Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ofcom’s role in cyber security

Published bySharleen Fleming Modified over 5 years ago

Similar presentations

Presentation on theme: "Ofcom’s role in cyber security"— Presentation transcript:

1 Ofcom’s role in cyber security
UKNOF Edinburgh Huw Saunders Director, Network Infrastructure

2 Ofcom and cyber security
Area of growing importance across all sectors, with new legislation to match Involvement in broader security obligations since 2011 Long considered cyber to be in scope but this area is now getting more attention: Increasing threat Government cyber strategy More pro-active approach – TBEST etc New legislation - NIS

3 Comms Act - Section 105A-D Security obligations for communication network and service providers Security measures “…providers must take… measures appropriately to manage risks to security…” Report incidents “…provider must notify Ofcom of a breach of security which has a significant impact on the operation of…” Ofcom’s role Issuing & updating guidance Following up & investigating reported incidents & any other concerns as needed Publishing a summary of incidents

4

5 Digital Service Providers
Network and Information Systems Regulations 2018 New Regulations that introduce security duties on infrastructure sectors Made law in June 2018 Transposes the EU NIS Directive into UK law A strong cyber focus, but obligations cover security more widely “aims to raise levels of the overall security and resilience of network and information systems across the EU” Establishes need for: National cyber strategy National CSIRT NIS SPOC & Technical Authority Security and reporting obligations Sectors in scope of NIS Regulations: Electricity Oil Gas Air Transport Water Transport Rail Transport Road Transport Healthcare Drinking Water Supply & Distribution Digital Infrastructure Online Marketplace Online Search Engine Cloud Computing Service Digital Service Providers

6 Ofcom ask of UKNOF Attendees
The NIS legislation mandates that if you are in scope of the Directive that you nominate your company to Ofcom View Ofcom's guidance on the NIS Directive - internet/information-for-industry/guidance-network-information-systems-regulations Review the NIS Directive legislation - If you exceed the thresholds and are in scope then inform Ofcom at Contact of you have any questions

7 NIS Thresholds for DNS, TLD and Internet Exchanges
Top level domain (TLD) Name Registries TLD Registries who service an average of 2 billion or more queries in 24 hours for domains registered within the Internet Corporation for Assigned Names and Numbers (ICANN). [Note the threshold specified is an annual average and shall be based on the best available historic data from the preceding 12 months; and the threshold specified excludes growth of traffic load due to malicious activity such as DDoS attacks] Domain Name System (DNS) Service Providers DNS Service Providers who provide DNS resolvers offered for use by publicly accessible services, which service an average of 2,000,000 or more requesting DNS clients based in the UK in 24 hours; or DNS Service Providers who provide authoritative hosting of domain names, offered for use by publicly accessible services servicing 250,000 or more different active domain names. [Note. the thresholds specified are on annual average and shall be based on the best available historic data from the preceding 12 months) Internet Exchange Point (IXP) Operators IXP Operators who have 50% or more annual market share amongst UK IXP Operators in terms of interconnected autonomous systems, or who offer interconnectivity to 50% or more of Global Internet routes. Note. Global Internet routes means the total number of active entries within the Global Internet Routing Table averaged per calendar year.

Download ppt "Ofcom’s role in cyber security"

Similar presentations

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.
Geneva, Switzerland, 2 June 2014 The UK experience and approach to damage mitigation Huw Saunders, Director, Network Infrastructure, Ofcom

Geneva, Switzerland, 2 June 2014 The UK experience and approach to damage mitigation Huw Saunders, Director, Network Infrastructure, Ofcom
UKTI’s global presence UKTI has more than 1,200 staff in over 100 overseas markets 2.

UKTI’s global presence UKTI has more than 1,200 staff in over 100 overseas markets 2.
The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.

The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
NICK LANGFORD 7 NOVEMBER 2006 Getting Ready for AIM.

NICK LANGFORD 7 NOVEMBER 2006 Getting Ready for AIM.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
1 The New Security Blueprint : Challenges & Opportunities Ajay Goel, Managing Director, Symantec India & SAARC Sept 1, 2011.

1 The New Security Blueprint : Challenges & Opportunities Ajay Goel, Managing Director, Symantec India & SAARC Sept 1, 2011.
The 3rd package for the internal energy market Key proposals EUROPEAN COMMISSION Heinz Hilbrecht Directorate C - Security of supply and energy markets.

The 3rd package for the internal energy market Key proposals EUROPEAN COMMISSION Heinz Hilbrecht Directorate C - Security of supply and energy markets.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.
CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.

CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.
ISACA Ireland Cyber Security Policy 9 February 2016.

ISACA Ireland Cyber Security Policy 9 February 2016.
Deconstructing the EU NIS Directive: model, architecture, interfaces, expressions Tony Rutkowski, 08.

Deconstructing the EU NIS Directive: model, architecture, interfaces, expressions Tony Rutkowski, 08.
Global Digital Security Market 2016-2020 www.rnrmarketresearch.com WEBSITE Single User License: US$ 2500 No of Pages: 60 Corporate User License: US$ 4000.

Global Digital Security Market WEBSITE Single User License: US$ 2500 No of Pages: 60 Corporate User License: US$ 4000.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
Critical Infrastructure Protection Market by Security Technology & Region

Critical Infrastructure Protection Market by Security Technology & Region
EIC – Jornada ciberatacs cyber risk outlook June 2016.

EIC – Jornada ciberatacs cyber risk outlook June 2016.
DNS Security Risks Section 0x02. Joke/Cool thing traceroute 216.81.59.173 traceroute 216.81.59.173 https://www.youtube.com/watch?v=5_dRqPLP1d c https://www.youtube.com/watch?v=5_dRqPLP1d.

DNS Security Risks Section 0x02. Joke/Cool thing traceroute traceroute c

Similar presentations

Ads by Google