Presentation is loading. Please wait.

Presentation is loading. Please wait.

National Infrastructure Security Co-ordination Centre

Published byDavid Dixon Modified over 10 years ago

Similar presentations

Presentation on theme: "National Infrastructure Security Co-ordination Centre"— Presentation transcript:

1 National Infrastructure Security Co-ordination Centre
NISCC – Interdepartmental Organisation. Mission – to help protect Critical National Infrastructure from Electronic Attack – Hacking, DDoS, Viruses, Worms, etc Peter Burnett Head of Information Sharing

2 Home Secretary 1999 “…working with the private sector…to ensure adequate standards of protection for the key systems falling within the critical national infrastructure… raising awareness and standards of information security more generally in the private sector… developing a dialogue with international partners I have established the NISCC to act as a point of contact for those involved in this work in both government and the private sector.”

3 What is NISCC? NISCC is an interdepartmental centre which co-ordinates activity in support of this aim across a range of organisations. Each of these contributes resources and expertise to NISCC’s programme of work according to its own remit, its own priorities, in relation to the challenge in hand, and depending on what value it can add.

4 “an Interdepartmental Centre”
Security Service Cabinet Office – Civil Contingencies Secretariat (CCS) Communications-Electronics Security Group (CESG) Office of e-Envoy CSIA DSTL (ex DERA) Department of Trade & Industry (DTI) National Hi-Tech Crime Unit (NHTCU) Ministry of Defence Home Office

5 What is the CNI? Those parts of the United Kingdom’s infrastructure for which continuity is so important to national life that loss, significant interruption or degradation of service would have life-threatening, serious economic or other grave social consequences for the community, or would otherwise be of immediate concern to the Government. NISCC’s aim is to minimise the risk to the critical national infrastructure from electronic attack.

6 The CNI Sectors Telecommunications Energy Finance Central Government
Water and Sewerage Health Services Emergency Services Transport Hazards Food

7 INFORMATION SHARING NISCC Functional Model Investigating and Assessing
the threat of eA Promoting Protection and Assurance Vulnerabilities Exploits Responding to incidents Critical National Infrastructure Research and Development/ Policy/ Mapping INFORMATION SHARING

8 NISCC – Information Sharing
Strategic Objectives Increase IT Security Awareness, Education : Healthier e-environment (reduce Viruses, Worms, Trojans, DDoS etc) Provide useful and timely warnings Gather IT security incident reports Crime reports (only with consent) Statistics, Trends, Threat assessment Attack detection

9 Information Sharing UK CERTs forum
Encouraging new CERTs in UK Encouraging Information Sharing Bodies Reporting System (NHTCU/NISCC) National Warning System Partnership arrangements Symantec, Microsoft Conceive & establish Information Exchanges Finance, Telecomms, SCADA, MSPs Conceive & promote WARPs Warning, Advice & Reporting Points

10 Local authority, trade association, interest group, industry sector
The WARP model CERTs, WARPs, etc WARP This is roughly how a WARP could work – first identify a community. This community might be a regional group of SMEs who already cooperate under a Business Llink scheme for example, or a group with special requirements not served well by commercial services, e.g. partially-sighted users, a group of schools, educational consultants, a group of banks, or any group of businesses or individuals that have some common concerns, or a specialised requirement for software or hardware. A WARP for all local authorities is one clear community. A single local or regional authority may then wish to extend this concept down to its own community to encourage safe use of IT right down to the home user, for the benefit of local e-government. There is scope for a lot of research required to establish the best models for different sectors, but there is also a need for action today. There is a lot of work out there to draw upon from the ISACs and CERTs, and UNIRAS is willing to help any new WARPs to get established. The WARP would be linked into a network of other WARPs, CERTs, ISACs possibly, security research centres, CIP organisations perhaps, any European Warning and Information Sharing system. Incident Reports Problems Warnings Advice e-COMMUNITY Local authority, trade association, interest group, industry sector

11 The WARP Model - Functions
NISCC – Information Sharing The WARP Model Functions Issue Warnings to its community Provide Advice on Internet problems & share Good Practice amongst members Gather, sanitise, and share Incident Reports This is the model we conceived to do it. Very much like a CERT, but with different responsibilities, level of resourcing, skill sets, and especially, very low-cost. 3 key activities, which will develop roughly in this order.

12 WARP for London Boroughs (www.lcwarp.org)
LondonConnects WARP London Borough A London Borough C etc. London Borough B Future ‘LA’ WARPs CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure link Supported by SOCITM, OeE & NISCC 1 Technical FTE 1 Admin.

13 The WARP TOOLBOX Toolbox Business Cases Security Policy
Filtered Warning & Alerting System (FWAS) Tick-List Software Good Practice & Advice Brokering Service (GPABS) Bulletin Board Reporting and Trusted Sharing Service (RTSS) Business Cases Security Policy Commercial sponsorship Independent Study

14 A Shared Solution WARP WARP Warnings Advice Problems e-COMMUNITY
Open Sources, CERTs WARP WARP Problems Warnings Advice This is roughly how a WARP could work – first identify a community. This community might be a regional group of SMEs who already cooperate under a Business Llink scheme for example, or a group with special requirements not served well by commercial services, e.g. partially-sighted users, a group of schools, educational consultants, a group of banks, or any group of businesses or individuals that have some common concerns, or a specialised requirement for software or hardware. A WARP for all local authorities is one clear community. A single local or regional authority may then wish to extend this concept down to its own community to encourage safe use of IT right down to the home user, for the benefit of local e-government. There is scope for a lot of research required to establish the best models for different sectors, but there is also a need for action today. There is a lot of work out there to draw upon from the ISACs and CERTs, and UNIRAS is willing to help any new WARPs to get established. The WARP would be linked into a network of other WARPs, CERTs, ISACs possibly, security research centres, CIP organisations perhaps, any European Warning and Information Sharing system. Filter Prioritise Supplement Add Value Incident Reports Good Practice Solutions Skills e-COMMUNITY e-COMMUNITY Experience, Expertise, Solutions

15 Kent Gets its Own WARP

16 Thank You for listening patiently

17 Contact me on 020 7821 1330 ext 4508 peterb@niscc.gov.uk
QUESTIONS ? Contact me on ext 4508

Download ppt "National Infrastructure Security Co-ordination Centre"

Similar presentations

Employability and Employer Engagement

Employability and Employer Engagement
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Www.etr2awarp.net/stepchange Are you Resilient? Diane Howorth Business Development Manager European Telecommunications Resilience & Recovery Association.

Are you Resilient? Diane Howorth Business Development Manager European Telecommunications Resilience & Recovery Association.
Professor Dave Delpy Chief Executive of Engineering and Physical Sciences Research Council Research Councils UK Impact Champion Competition vs. Collaboration:

Professor Dave Delpy Chief Executive of Engineering and Physical Sciences Research Council Research Councils UK Impact Champion Competition vs. Collaboration:
Mental Health Development Project Where are we now ? Jane Taylor Community First.

Mental Health Development Project Where are we now ? Jane Taylor Community First.
Civil Contingencies Act: Business Continuity Advice to Commercial and Voluntary Organisations Tony Part Civil Contingencies Act Team Cabinet Office.

Civil Contingencies Act: Business Continuity Advice to Commercial and Voluntary Organisations Tony Part Civil Contingencies Act Team Cabinet Office.
Information: to share or not to share? BCS HC 2012 Conference London 2 nd May Dame Fiona Caldicott.

Information: to share or not to share? BCS HC 2012 Conference London 2 nd May Dame Fiona Caldicott.
Local Safeguarding Children Board

Local Safeguarding Children Board
Thailand National Focal Point for IFCS Chemical Safety Section Food and Drug Administration Ministry of Public Health July 2003.

Thailand National Focal Point for IFCS Chemical Safety Section Food and Drug Administration Ministry of Public Health July 2003.
KENT JOINT POLICY AND PLANNING BOARD (HOUSING) – WORKING WITH PARTNERS ACROSS KENT Tracey Kerly – Head of Customers, Homes and Properties at Ashford Borough.

KENT JOINT POLICY AND PLANNING BOARD (HOUSING) – WORKING WITH PARTNERS ACROSS KENT Tracey Kerly – Head of Customers, Homes and Properties at Ashford Borough.
Kenneth Watson Partnership for Critical Infrastructure Security Partnership for Critical Infrastructure Security.

Kenneth Watson Partnership for Critical Infrastructure Security Partnership for Critical Infrastructure Security.
The UK Space Agency: Our plan for space Dr Alice Bunn, Director of Policy November 2014.

The UK Space Agency: Our plan for space Dr Alice Bunn, Director of Policy November 2014.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Digital public services and innovation

Digital public services and innovation
National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.

National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.
-NEW EDUCATIONAL PATWAY FOR GLOBAL PUBLIC HEALTH SECURITY- (2) South Eastern Europe (SEE) PUBLIC HEALTH PREPAREDNESS SUPERCOURSE NETWORK Elisaveta Stikova,

-NEW EDUCATIONAL PATWAY FOR GLOBAL PUBLIC HEALTH SECURITY- (2) South Eastern Europe (SEE) PUBLIC HEALTH PREPAREDNESS SUPERCOURSE NETWORK Elisaveta Stikova,
11 th International Symposium Loss Prevention and Process Safety Promotion in the Process Industries 1 OECD Workshop on Sharing Experience in the Training.

11 th International Symposium Loss Prevention and Process Safety Promotion in the Process Industries 1 OECD Workshop on Sharing Experience in the Training.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Improving Communications & Engagement with Business: The national view Dan Jones Strategy & Communications, CCS Cabinet Office Business Advisory Group.

Improving Communications & Engagement with Business: The national view Dan Jones Strategy & Communications, CCS Cabinet Office Business Advisory Group.

Similar presentations

Ads by Google