARP e-COMMUNITY Problems Incident Reports Good Practice Solutions Skills Experience, Expertise, Solutions Open Sources, CERTs Filter Prioritise Supplement Add Value
Kent Gets its Own WARP
Thank You for listening patiently
Contact me on ext 4508 Contact me on ext 4508 QUESTIONS ?