ofcom s role in cyber security
play

Ofcoms role in cyber security UKNOF Edinburgh Huw Saunders - PowerPoint PPT Presentation

Oct 02, 2023 •142 likes •216 views

Ofcoms role in cyber security UKNOF Edinburgh Huw Saunders Director, Network Infrastructure PROMOTING CHOICE SECURING STANDARDS PREVENTING HARM Ofcom and cyber security Area of growing importance across all sectors, with

  1. Ofcom’s role in cyber security UKNOF Edinburgh Huw Saunders Director, Network Infrastructure PROMOTING CHOICE • SECURING STANDARDS • PREVENTING HARM

  2. Ofcom and cyber security Area of growing importance across all sectors, with new legislaton to match • Involvement in broader security obligatons since 2011 • Long considered cyber to be in scope but this area is now getng more atenton: – Increasing threat – Government cyber strategy – More pro-actve approach – TBEST etc – New legislaton - NIS PROMOTING CHOICE • SECURING STANDARDS • PREVENTING HARM 2

  3. Comms Act - Secton 05A-D Security obligatons for communicaton network and service providers • Security measures “…providers must take… measures appropriately to manage risks to security…” • Report incidents “…provider must notiy Oicom oi a breach oi security which has a signifcant impact on the operaton oi…” • Ofcom’s role – Issuing & updatng guidance – Following up & investgatng reported incidents & any other concerns as needed – Publishing a summary of incidents PROMOTING CHOICE • SECURING STANDARDS • PREVENTING HARM 3

  4. PROMOTING CHOICE • SECURING STANDARDS • PREVENTING HARM 4

  5. Network and Informaton Systems Regulatons 20 8 New Regulatons that introduce security dutes on infrastructure sectors • Made law in June 2018 Sectors in scope of NIS Regulatons: • Transposes the EU NIS Directve into UK law • Electricity • Oil • A strong cyber focus, but obligatons cover • Gas security more widely • Air Transport • “aims to raise levels oi the overall security • Water Transport and resilience oi network and iniormaton • Rail Transport systems across the EU” • Road Transport • Healthcare • Establishes need for: • Drinking Water Supply & Distributon – Natonal cyber strategy • Digital Infrastructure – Natonal CSIRT – NIS SPOC & Technical Authority • Online Marketplace Digital • Online Search Engine Service – Security and reportng obligatons • Cloud Computng Service Providers PROMOTING CHOICE • SECURING STANDARDS • PREVENTING HARM 5

  6. Ofcom ask of UKNOF Atendees The NIS legislaton mandates that if you are in scope of the Directve that you nominate your company to Ofcom • View Ofcom's guidance on the NIS Directve - htps://wwwoofcomoorgouk/phones-telecoms-and-internet/informaton-for-industry/guidance-network-informaton-systems-regulatons • Review the NIS Directve legislaton - htp://wwwolegislatonogovouk/uksi/2018/506/pdfs/uksi_320180506_3enopdf • If you exceed the thresholds and are in scope then inform Ofcom at nis@ofcomoorgouk • Contact mikeolee@Ofcomoorgouk of you have any questons PROMOTING CHOICE • SECURING STANDARDS • PREVENTING HARM 6

  7. NIS Thresholds for DNS, TLD and Internet Exchanges Top level domain (TLD) Name Registries TLD Registries who service an average of 2 billion or more queries in 24 hours for domains registered within the Internet Corporaton for Assigned Names and Numbers (ICANN)o [Note the threshold specifed is an annual average and shall be based on the best available historic data from the preceding 12 months; and the threshold specifed excludes growth of trafc load due to malicious actvity such as DDoS atacks] Domain Name System (DNS) Service Providers DNS Service Providers who provide DNS resolvers ofered for use by publicly accessible services, which service an average of 2,000,000 or more requestng DNS clients based in the UK in 24 hours; or DNS Service Providers who provide authoritatve hostng of domain names, ofered for use by publicly accessible services servicing 250,000 or more diferent actve domain nameso [Noteo the thresholds specifed are on annual average and shall be based on the best available historic data from the preceding 12 months) Internet Exchange Point (IXP) Operators IXP Operators who have 50% or more annual market share amongst UK IXP Operators in terms of interconnected autonomous systems, or who ofer interconnectvity to 50% or more of Global Internet routeso Noteo Global Internet routes means the total number of actve entries within the Global Internet Routng Table averaged per calendar yearo PROMOTING CHOICE • SECURING STANDARDS • PREVENTING HARM 7

Recommend

Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System

Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System

Worldwide Security and Resiliency of Cyber Infrastructures: the Role of the Domain Name System Dr. Igor Nai Fovino Head of the Research Department Global Cyber Security Center The Global Cyber Security Center, is an International not-for-profit

615 views • 33 slides
KNOW YOUR ROLE DO YOUR JOB: A mapping of skills and building a Cyber Security Career EILEEN. A.

KNOW YOUR ROLE DO YOUR JOB: A mapping of skills and building a Cyber Security Career EILEEN. A.

KNOW YOUR ROLE DO YOUR JOB: A mapping of skills and building a Cyber Security Career EILEEN. A. Cyber Defense and Forensics Analyst The Dilemma Caught in a web, ever growing cyber attacks, changes in technology. Strategies seem to last an

452 views • 28 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman

Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman

Institute for Cyber Security A Framework for Risk-Aware Role Based Access Control Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio October 16, 2013 SafeConfig 2013: IEEE 6th

227 views • 18 slides
SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security

SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security

SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security Training FISSEA Conference March 19, 2014 Pat Toth Penny Klein Computer Security Division Systegra Information Technology Laboratory NATIONAL

750 views • 40 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
The Role of Testbeds in Cyber Security Research CSET Washington, DC August 9, 2010 Douglas

The Role of Testbeds in Cyber Security Research CSET Washington, DC August 9, 2010 Douglas

Dept. of Homeland Security Science & Technology Directorate The Role of Testbeds in Cyber Security Research CSET Washington, DC August 9, 2010 Douglas Maughan, Ph.D. Branch Chief / Program Mgr. douglas.maughan@dhs.gov 202-254-6145 /

369 views • 34 slides
Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

876 views • 64 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page

481 views • 35 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence Service 05-10-2015 05-10-2015 Who are we? Centre for Cyber Security In respect of the Rule of Law and Privacy Cyber is a priority (Gov.

455 views • 18 slides
Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 Agenda for today Part I Latest security news Security vulnerabilities in Java

2.02k views • 185 slides
Graph Based Role Mining Techniques for Cyber Security KIRI OLER, SUTANAY CHOUDHURY Pacific

Graph Based Role Mining Techniques for Cyber Security KIRI OLER, SUTANAY CHOUDHURY Pacific

Graph Based Role Mining Techniques for Cyber Security KIRI OLER, SUTANAY CHOUDHURY Pacific Northwest National Laboratory Flocon 2015, Portland, OR, USA January 15, 2015 1 Motivation Analyzing a machines past behavior in the face of an

625 views • 23 slides
Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line DeepSec 2014, Vienna, 21 November 2014 NATO UNCLASSIFIED Cyber Security In NATO NATO in a nutshell: Collective defence Interoperable

666 views • 42 slides
Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector What I am Company utilities in the UK going to Water UK good practice cover NIS Directive Dr Jim Marshall, Senior Policy Advisor,

231 views • 4 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
CI P Cyber Security Update CI P Cyber Security Update John Lim John Lim Consolidated Edison Co.

CI P Cyber Security Update CI P Cyber Security Update John Lim John Lim Consolidated Edison Co.

CI P Cyber Security Update CI P Cyber Security Update John Lim John Lim Consolidated Edison Co. of New York, Inc. December 1, 2010 1 Disclaim er Materials presented or discussed here are the presenters own and do not necessarily

451 views • 15 slides

More recommend