Cyber Security and Protecting Critical Information Infrastructures

Transcription

1 Cyber Security and Protecting Critical Information Infrastructures CIIP Peter Burnett Meridian Coordinator CiviPol Consultant Quarter House Ltd UK

2 Cyber Security Language In the Beginning. Languages and the English Comsec, Computer Security - COMPUSEC, Information Security - INFOSEC, Information Assurance, Cyber Security Key Points, Critical Infrastructure, CIP Critical Information Infrastructure Protection Cyber Security What next? Uber Security?

3 What s the problem with Cyber Security? Covers just about everything Economic wellbeing Cyber Crime Cyber Terrorism? State Cyber Attacks Freedom of Speech/Censorship Cyber Espionage Anything that happens in Cyber Space.

4 Is CIIP still relevant? Has Cyber Security replaced CIIP? Narrower focus can sometimes be more helpful Even within CIIP there are many elements Policy Exercises Critical Information Infrastructures within Critical Sectors SCADA/ICS PPP/Information Sharing Capacity Building Situational awareness Risk Management Contingency Planning

5 Key feature of CIIP (and CyberSpace) Everything depends on our CIIs Telecomms. Energy production & distribution, Transportation (food, goods), Finance All CIIs are interconnected All CIIs are interdependent All CIIs are vulnerable All CII owners can benefit from sharing knowledge All economies are becoming increasingly dependent on their CIIs..and on the security of everyone else s CIIs not to mention the Internet, the Cloud There is a crucial need for international cooperation

6 Key feature of CIIP (and CyberSpace) Everything depends on our CIIs There is a crucial need for international cooperation That s why conferences and events like this are so important in Cyber Security and CIIP For 10 years there has been an annual conference dedicated to CIIP for governments only. It is called Meridian and not many people know about it. It has no commercial sponsors, no funding except from the host and a few generous past host governments It represents a global community who meet in a different country every year to discuss CIIP problems and solutions good practices But most importantly to establish trusted contacts with CIIP officials from other countries any country open to all.

7 Meridian CIIP

8 Meridian Community Government Officials Only Focus on CIIP Policy Moves to a different region each year Some relevant International Organisations invited (e.g. OAS, ENISA) Some CIIP industry keynote speakers but they do not attend conference Community access to Website, CIIP Directory

9 Meridian Community Dedicated to building trusted contacts Limited number of delegates No charge for conference - Host funds entire event Ice breaker; Workshops; Coffee breaks Informal social events 2-3 days; Concentrated in one venue and hotel Connecting is Protecting

10 Meridian Conference London, Budapest, Stockholm, Singapore, Washington, Taipei, Doha, Berlin, Buenos Aires, Tokyo Meridian 2015 will be in Spain in October Future conferences Latin America, South- East Asia, Scandinavia.? Your country is invited! Contact : meridianciip.net

11 Meridian Conference Meridian 2015 theme is Capacity Building Meridian itself is a Capacity Building initiative Hosting & Organising it, raises governmental awareness amongst departments & agencies. Explores linkages to other countries and creates many new ones Delegates need to coordinate attendance CIIP Directory forces cooperation Shares experience, challenges, good practice Working level parallel to GCCS

12 EU Capacity Building Study Identify Sustainable CIIP-related initiatives likely to be of benefit to countries/regions outside EU Identify suitable countries/regions Identify EU member state Government agencies & international organisations capable of delivery Specify the contract to deliver the measures DG Development & Cooperation, European External Action Service, CiviPol (Fr agency)

13

14 MERIDIAN CiviPol qhcs.co.uk