How the Board Should Take Care of Cyber Security. ICS Conference 2012, October 31 Denmark

Size: px

Start display at page:

Download "How the Board Should Take Care of Cyber Security. ICS Conference 2012, October 31 Denmark"

Damian Carr
5 years ago
Views:

1 How the Board Should Take Care of Cyber Security ICS Conference 2012, October 31 Denmark

Cyber Security is not just a technological issue Situation Our digital society provides lots of new business opportunities, but also becomes more and more vulnerable to disruption or misuse of

3 Cyber Security is not just a technological issue Situation Our digital society provides lots of new business opportunities, but also becomes more and more vulnerable to disruption or misuse of ICT-infrastructures (lots of recent incidents with significant effect on businesses and society) This leads to serious concerns on business process continuity, privacy of consumers, identity theft or the protection of intellectual property We live in a hyperconnectedworld, with a shared responsibility to keep the digital world secure enough. Learning by doing(suffer incident and (hope to) do things better the next time) is dominant Complications Cyber resilience is not part of strategic (both risk and reputation) management Legal (intellectual property, liability), Communications (awareness, reputation, crisis communications), Strategy (cyber resilience as part of digital transformation), Finance(risk management) and Operations, often not involved Technologyis out there, but often human failures or bad implementation cause incidents Messages Leadership is required, Awareness, Education and Training is key! And leading by doing will be the next step

4 But first some history programme NICC (National Infrastructure against Cybercrime, Cybercrime Information Exchange - ISACs) NICC evolved into CPNI.NL (integrated approach) 2010 Cyber Security Strategy 2011 National Cyber Security Board 2012 National Cyber Security Centre (NCSC) 2013 Cybercrime Information Exchange (ISACs) will be part of the NCSC

5 And: how we work and share Public Private Partnership Creating situational awareness Addressing cross-sectoraltopics like security of Industrial Control Systems (ICS) International collaboration Learning by Doing approach

6 Information Sharing: Trust Value First the social network (meeting face-to-face) then a technical infrastructure to support this!

7 Information Sharing on a European and International level: EuroSCSIE ERNCIP Thematic Group on ICS and Smart Grids International: Meridian (Berlin host of Meridian 2012, November ) MPCSIE EU-US Working Group on Cyber Crime and Cyber Security; PPP, ICS and Smart Grids ICSJWG International Partners Day The Grand Conference Building a resilient Digital Society

8 But this alone is not enough Taking care of cyber resilience is a lot like taking responsibility for sustainability License to operate Leadership has to pick their role! Start development of a Workforce(level 0-4) Education & Training current personnel Cyber resilience as part of curricula of our employees of the future on all levels (universities, higher education, vocational education -VET)

9 Several studies and initiatives show that awareness of the Boardroom is key WEF Risk and Responsibility in a Hyperconnected World EU-US Working Group on Cyber Security and Cyber Crime, Expert Subgroup onppp and Cyber Security of ICS and Smart Grids Essential Regulatory Req. and Rec. for Data Handling, Data Safety, and Consumer Protection Part of Mandate 490 EC European Commission -Expert Group on the security and resilience of communication networks and information systems for Smart Grids ENISA ICS Security Study and Smart Grid Security Study (by S21sec) CPNI.NL- Dutch National Roadmap to Secure Process Control Systems ERNCIP Thematic Group on ICS and Smart Grids

10 Focus on Education & Training Enhancing awareness Providing insight and perspectives into real case scenarios Developing, experimenting and experiencing new (cyber secure) concepts Priority set by the community: C-level awareness / training modules: Management pitch (15 30 minutes) Table Top Exercise including management dilemmas (1 day ) Web-based training (especially level 0 en 1) Hands-on training (e.g. Red-Blue Team training) Awareness raising

11 Workforce Development

12 C-level awareness, education and training

13 October 16 th in Amsterdam

14 Welcome to The Grand Conference We all need to take responsibility on this issue. So we need to act strategically, to give it attention at the most senior level, and we need to work together. Neelie Kroes, Vice-President of the European Commission

15 WEF - Risk and Responsibility in a Hyperconnected World

18 Annemarie Zielstra Director CPNI.NL Chair EuroSCSIE Coordinator ERNCIP TG on ICS and Smart Grids M E annemarie.zielstra@cpni.nl I In cooperation with

Work Package 2.4. (Public) Procurement Expert Group on the security and resilience of communication networks and information systems for Smart Grids

Work Package 2.4. (Public) Procurement Expert Group on the security and resilience of communication networks and information systems for Smart Grids 15 March 2012 Work Package 2.4 (Public) Procurement Expert Group on the security and resilience of communication networks and information systems for Smart Grids Version 1.0 ƒ Ž ˆ 1. Introduction 3 1.1.