nis breakfast briefing
play

NIS Breakfast Briefing Secure Your Supply Chain Thursday 6 th - PowerPoint PPT Presentation

May 09, 2023 •131 likes •572 views

NIS Breakfast Briefing Secure Your Supply Chain Thursday 6 th September 2018 Agenda Welcome David Duke, Gemserv An Introduction to NIS Ian Davis, Gemserv Case Study National Energy Generator and Distributor Andy Green, Aprose

  1. NIS Breakfast Briefing Secure Your Supply Chain Thursday 6 th September 2018

  2. Agenda  Welcome David Duke, Gemserv  An Introduction to NIS Ian Davis, Gemserv  Case Study – National Energy Generator and Distributor Andy Green, Aprose  Introducing NIS into ABP Ewan Duncan, Associated British Ports Gemserv 2

  3. Agenda  Welcome David Duke, Gemserv  An Introduction to NIS Ian Davis, Gemserv  Case Study – National Energy Generator and Distributor Andy Green, Aprose  Introducing NIS into ABP Ewan Duncan, Associated British Ports Gemserv 3

  4. NIS Regulation NIS Regulation Breakfast Meeting Ian Davis – Head of Information Security

  5. Agenda  Introduction to NIS  Essential Service Scoping  Extent and complexity of the supply chain  Question and answer session Gemserv 5

  6. Network Information Security Regulation Introduction Gemserv 6

  7. Attacks on the Increase 92% 13% 600% Increase in new Overall increase in Increase in IoT downloader reported Attacks* variants* vulnerabilities* 29% 13% 54% Increase in industrial Overall increase in Increase in mobile control system (ICS) reported malware variants* related vulnerabilities* vulnerabilities* Gemserv *Source: Symantec 2018 Internet Security Threat Report 7

  8. Attacks on the Increase Initial Intelligence Stolen Modify systems Future attack Compromise gather credentials OT Gemserv 8

  9. Attacks on the Increase State and state-sponsored threats  Motivation  Political, diplomatic, technological, commercial, strategic advantage  To cause disruption  Skill  Offensive & destructive cyber capabilities  Highly funded  Covert operations and attacks  Opportunity  24/7 internet connected  Inadequate defences  Social engineering Gemserv 9

  10. Network Information Security Regulation  Raise UK Cybersecurity levels  Protect Critical National Infrastructure Gemserv 10

  11. NIS Timeline OES CAF NIS INCIDENTS OFCOM THRESHOLDS 2018 2019 Apr May Jul Aug Sep Nov Jan May CRITICAL CAF CAF 72 HOURS INCIDENTS CAF SYSTEMS FINDINGS Gemserv 11

  12. Cyber Assessment Framework Indicators of Good Practice in the Indicators of Good Practice tables CAF are: in the CAF are not:  Intended to help inform expert  A checklist to be used in an judgement inflexible assessment process  Examples of what an assessor will  An exhaustive list covering normally need to consider everything an assessor needs to consider  May need to be supplemented in some cases  Guaranteed to apply verbatim to all organisations  Designed to be widely applicable across organisations  Applicability needs to be established Gemserv 12

  13. Cyber Assessment Framework  OES’ will benefit from a mature ISMS  Audit team to complete self- assessment  Expected to take months  Continual improvement Gemserv 13

  14. Essential Service Scope 14

  15. Operator of Essential Service Thresholds 250,000 200,000 10M+ Passengers Providers of TLD 2 billion Consumers Consumers healthcare DNS 2M+ DNS 250,000 IXP 50% Gemserv 15

  16. Scope of Essential Service Thresholds Suppliers Transport IT & OT Essential Other CNI, power, Dependencies on Service water, transport, DSP sector ICS Network Processes Physical People Gemserv 16

  17. Scope of Essential Service - Threats ? OT OT Essential Service Gemserv 17

  18. Scope of Essential Service - Risk Treatment Threat Essential Likelihood Service Vulnerability Impact Asset Gemserv 18

  19. Business Impact Analysis Strategy and priority Objective: essential service Criticality, function and operating within threshold processes level Essential Service Recovery time objective (RTO) Tolerable disruption without Recovery point objective dependencies (RPO) Risk assessment Gemserv 19

  20. Extent and Complexity of the Supply Chain

  21. Extent and Complexity of the Supply Chain Essential Service Gemserv 21

  22. Extent and Complexity of the Supply Chain People  Skills shortage  Supplier culture  Leavers and movers  Physical equipment Essential  Security awareness training Service  Phishing and ransomware serious threat  Background checks  24/7 day and night shift Gemserv 22

  23. Extent and Complexity of the Supply Chain Technology, IT and OT  Network segmentation or air gap  Introduction of IoT  OT expertise with limited people  Incident response / forensics Essential capabilities for OT & IT Service  System and components  Secure engineering principles  Vulnerabilities Gemserv 23

  24. Extent and Complexity of the Supply Chain Cloud Services  Information in transit  Stored information  Physical access  Governance Essential  Background checks, user management Service  Active monitoring and audit records  Remote access, authentication  Privileged access  External interfaces Gemserv 24

  25. Extent and Complexity of the Supply Chain Supplier Security Baseline  Certification  ISO 27001  ISO 22301  Cyber Essentials Plus Essential  Procurement process Service  Security Awareness Training  BS7858 Background checks  Transparency  Contractual agreement  Notification  Incident response Gemserv 25

  26. In summary  The clock is ticking  Clear scope is essential  How exposed are you to risks from suppliers? Gemserv 26

  27. Agenda  Welcome David Duke, Gemserv  An Introduction to NIS Ian Davis, Gemserv  Case Study – National Energy Generator and Distributor Andy Green, Aprose  Introducing NIS into ABP Ewan Duncan, Associated British Ports Gemserv 27

  28. Case Study – National Energy Generator and Distributor Andy Green - Lead Security Consultant

  29. Overview  National Energy Company  Power Generation  Distribution Network Operator  Onward connectivity to other EU Power networks  Operator of Essential Service (OES) with c450k consumers  Need to comply with NIS Directive 29

  30. Organisational Scope  Large fibre network covering entire island  Distribution sub-stations  Interconnector to mainland EU  Head-office and remote offices  Power Stations  Large IT Network  OT Infrastructure including SCADA and ICS 30

  31. Cyber Security Risk Assessment  Risk Assessment followed the ISO27005 framework  Technical Risk Treatment was based the Critical Security Controls Top 20  The CSC20 has ICS alignment guidelines  Further aligned with NIST Cyber Security Framework for cyber resilience 31

  32. EU Funding  In partnership with the Home Office the risk assessment will be used as evidence for CEF funding  Connecting Europe Facility (CEF) is an EU funding programme  Objective 2: Capability development of Operators of Essential Services (OES) and Digital Service Providers (DSP) in line with the Security of Network and Information Systems Directive 32

  33. Agenda  Welcome David Duke, Gemserv  An Introduction to NIS Ian Davis, Gemserv  Case Study – National Energy Generator and Distributor Andy Green, Aprose  Introducing NIS into ABP Ewan Duncan, Associated British Ports Gemserv 33

  34. “Networked and Information Systems Regulations Introducing NIS R into ABP Ewan Duncan Group Head of Security Associated British Ports

  35. NIS R and cyber security. • ABP Context: • UK’s largest Port Operator • Humber to Silloth • Europe’s largest Cruise Liner operations (Southampton) • Reliance upon a variety of networked and information systems • Regulated by the DfT • Physical Security – PFSIs, vetting, annual audit and inspections (ISPS) • Data Protection • www.abports.co.uk 25/09/2018 35

  36. NIS R and cyber security. • We should be doing this anyway, but it’s forced upon us…. • No different to physical security – threat, risk, vulnerabilities. • NIS Regulation. • Alongside GDPR. • Impact upon Risk Management. • It came late…. • DCMS, Guidance, Direction – now ‘live’. • Cyber Security Code of Practice – not mandatory. • How important is it ? • Difficult to secure ‘buy in’. 25/09/2018 36

  37. NIS R and cyber security. • We should be doing this anyway, but its forced upon us…. • No different to physical security – threat, risk, vulnerabilities. • NIS Regulation. • Alongside GDPR. • Impact upon Risk Management. • It came late…. • DCMS, Guidance, Direction – now ‘live’. • Cyber Security Code of Practice – not mandatory. • How important is it ? • Difficult to secure ‘buy in’ – in a commercial environment.. 25/09/2018 37

  38. NIS R and cyber security. Security of Networked and Information Systems • Does this include: • Cyber Security ? • Physical Security ? • Data Protection ? • Risk Management ? • Physical processes ? 25/09/2018 38

  39. NIS R and cyber security. Security of Networked and Information Systems • Does this include: • Cyber Security ? • Physical Security ? • Data Protection ? • Risk Management ? • Physical processes ? …it does within ABP. 25/09/2018 39

Recommend

WELCOME! University of Birmingham Business Club Breakfast Briefing International Business

WELCOME! University of Birmingham Business Club Breakfast Briefing International Business

WELCOME! University of Birmingham Business Club Breakfast Briefing International Business Challenges Tuesday 6 th October 2015 Benefits of being a member Access to Bizz Inn space Regular Breakfast Briefings Opportunity to

552 views • 39 slides
Working Families Breakfast Briefing: Pregnancy, maternity and returning to work after a break

Working Families Breakfast Briefing: Pregnancy, maternity and returning to work after a break

Working Families Breakfast Briefing: Pregnancy, maternity and returning to work after a break how to avoid the pitfalls and benefit from best practice Kindly Hosted By @WorkingFamUK Working Families Breakfast Briefing Pregnancy, maternity

695 views • 36 slides
WELCOME! University of Birmingham Business Club Breakfast Briefing Access to finance Sponsored

WELCOME! University of Birmingham Business Club Breakfast Briefing Access to finance Sponsored

WELCOME! University of Birmingham Business Club Breakfast Briefing Access to finance Sponsored by ART Business Loans Wednesday 20 th April 2016 Benefits of being a member Access to BizzInn space Regular Breakfast Briefings

905 views • 66 slides
prefunding New Zealand Superannuation Tim Hazledine/RPRC Breakfast Briefing University of

prefunding New Zealand Superannuation Tim Hazledine/RPRC Breakfast Briefing University of

The economics of prefunding New Zealand Superannuation Tim Hazledine/RPRC Breakfast Briefing University of Auckland Business School 28 April, 2009 Context Projected demographic blow out Doubling of over 64s, 2006 2036 .....

596 views • 26 slides
Members Day Breakfast Briefing: New members Saturday 29 March: 8:00 am Park & Ascot

Members Day Breakfast Briefing: New members Saturday 29 March: 8:00 am Park & Ascot

Members Day Breakfast Briefing: New members Saturday 29 March: 8:00 am Park & Ascot Suite @IAPOtweets #GPC2014 www.facebook.com/internationalallianceofpatientsorganizations Speakers Jo Groves, IAPO : Introduction to Congress theme

505 views • 28 slides
Breakfast Success The Importance of Eating Breakfast Breakfast Breakfast is the first meal of

Breakfast Success The Importance of Eating Breakfast Breakfast Breakfast is the first meal of

Breakfast Success The Importance of Eating Breakfast Breakfast Breakfast is the first meal of the day It is the first chance to break the fast and get nutrients in your body which provide the energy you need for the day Why is

319 views • 16 slides
Welcome to the Schneider Downs Not-for-Profit Breakfast Briefing FAQ on Tax Reform and the

Welcome to the Schneider Downs Not-for-Profit Breakfast Briefing FAQ on Tax Reform and the

Welcome to the Schneider Downs Not-for-Profit Breakfast Briefing FAQ on Tax Reform and the Not-for-Profit Sector Sc Schneider Down wns of offer ers s more ore tha than 80 uni nique ser services from om five disti stinct busine

761 views • 50 slides
Thank You to Our Sponsors! BREAKFAST & BIOMASS: A Briefing on the Pellet Market Stephen

Thank You to Our Sponsors! BREAKFAST & BIOMASS: A Briefing on the Pellet Market Stephen

Thank You to Our Sponsors! BREAKFAST & BIOMASS: A Briefing on the Pellet Market Stephen Faehner Chairman, PFI Board of Directors Friday, March 18, 2016 NEW ORLEANS, LA PELLET FUELS INSTITUTE: 2015 Annual Report & 2016 Outlook PFI

380 views • 27 slides
NPD Closure Project: Calculating the Total Waste Inventory NS DF/ NPD Breakfast Briefing 2019

NPD Closure Project: Calculating the Total Waste Inventory NS DF/ NPD Breakfast Briefing 2019

NPD Closure Project: Calculating the Total Waste Inventory NS DF/ NPD Breakfast Briefing 2019 December 04 | Andy McVeigh | NPD Health Physicist UNRESTRICTED / ILLIMIT -1- Agenda General Approach Establishing bounding source term

532 views • 31 slides
Establishing and Managing the NSDF Inventory NS DF/ NPD Breakfast Briefing 2019 December 04 |

Establishing and Managing the NSDF Inventory NS DF/ NPD Breakfast Briefing 2019 December 04 |

Establishing and Managing the NSDF Inventory NS DF/ NPD Breakfast Briefing 2019 December 04 | Jrme Besner | CNL Waste Programs Officer UNRESTRICTED / ILLIMIT -1- Outline Radioactive Waste Policy Framework Integrated Waste

664 views • 18 slides
CAMHS Transformation Programme: CYP IAPT Peter Fonagy Schools in Mind Breakfast Briefing

CAMHS Transformation Programme: CYP IAPT Peter Fonagy Schools in Mind Breakfast Briefing

CAMHS Transformation Programme: CYP IAPT Peter Fonagy Schools in Mind Breakfast Briefing April 2015 With input from Kathryn Pugh, Anne OHerlihy & Robin Barker 1 Could the profile of children and young peoples mental health get

365 views • 15 slides
Understanding the Risks in Alternative Risk Premia IAPF Breakfast Briefing January 2019

Understanding the Risks in Alternative Risk Premia IAPF Breakfast Briefing January 2019

Understanding the Risks in Alternative Risk Premia IAPF Breakfast Briefing January 2019 Amsterdam | Chicago | London | Montral | Munich | Paris | Sydney | Toronto bfinance.com This report is solely for the use of client personnel. No part of

274 views • 23 slides
Managing Performance Issues in the Workplace Employment Breakfast Briefing 23 May 2012 Adrian

Managing Performance Issues in the Workplace Employment Breakfast Briefing 23 May 2012 Adrian

Managing Performance Issues in the Workplace Employment Breakfast Briefing 23 May 2012 Adrian Crawford, Partner Amy Griffiths, Solicitor kingsleynapley.co.uk Aim Outline the legal framework which applies when dealing with performance

684 views • 49 slides
IRLA BREAKFAST BRIEFING - THE SPIKING DEBATE PLEASE TAKE YOUR SEATS 24 January 2020

IRLA BREAKFAST BRIEFING - THE SPIKING DEBATE PLEASE TAKE YOUR SEATS 24 January 2020

IRLA BREAKFAST BRIEFING - THE SPIKING DEBATE PLEASE TAKE YOUR SEATS 24 January 2020 RESTRUCTURING WELCOME & AGENDA Paul Corver IRLA Director Agenda Health & Safety Session objectives Introduction to our speakers

726 views • 23 slides
Breakfast briefing: Commercial space - optimising use, maximising value Simon Wilkes , Head of

Breakfast briefing: Commercial space - optimising use, maximising value Simon Wilkes , Head of

Breakfast briefing: Commercial space - optimising use, maximising value Simon Wilkes , Head of Business Space Development, Legal & General Investment Management, Real Assets Rory Paton , Partner - Central London Agency, Knight Frank Simon

629 views • 17 slides
Capital flows & top picks in Europe in 2018 Property EU breakfast briefing Mat Oakley 5 th

Capital flows & top picks in Europe in 2018 Property EU breakfast briefing Mat Oakley 5 th

Capital flows & top picks in Europe in 2018 Property EU breakfast briefing Mat Oakley 5 th March 2018 The economic story is looking pretty solid Average annual GDP growth 2018-2022 4,0 3,5 3,0 2,5 %pa 2,0 1,5 1,0 0,5 0,0 Sources:

498 views • 14 slides
Assemblymember Adrin Nazarians 6 th Annual Water Issues Briefing and Breakfast 46 th Assembly

Assemblymember Adrin Nazarians 6 th Annual Water Issues Briefing and Breakfast 46 th Assembly

Assemblymember Adrin Nazarians 6 th Annual Water Issues Briefing and Breakfast 46 th Assembly District August 17, 2018 California Water Plan, Volume 1, Chapter 3, Page 3--35 Bay-Delta Plan Amendments for Flow Objectives on the Lower San

165 views • 12 slides
Budget 2019 Breakfast Briefing Newsletter www.cahilltaxation.ie @cahilltaxation CTS | Cahill

Budget 2019 Breakfast Briefing Newsletter www.cahilltaxation.ie @cahilltaxation CTS | Cahill

Budget 2019 Breakfast Briefing Newsletter www.cahilltaxation.ie @cahilltaxation CTS | Cahill Taxation Services Agenda Introduction Personal Taxes Agricultural Measures Indirect Taxes Capital Taxes Business Taxes

628 views • 61 slides
Breakfast Budget Briefing with Councilmember Chris Cate and Residents of District 6 May 20, 2015

Breakfast Budget Briefing with Councilmember Chris Cate and Residents of District 6 May 20, 2015

Breakfast Budget Briefing with Councilmember Chris Cate and Residents of District 6 May 20, 2015 Part I: Overview of Mayors FY 2016 Proposed Budget 3 Citywide Proposed Budget - $3.21 Billion (in millions) 4 General Fund Expenditures -

879 views • 41 slides
Women in Technology Breakfast Briefing 15 June 2011 Negotiating IT Contracts Legal Issues

Women in Technology Breakfast Briefing 15 June 2011 Negotiating IT Contracts Legal Issues

Women in Technology Breakfast Briefing 15 June 2011 Negotiating IT Contracts Legal Issues Simon Halberstam Partner (Technology Law) Contractual Stages Pre-Contract > Misrepresentations Contract > Liability > Intellectual

439 views • 21 slides
Insights on Change: Implications for Irish Health Service Breakfast briefing Dublin, Ireland

Insights on Change: Implications for Irish Health Service Breakfast briefing Dublin, Ireland

Insights on Change: Implications for Irish Health Service Breakfast briefing Dublin, Ireland May 23, 2018 Dave Ulrich dou@umich.edu ww.rbl.net 2 Overall Goals How change insights will advance Irish HS agenda Ideas: Impact: with About

803 views • 27 slides
FIA Europe: Breakfast Briefing Transaction reporting under MiFID II / MiFIR Jonathan Herbst and

FIA Europe: Breakfast Briefing Transaction reporting under MiFID II / MiFIR Jonathan Herbst and

FIA Europe: Breakfast Briefing Transaction reporting under MiFID II / MiFIR Jonathan Herbst and Hannah Meakin, Partners Norton Rose Fulbright LLP 8 December 2015 Transaction reporting for investment firms Which trades? Investment firms that

518 views • 13 slides
The Future of Voice TOTAL TELECOM Breakfast Briefing June 2013 Rumours of my death have

The Future of Voice TOTAL TELECOM Breakfast Briefing June 2013 Rumours of my death have

HOT TELECOM The Future of Voice TOTAL TELECOM Breakfast Briefing June 2013 Rumours of my death have been greatly exaggerated Mr. Voice Net traffic add Traffic growth (billion minutes) 16% 10 1996 2001 12% 17 2012 5% 24 2018F

823 views • 23 slides
Mr Martin Ward, Chief Executive Officer A.P. Eagers Limited ABN AMRO Morgans Breakfast Briefing

Mr Martin Ward, Chief Executive Officer A.P. Eagers Limited ABN AMRO Morgans Breakfast Briefing

17 May 2006 Mr Martin Ward, Chief Executive Officer A.P. Eagers Limited ABN AMRO Morgans Breakfast Briefing Brisbane Polo Club, Wednesday 17 May 2006 Good morning ladies and gentlemen. This morning I will say a few words about the automotive

219 views • 5 slides

More recommend