how to manage risks in those rare cases where existing mitigation mechanisms are insufficient or impractical.
|
|
- Howard Smith
- 5 years ago
- Views:
Transcription
1
2 Contents Introduction... 2 Purpose of this paper... 2 Critical Infrastructure Security and Resilience... 3 The National Security Environment... 5 A Proactive and Collaborative Approach... 7 Critical Infrastructure Centre... 7 Critical Infrastructure Asset Register... 9 When risks can t be mitigated through existing frameworks
3 Introduction On the 23 rd of January 2017, the Australian Government launched the Critical Infrastructure Centre (the Centre) in response to the complex and evolving national security risks to critical infrastructure. The Centre will work across all levels of government and with critical infrastructure owners and operators to identify and manage national security risks to our most critical assets in the face of espionage, sabotage and coercion risks we are exposed to now more than ever. It forms part of the Government s broader strategy to build the resilience of our critical infrastructure in the face of all hazards. The Centre will seek to leverage existing state, territory and industry mechanisms where possible. Purpose of this paper This discussion paper provides an overview of the Australian Government s approach to critical infrastructure resilience, and identifies the more complex and evolving national security risks that need to be addressed. The paper seeks your views on how the Australian Government can work together with state and territory governments, industry and investors to best manage these risks, including seeking views on: how the Centre can best work with owners, operators and regulators of critical infrastructure and leverage their existing mitigation mechanisms; how a Critical Infrastructure Asset Register could be used to capture and track ownership and company information to better understand who owns and controls our most critical assets; and how to manage risks in those rare cases where existing mitigation mechanisms are insufficient or impractical. Submissions in response to this discussion paper are welcomed by no later than 11:59 PM AEDT 21 March 2017 to cicentre@ag.gov.au. Submissions may be made public, unless otherwise requested. Submissions will inform the ongoing operation of the Centre, and the development of other measures to support its key functions. 2
4 Critical Infrastructure Security and Resilience Critical infrastructure underpins the functioning of Australia s society and economy and is integral to the prosperity of the nation. It enables the provision of essential services such as food, water, medical care, energy, communications, transportation and banking. Secure and resilient infrastructure supports productivity and helps to drive the business activity that underpins economic growth. The availability of reliable critical infrastructure promotes market confidence and economic stability, and increases the attractiveness of Australia as a place to invest. The Australian, state and territory governments share the following definition of critical infrastructure: those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact the social or economic wellbeing of the nation or affect Australia s ability to conduct national defence and ensure national security. Foreign involvement in Australia s critical infrastructure is essential to support Australia s economic and social prosperity. Foreign investment in critical infrastructure assets ensures Australia can deliver, maintain and upgrade critical infrastructure services. Owners and operators of critical infrastructure rely on global capability and technology to manage assets effectively, for the ultimate benefit of Australian consumers. Most critical infrastructure in Australia is either privately owned and operated, or run on a commercial basis by government. The responsibility for ensuring the continuity of operations and the provision of essential services to the 3
5 Australian economy and community is shared between owners and operators of critical infrastructure, state and territory governments and the Australian Government. The Australian Government s Critical Infrastructure Resilience Strategy (the Strategy) recognises that: critical infrastructure is essential to Australia s economic and social prosperity; resilient critical infrastructure plays an essential role in supporting broader community resilience; businesses and governments have a shared responsibility for the resilience of our critical infrastructure, requiring strong partnerships; and all states and territories have their own critical infrastructure programs that best fit the operating environments and arrangements in each jurisdiction. The Strategy has four key outcomes: a strong and effective business-government partnership; enhanced risk management of the operating environment; effective understanding and management of strategic issues; and a mature understanding and application of organisational resilience. While owners and operators understand and manage many of the risks to the continuity of their operations as a core part of their businesses, the Australian Government is seeking to ensure they have a more detailed understanding of the national security risks of sabotage, espionage and coercion. The Government wants to ensure that effective arrangements are established to develop and implement mitigation strategies which leverage existing mitigation mechanisms. 4
6 The National Security Environment The national security risks to critical infrastructure are complex and have continued to evolve over recent years. In addition, critical infrastructure assets are subject to rapid technological change with increased cyber connectivity, and increasingly engaged in global supply chains with services being outsourced and offshored. The Australian Government remains committed to ensuring the national security of critical infrastructure, including from the threat of sabotage, espionage or coercion. Espionage: Certain critical infrastructure sectors may present opportunities for the collection of information which is not publicly available. Foreign intelligence services will target commercial as well as government-related organisations for this data. For example, a telecommunications operator or contractor could monitor customers voice or data traffic to gather information on behalf of a foreign intelligence service. Sabotage: A hostile foreign actor could use access gained through investment or commercial involvement to conduct a deliberate disruption to supply for strategic or economic gain. For example, the deliberate interruption or destruction of operations at a port could result in economic and reputational damage for the Government. Coercion: In extreme cases, a foreign actor could use access to critical infrastructure to apply coercive power against the Australian Government to influence decision-making or policy. While the more extreme examples of risks are unlikely outside a significant shift in regional or global strategic relationships or imminent armed conflict, we need to account for the full range of national security risks in a way that provides flexibility to address changes in the geopolitical landscape as it evolves over time. Recent analysis indicates those risks are highest in our telecommunications, electricity, and water sectors and the ports sub-sector. 5
7 Telecommunications Australian telecommunications systems and networks are part of our national critical infrastructure and form the backbone for many other critical infrastructure sectors and services. These networks and systems could be attractive to those who wish to harm Australian interests. On 9 November 2016, the Government introduced comprehensive Telecommunications Sector Security Reforms into Parliament, to manage these risks. The Centre will support these reforms. Electricity Electricity is fundamental to every facet of Australian society, underpinning just about everything we do in the digital age. A prolonged disruption to Australia s electricity networks would have a significant impact on communities, businesses and national security capabilities. Some electricity providers also hold large data sets about customers and their electricity usage, which needs to be appropriately protected. Overseas experience has demonstrated that these networks can be the target of malicious actions. Water A clean and reliable supply of water is essential to all Australians, and many of our other critical infrastructure sectors and businesses. A disruption to Australia s water supply or water treatment facilities could have major consequences for the health of citizens and impact the diverse range of businesses that rely on water from the cooling towers used at power stations, to food processing. Water providers also hold large data sets about customers and their water usage, which need to be appropriately protected. Ports Australia relies heavily on its commercial ports to trade goods with the world, with one third of GDP facilitated through seaborne trade. Ports support Australia s prosperity, our supply of liquid fuels and the supply chains for other critical infrastructure. Disruption to our most critical ports could have wide-reaching impacts on the economy. The Australian Government is looking to work collaboratively with state and territory governments, existing regulators, and industry to best manage these risks, with an initial focus on the specific risks from foreign involvement, including sabotage, espionage and coercion, in these high-risk sectors. 6
8 A Proactive and Collaborative Approach Australia s Critical Infrastructure Resilience Strategy recognises that in most cases, neither business nor government in isolation have access to all the information they need to understand and appropriately mitigate risks, nor the ability to influence their operating environments to the extent required to ensure the continuity of essential services. While Australian intelligence agencies have a well-developed understanding of the security threats and vulnerabilities, the expertise of industry and state and territory governments who own, operate and regulate our critical infrastructure, is essential to better understand existing risk management controls, and to develop mitigation strategies which leverage existing regimes where possible. That is why the Australian Government has established the Centre to ensure we are working closely and collaboratively with experts from states, territories and industry through the mechanisms set out below. Critical Infrastructure Centre The Centre is based within the Australian Government s Attorney-General s Department and comprises staff with expertise from across Australian Government agencies. The Centre will work cooperatively across Australian Government agencies, and with states and territories, regulators and private owners and operators to proactively identify and manage national security risks from foreign involvement in Australian critical infrastructure, leveraging existing regimes wherever possible. Key functions Identify key critical infrastructure assets within the high risk infrastructure sectors. o o This will provide greater certainty and clarity to investors and industry on the types of assets that will attract national security scrutiny. A criticality methodology will be developed to guide identification of assets. This will align with work currently being undertaken with the Trusted Information Sharing Network for critical infrastructure. Develop a register of critical infrastructure assets, which captures and tracks information about who owns and operates critical assets (discussed further below). Undertake strategic risk assessments on our most critical assets to determine the national security risks from foreign involvement. 7
9 o o o A risk assessment methodology will be developed to guide assessments. A risk profile will be developed for assets, detailing current and emerging threats, their vulnerabilities and the consequences of a risk being realised. Assessments will drive the Centre s outreach, allowing Government to provide guidance on trends and to support prioritisation of its work with owners and operators on strategies to improve national security within sectors. Develop national security risk assessments, which will be targeted risk assessments in response to requests from stakeholders, such as the Foreign Investment Review Board. o National security risk assessments will directly assess threat, vulnerability and consequence in the face of a specific circumstance (e.g. the sale of a critical asset) and will drive decision making processes within Government by identifying and communicating the residual risk of a particular event/incident. Develop risk management strategies based on determined risk profiles. o Strategies will leverage existing state, territory and industry mechanisms. Support national security compliance activities. Undertake horizon scanning to detect and monitor new, unknown, existing and potential national security risks, issues and opportunities. The Centre will support the Australian Government s Telecommunication Sector Security Reforms (TSSR), which were introduced into Parliament on 9 November 2016, and work closely with other agencies under Australia s Cyber Security Strategy. Question: Are the proposed functions of the Centre adequate to better manage the national security risks to our critical infrastructure? Question: What role could you play in assisting the Centre to undertake these key functions? Question: How should the Centre work with owners and operators when performing its functions, including understanding existing mitigation mechanisms? 8
10 Critical Infrastructure Asset Register The Critical Infrastructure Asset Register (Register) will capture and track information about who owns and operates our most critical assets in high risk sectors (currently water, ports and electricity). The need to provide information for the Register will apply to all asset owners, both domestic and foreign, in high risk sectors. The Centre will engage with asset owners in high risk sectors to assist them to meet registration requirements. Using the information collected on the Register, the Centre will undertake proactive national security risk assessments of assets and work with all levels of government, regulators, and owners and operators as appropriate during the risk assessment process to identify and manage risks. The Centre will also consider relevant existing government information holdings. Information to be collected The Register seeks to allow the identification of asset ownership and to track changes over time. It is intended to provide information that may otherwise be difficult to obtain. The Register could collect the following information: details of the owner including legal name, address of companies or persons and Australian Business Number (ABN) if applicable; name and location of the critical infrastructure asset; level of ownership interest in the asset; organisational management structure, including key operational decision-making bodies and individuals; and details of operational access and control of the asset. Question: What other type of information would be important for the Register to collect and why? Question: What other types of information would improve our understanding of foreign involvement in outsourcing, offshoring and supply chain arrangements? 9
11 Registration requirements It is proposed that the Register be post-acquisition, which would give owners 30 days to provide the relevant information from the acquisition date of a critical infrastructure asset. To ensure the Register is effective, there would be an obligation for owners to advise of divestments of interests in a high risk critical infrastructure asset as soon as the intent to divest is made. Owners would also be required to update their details when changes occur, for example if the ownership composition of the asset changes. Question: Does the 30 day period provide sufficient time for owners to register their interest in a critical infrastructure asset? If not, what alternative(s) do you propose and why? Initial registration period A six-month transition period is proposed to give owners an opportunity to register their existing interests. The Australian Government would announce the date that the transition period would commence. Capturing existing interests will provide a baseline against which changing levels of ownership can be assessed. To reduce compliance costs, the Centre could engage known owners and undertake an information campaign designed to notify existing and potential owners of the requirement to register. Question: Is a six-month transition period appropriate? If not, what alternative(s) do you propose and why? Implementation approach An Australian Government administered register is considered the most appropriate approach to meet the Centre s objectives. While some information may currently be provided to industry regulators in a limited number of the high-risk sectors (for example owners of assets in the electricity sector), and other information is publicly available such as the ABN of public companies, there is currently not a comprehensive list of ownership information of critical infrastructure assets. A Register administered by the Australian Government can be established at a lower cost than altering registration requirements for each of the sector regulators. This is particularly the case where there is no single national regulator or where a regulator does not already exist. To ensure a comprehensive collection of information can be obtained, it is proposed legislation will be introduced requiring owners to register their interests. Question: What are the main advantages and disadvantages of a register administered by the Australian Government? 10
12 When risks can t be mitigated through existing frameworks Despite the existence of the Centre, the Critical Assets Register, and the best efforts and good will of owners and operators, there may be instances where certain national security risks cannot be appropriately mitigated. Wherever possible, the Australian Government will seek to mitigate identified risks in consultation with industry and regulators, or through existing regulatory frameworks, such as licensing schemes that already require critical infrastructure owners to comply with a range of operating conditions. However, as noted above, in rare cases, there may be instances where these existing mechanisms are insufficient or impractical. In recognition of the limitations of current mechanisms to manage national security risks in the telecommunications sector, the Government has introduced the TSSR. These reforms will establish a legislative security framework to better manage threats, such as sabotage, espionage, and unauthorised access and interference in the telecommunications sector. The TSSR will allow the Attorney-General to issue a direction to do or refrain from doing a specified act or thing. The Attorney-General is only able to make a direction: if satisfied that there is a risk of unauthorised access or interference to telecommunications networks or facilities that would be prejudicial to security; after an adverse security assessment by ASIO; after consulting with the relevant industry member and the Minister for Communications and the Arts; the requirements imposed by the direction are reasonably necessary to eliminate or reduce the risk; and reasonable steps have been taken to negotiate in good faith with the owner. Further information about these reforms can be found at The Australian Government is considering whether similar powers to TSSR would be appropriate to ensure that risk mitigations can be put in place for a limited number of high risk assets in the other high risk critical sectors. The Attorney-General could be given the authority to direct specific risk mitigation actions, where significant risks are present and all other risk management avenues have been exhausted. If implemented, this power would only be used as a last resort and would be subject to similar safeguards proposed for TSSR including where the Attorney-General is satisfied: 11
13 there is a significant risk to national security; the requirements imposed by the direction are reasonably necessary to eliminate or reduce the risk; and reasonable steps had been taken to negotiate in good faith with the owner. Before issuing a direction, the Attorney-General would consult the owner and consider the costs that would be incurred by the owner and the consequences for the operation of the asset. The decision to issue a direction would be subject to judicial review. The power would be consistent with Australia s international law obligations. In particular, each individual use of the last resort power would be considered on a case-by-case basis to determine whether the action the Attorney-General is proposing to take in relation to the specific asset owner would be consistent with Australia s trade and investment law obligations. Question: What are your views on the introduction of a last resort power to address significant risks where all other risk management avenues have been exhausted? Question: What other protective measures or safeguards could be applied to enhance national security risk mitigation in those rare cases where risk cannot be appropriately mitigated via current mechanisms? 12
Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness
2011/EPWG/WKSP/020 Session 4 Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness Submitted by: Australia Workshop on Private Sector Emergency Preparedness Sendai,
More informationThe Australian Government s Approach to Critical Infrastructure Resilience
The Australian Government s Approach to Critical Infrastructure Resilience GNSS Workshop University of New South Wales 4 December 2013 Mr Kris Garred, Director Critical Infrastructure Policy Attorney-General
More informationPrinciples for a National Space Industry Policy
Principles for a National Space Industry Policy Commonwealth of Australia 2011 DIISR 11/144 This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced
More informationSTRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government
ATIONAL STRATEGY National Strategy for Critical Infrastructure Government Her Majesty the Queen in Right of Canada, 2009 Cat. No.: PS4-65/2009E-PDF ISBN: 978-1-100-11248-0 Printed in Canada Table of contents
More informationNDIS Quality and Safeguards Commission. Incident Management System Guidance
NDIS Quality and Safeguards Commission Incident Management System Guidance Version 1 - May 2018 Acknowledgment This guidance is published by the Australian Government, using resources developed by the
More informationCHAPTER 13 ELECTRONIC COMMERCE
CHAPTER 13 ELECTRONIC COMMERCE Article 13.1: Definitions For the purposes of this Chapter: computing facilities means computer servers and storage devices for processing or storing information for commercial
More informationDecember 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
More informationCIPMA CRITICAL INFRASTRUCTURE PROTECTION MODELLING & ANALYSIS. Overview of CIP in Australia
CIPMA CRITICAL INFRASTRUCTURE PROTECTION MODELLING & ANALYSIS Overview of CIP in Australia Greg Scott Leader, Critical Infrastructure Project Risk & Impact Analysis Group Geoscience Australia Greg.Scott@ga.gov.au
More informationCommonwealth Cyber Declaration
Commonwealth Cyber Declaration Recognising that the development of cyberspace has made a powerful contribution to the economic, social, cultural and political life of the Commonwealth; Underlining that
More informationCOMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN
COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING
More informationCritical Information Infrastructure Protection Law
Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia.
More informationTHE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS
THE WHITE HOUSE Office of the Press Secretary EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical
More informationDigital Health Cyber Security Centre
Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting
More informationRESPONSE TO 2016 DEFENCE WHITE PAPER APRIL 2016
RESPONSE TO 2016 DEFENCE WHITE PAPER APRIL 2016 HunterNet Co-Operative Limited T: 02 4908 7380 1 P a g e RESPONSE TO 2016 DEFENCE WHITE PAPER APRIL 2016 Project Manager Marq Saunders, HunterNet Defence
More informationNATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -
NATIONAL CYBER SECURITY STRATEGY - Version 2.0 - CONTENTS SUMMARY... 3 1 INTRODUCTION... 4 2 GENERAL PRINCIPLES AND OBJECTIVES... 5 3 ACTION FRAMEWORK STRATEGIC OBJECTIVES... 6 3.1 Determining the stakeholders
More informationExecutive summary. Natural disasters including bushfires, floods, storms and cyclones have destructive and devastating consequences for Australia
Natural disasters including bushfires, floods, storms and cyclones have destructive and devastating consequences for Australia The impacts of these disasters to businesses, properties and people have been
More informationCOMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document
EUROPEAN COMMISSION Strasbourg, 7.2.2013 SWD(2013) 31 final COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT Accompanying the document Proposal for a Directive of the European
More informationSAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity
SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity 1. We, APEC Ministers responsible for the Telecommunications and Information Industry,
More informationCyber Security Strategy
Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from
More informationEuropean Union Agency for Network and Information Security
Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationNATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES
NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES DOCUMENT DETAIL Security Classification Unclassified Authority National Information Technology Authority - Uganda
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationTelecommunications: Preventing Service Disruption
ITU/ESCAP Regional Workshop on Disaster Communications 12-15 December 2006 Bangkok, Thailand Telecommunications: Preventing Service Disruption Trevor Jenner Manager Capability Policy Transport and Communications
More informationFINNISH APPROACH TO CRITICAL INFRASTRUCTURE PROTECTION
FINNISH APPROACH TO CRITICAL INFRASTRUCTURE PROTECTION Katri Liekkilä, M.M.Sc., M.Sc. (Econ) Special Adviser IMPROVER Operators workshop, Lisbon 2018 NATIONAL DOCUMENTS RELATED TO CIP SECURITY STRATEGY
More informationRegulating Cyber: the UK s plans for the NIS Directive
Regulating Cyber: the UK s plans for the NIS Directive September 2017 If you are a digital service provider or operate an essential service then new security and breach notification obligations may soon
More informationFinal Draft/Pre-Decisional/Do Not Cite. Forging a Common Understanding for Critical Infrastructure. Shared Narrative
Final Draft/Pre-Decisional/Do Not Cite Forging a Common Understanding for Critical Infrastructure Shared Narrative March 2014 1 Forging a Common Understanding for Critical Infrastructure The following
More informationENISA s Position on the NIS Directive
ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides
More informationNWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2
NWQ Capital Management Pty Ltd Privacy Policy March 2017 Page 1 of 8 Privacy and Spam Policy NWQ Capital Management Pty Ltd s Commitment NWQ Capital Management Pty Ltd (NWQ) is committed to providing you
More informationImplementing the Administration's Critical Infrastructure and Cybersecurity Policy
Implementing the Administration's Critical Infrastructure and Cybersecurity Policy Cybersecurity Executive Order and Critical Infrastructure Security & Resilience Presidential Policy Directive Integrated
More informationSection One of the Order: The Cybersecurity of Federal Networks.
Summary and Analysis of the May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Introduction On May 11, 2017, President Donald
More informationNIS Directive : Call for Proposals
National Cyber Security Centre, in Collaboration with the Research Institute in Trustworthy Inter-connected Cyber-physical Systems (RITICS) Summary NIS Directive : Call for Proposals Closing date: Friday
More informationCyber Security and Cyber Fraud
Cyber Security and Cyber Fraud Remarks by Andrew Ross Director, Payments and Cyber Security Canadian Bankers Association for Senate Standing Committee on Banking, Trade, and Commerce October 26, 2017 Ottawa
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationBackground Note on Possible arrangements for a Technology Facilitation Mechanism and other science, technology and innovation issues
Background Note on Possible arrangements for a Technology Facilitation Mechanism and other science, technology and innovation issues Introduction This background note outlines, in a non-exhaustive manner,
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationUNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21
National and Cyber Security Branch Presentation for Gridseccon Quebec City, October 18-21 1 Public Safety Canada Departmental Structure 2 National and Cyber Security Branch National and Cyber Security
More informationPrivacy Policy Wealth Elements Pty Ltd
Page 1 of 6 Privacy Policy Wealth Elements Pty Ltd Our Commitment to you Wealth Elements Pty Ltd is committed to providing you with the highest levels of client service. We recognise that your privacy
More informationCybersecurity & Digital Privacy in the Energy sector
ENERGY INFO DAYS Brussels, 25 October 2017 Cybersecurity & Digital Privacy in the Energy sector CNECT.H1 Cybersecurity & Digital Privacy, DG CNECT ENER.B3 - Retail markets; coal & oil, DG ENER European
More informationFIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017
FIRE REDUCTION STRATEGY Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017 FIRE REDUCTION STRATEGY Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017 2 1. Introduction The
More informationInternational Atomic Energy Agency Meeting the Challenge of the Safety- Security Interface
Meeting the Challenge of the Safety- Security Interface Rhonda Evans Senior Nuclear Security Officer, Division of Nuclear Security Department of Nuclear Safety and Security Outline Introduction Understanding
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationXpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;
65 Gilbert Street, Adelaide SA 5000 Tel: 1300 216 890 Fax: 08 8221 6552 Australian Financial Services Licence: 430962 Privacy Policy This Privacy Policy was last updated on 27 February 2017. Our Commitment
More informationDirective on Security of Network and Information Systems
European Commission - Fact Sheet Directive on Security of Network and Information Systems Brussels, 6 July 2016 Questions and Answers The European Parliament's plenary adopted today the Directive on Security
More informationDHS Cybersecurity: Services for State and Local Officials. February 2017
DHS Cybersecurity: Services for State and Local Officials February 2017 Department of Established in March of 2003 and combined 22 different Federal departments and agencies into a unified, integrated
More informationBrussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER
COUNCIL OF THE EUROPEAN UNION Brussels, 19 May 2011 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66 NOTE From : COREPER To: COUNCIL No Cion. prop.: 8548/11 TELECOM 40 DATAPROTECT 27 JAI 213 PROCIV38
More informationEndpoint Security for Wholesale Payments
Endpoint Security for Wholesale Payments 2018 CHICAGO PAYMENTS SYMPOSIUM EMILY CARON MANAGER, FMI RISK & POLICY FEDERAL RESERVE BOARD The views expressed in this presentation are those of the speaker and
More informationSecurity and resilience in Information Society: the European approach
Security and resilience in Information Society: the European approach Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Andrea.servida@ec.europa.eu What s s ahead: mobile ubiquitous environments
More informationPackage of initiatives on Cybersecurity
Package of initiatives on Cybersecurity Presentation to Members of the IMCO Committee Claire Bury Deputy Director-General, DG CONNECT Brussels, 12 October 2017 Building EU Resilience to cyber attacks Creating
More informationCritical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.
Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach. By Christopher Ganizani Banda ICT Development Manager Malawi Communications Regulatory Authority 24-26th July,2016 Khartoum,
More informationPD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection
PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection December 17, 2003 SUBJECT: Critical Infrastructure Identification, Prioritization,
More informationStrategy for information security in Sweden
Strategy for information security in Sweden 2010 2015 STRATEGY FOR SOCIETAL INFORMATION SECURITY 2010 2015 1 Foreword In today s information society, we process, store, communicate and duplicate information
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)
COUNCIL OF THE EUROPEAN UNION Brussels, 24 May 2013 Interinstitutional File: 2013/0027 (COD) 9745/13 TELECOM 125 DATAPROTECT 64 CYBER 10 MI 419 CODEC 1130 NOTE from: Presidency to: Delegations No. Cion
More informationThe Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless
The Republic of Korea Executive Summary Today, cyberspace is a new horizon with endless possibilities, offering unprecedented economic and social benefits. However, on account of its open, anonymous and
More informationehealth Ministerial Conference 2013 Dublin May 2013 Irish Presidency Declaration
ehealth Ministerial Conference 2013 Dublin 13 15 May 2013 Irish Presidency Declaration Irish Presidency Declaration Ministers of Health of the Member States of the European Union and delegates met on 13
More informationHer Majesty the Queen in Right of Canada, Cat. No.: PS4-66/2014E-PDF ISBN:
2014-2017 Her Majesty the Queen in Right of Canada, 2014 Cat. No.: PS4-66/2014E-PDF ISBN: 978-1-100-23291-1 ii Table of contents 1. Introduction....3 What we have learned and what has changed...3 2. A
More informationPOSITION DESCRIPTION
Network Security Consultant POSITION DESCRIPTION Unit/Branch, Directorate: Location: Regulatory Unit Information Assurance and Cyber Security Directorate Auckland Salary range: I $90,366 - $135,548 Purpose
More informationOFFICIAL COMMISSIONING OF SECURITY SYSTEMS AND INFRASTRUCTURE
Title of document ONR GUIDE COMMISSIONING OF SECURITY SYSTEMS AND INFRASTRUCTURE Document Type: Unique Document ID and Revision No: Nuclear Security Technical Assessment Guide CNS-TAST-GD-4.4 Revision
More informationA new approach to Cyber Security
A new approach to Cyber Security Feel Free kpmg.ch We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward.
More informationNOW IS THE TIME. to secure our future
NOW IS THE TIME to secure our future A FRAMEWORK FOR UNITING THE CANADIAN ACCOUNTING PROFESSION VISION FOR THE PROFESSION To be the pre-eminent, internationally recognized Canadian accounting designation
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationThe Federal Council s Basic Strategy. for Critical Infrastructure Protection
The Federal Council The Federal Council s Basic Strategy for Critical Infrastructure Protection Basis for the national critical infrastructure protection strategy 18 May 2009 Table of Contents 1 Introduction...
More informationFuture Resilience of the UK Electricity System Are we resilient to meet the needs of this rapidly changing world?
Future Resilience of the UK Electricity System Are we resilient to meet the needs of this rapidly changing world? 15th January 2019 Aim of this Energy Research Partnership Project Is to identify and assess
More informationM&A Cyber Security Due Diligence
M&A Cyber Security Due Diligence Prepared by: Robert Horton, Ollie Whitehouse & Sherief Hammad Contents Page 1 Introduction 3 2 Technical due diligence goals 3 3 Enabling the business through cyber security
More informationICB Industry Consultation Body
ICB Industry Consultation Body POSITION PAPER Regulatory Response to ATM Cyber-Security Increasing reliance on inter-connected ATM systems, services and technologies increases the risk of cyber-attacks.
More informationNational Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015
National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015 The Post Katrina Emergency Management Reform Act (2006) Required the
More information21ST OSCE ECONOMIC AND ENVIRONMENTAL FORUM
21ST OSCE ECONOMIC AND ENVIRONMENTAL FORUM Increasing stability and security: Improving the environmental footprint of energy-related activities in the OSCE region CONCLUDING MEETING Prague, 11 13 September
More informationGLOBAL INDICATORS OF REGULATORY GOVERNANCE. Scoring Methodology
GLOBAL INDICATORS OF REGULATORY GOVERNANCE Scoring Methodology To advance our analysis, we developed a composite Global Indicators of Regulatory Governance score designed to quantify good regulatory practices
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationNSW Collaboration for Defence Benjamin Hayes Assistant Secretary Defence Capability & Innovation. 15 February 2017
NSW Collaboration for Defence Benjamin Hayes Assistant Secretary Defence Capability & Innovation 15 February 2017 Developing the industry we need to achieve our strategic and capability goals The Defence
More informationOfqual. Ofqual Supporting a Cloud-First Programme. Client Testimonial
Ofqual Ofqual Supporting a Cloud-First Programme Client Testimonial 2017 CoreAzure Limited. All rights reserved. This document is provided "as-is". Information and views expressed in this document, including
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationCall for expression of interest in leadership roles for the Supergen Energy Networks Hub
Call for expression of interest in leadership roles for the Supergen Energy Networks Hub Call announced: 4 th September 2017 Deadline for applications: Midday 29 th September 2017 Provisional decision
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationHazard Management Cayman Islands
Hazard Management Cayman Islands Strategic Plan 2012 2016 Executive Summary HMCI strategic plan outlines the agency s outlook in the next five years and illustrates the main strategies as goals that will
More informationThe challenges of the NIS directive from the viewpoint of the Vienna Hospital Association
The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association page 1 Cybersecurity Strategy Essential Points The norms, principles and values that the City of Vienna and the
More informationEU policy on Network and Information Security & Critical Information Infrastructures Protection
EU policy on Network and Information Security & Critical Information Infrastructures Protection Köln, 10 March 2011 Valérie ANDRIANAVALY European Commission Directorate General Information Society and
More informationETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)
ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive) July 2013 Executive Summary ETNO supports the European Commission s global approach to cyber-security
More informationGENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION
GENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION Hrvoje Sagrak 1 Introduction In an interconnected world that we live in, protection of our societies and values relies highly
More informationNational Policy and Guiding Principles
National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework
More information2018 Summary Report into the cyber security preparedness of the National and WA Wholesale Electricity Markets. AEMO report to market participants
2018 Summary Report into the cyber security preparedness of the National and WA Wholesale Electricity Markets AEMO report to market participants December 2018 Important notice PURPOSE AEMO has published
More informationGatekeeper Public Key Infrastructure Framework. Information Security Registered Assessors Program Guide
Gatekeeper Public Key Infrastructure Framework Information Security Registered Assessors Program Guide V 2.1 December 2015 Digital Transformation Office Commonwealth of Australia 2015 This work is copyright.
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationContents. Navigating your way to the cloud
Contents Navigating your way to the cloud Moving to the digital economy 4 Four essential steps to a successful cloud adoption and deployment 5 Step 1: Full, informed stakeholder involvement 6 Step 2: Targeted
More informationUSA HEAD OFFICE 1818 N Street, NW Suite 200 Washington, DC 20036
US-China Business Council Comments on The Draft Measures for Security Review of Online Products and Services March 6, 2017 On behalf of the more than 200 members of the US-China Business Council (USCBC),
More informationInformation Security Strategy
Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone
More informationTHE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER
THE WHITE HOUSE Office of the Press Secretary FOR IMMEDIATE RELEASE May 11, 2017 EXECUTIVE ORDER - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority
More informationCritical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level
Critical Information Infrastructure Protection Role of CIRTs and Cooperation at National Level 1 Global Cybersecurity Agenda (GCA) GCA is designed for cooperation and efficiency, encouraging collaboration
More informationMarch 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience
This document is scheduled to be published in the Federal Register on 03/25/2016 and available online at http://federalregister.gov/a/2016-06901, and on FDsys.gov March 21, 2016 MEMORANDUM FOR THE HEADS
More informationTURNING STRATEGIES INTO ACTION DISASTER MANAGEMENT BUREAU STRATEGIC PLAN
DISASTER MANAGEMENT BUREAU STRATEGIC PLAN 2005-2006 PREFACE Historical statistics would suggest that Bangladesh is one of the most disaster prone countries in the world with the greatest negative consequences
More informationMember of the County or municipal emergency management organization
EMERGENCY OPERATIONS PLAN SUUPPORT ANNEX B PRIVATE-SECTOR COORDINATION Coordinating Agency: Cooperating Agencies: Chatham Emergency Management Agency All Introduction Purpose This annex describes the policies,
More informationSecuring Europe's Information Society
Securing Europe's Information Society Dr. Udo Helmbrecht Executive Director European Network and Information Security Agency 16 June 2010 FIRST AGM Miami 16/6/2010 1 Agenda ENISA overview Challenges EU
More informationCyber Security: Threat and Prevention
Expand Your Horizons Webinar Series Cyber Security: Threat and Prevention February 24, 2015 1:00 1:45pm The Webinar will begin shortly. You can ask a question in the box on the right hand side. We will
More informationPresidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure EXECUTIVE ORDER [13800] - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationPromoting Global Cybersecurity
Promoting Global Cybersecurity Presented to ITU-T Study Group 17 Geneva, Switzerland 6 October 2005 Robert Shaw ITU Internet Strategy and Policy Advisor ITU Strategy and Policy Unit 1 Agenda Critical Infrastructures
More informationWritten Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company
Written Statement of Timothy J. Scott Chief Security Officer The Dow Chemical Company Representing The Dow Chemical Company and the American Chemistry Council To the United States Senate Committee on Homeland
More informationImplementing Executive Order and Presidential Policy Directive 21
March 26, 2013 Implementing Executive Order 13636 and Presidential Policy Directive 21 Mike Smith, Senior Cyber Policy Advisor, Office of Electricity Delivery and Energy Reliability, Department of Energy
More information10007/16 MP/mj 1 DG D 2B
Council of the European Union Brussels, 9 June 2016 (OR. en) 10007/16 OUTCOME OF PROCEEDINGS From: On: 9 June 2016 To: General Secretariat of the Council Delegations No. prev. doc.: 9579/16 + COR 1 Subject:
More information