Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Similar documents
Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

Bradford J. Willke. 19 September 2007

Critical Infrastructure Protection: Concepts and Continuum

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Critical Information Infrastructure Protection Law

Promoting Global Cybersecurity

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Implementing Executive Order and Presidential Policy Directive 21

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

DHS Cybersecurity: Services for State and Local Officials. February 2017

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Critical Infrastructure Resilience

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

The Office of Infrastructure Protection

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

G7 Bar Associations and Councils

Statement for the Record

Presidential Documents

Commonwealth Cyber Declaration

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

19-20 September 2018 The Trans Resort Kuta, Bali - Indonesia

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Cyber Security in Europe

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

Enhancing the cyber security &

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

About Issues in Building the National Strategy for Cybersecurity in Vietnam

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Security and resilience in Information Society: the European approach

Valérie Andrianavaly European Commission DG INFSO-A3

21ST OSCE ECONOMIC AND ENVIRONMENTAL FORUM

The J100 RAMCAP Method

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

JOINT UNITED STATES-CANADA ELECTRIC GRID SECURITY AND RESILIENCE STRATEGY

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Office of Infrastructure Protection Overview

Cyber Resilience. Think18. Felicity March IBM Corporation

The Australian Government s Approach to Critical Infrastructure Resilience

HPH SCC CYBERSECURITY WORKING GROUP

ENISA EU Threat Landscape

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Overview of the Federal Interagency Operational Plans

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

Why you should adopt the NIST Cybersecurity Framework

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Cyber Security and Cyber Fraud

RESILIENT UTILITY COALITION OF SOUTH FLORIDA

Data Governance for Smart City Management

National Policy and Guiding Principles

The NIST Cybersecurity Framework

Provisional Translation

2014 Sector-Specific Plan Guidance. Guide for Developing a Sector-Specific Plan under NIPP 2013 August 2014

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

STRATEGIC PLAN. USF Emergency Management

European Union Agency for Network and Information Security

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

FDA & Medical Device Cybersecurity

Cybersecurity for ALL

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

Applying Mitigation. to Build Resilient Communities

Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management

Business Continuity Planning

Building UAE s cyber security resilience through effective use of technology, processes and the local people.

Her Majesty the Queen in Right of Canada, Cat. No.: PS4-66/2014E-PDF ISBN:

The Federal Council s Basic Strategy. for Critical Infrastructure Protection

The UK s National Cyber Security Strategy

Emergency Management Response and Recovery. Mark Merritt, President September 2011

Cybersecurity Risk Management:

Cyber Security Strategy

Innovation policy for Industry 4.0

Medical Device Cybersecurity: FDA Perspective

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

Member of the County or municipal emergency management organization

CHAIR S SUMMARY: G7 ENERGY MINISTERS MEETING

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

AAPA Smart Ports. Cyber Management for Ports Panel. Small Port Cyber Security Workshops. March 6, 2018

Introduction to the National Response Plan and National Incident Management System

Department of Homeland Security Updates

Protecting Critical Information Infrastructure in times of increasing cyber conflict

Panel 1 National CSIRT Experience

Transport and ICT Global Practice Smart Connections for All Sandra Sargent, Senior Operations Officer, Transport & ICT GP, The World Bank

The Office of Infrastructure Protection

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

June 5, 2018 Independence, Ohio

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Itu regional workshop

Long-Term Power Outage Response and Recovery Tabletop Exercise

Transcription:

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach. By Christopher Ganizani Banda ICT Development Manager Malawi Communications Regulatory Authority 24-26th July,2016 Khartoum, Republic of Sudan, 24 26 July 2016

Presentation Outline Introduction. Some Definitions CIP Stakeholders Protecting critical infrastructure 7 Steps for CIP Protection CIP Goals and Roles Identify and Prioritize Critical Functions Continuously Assess and Manage Risks Establish and Exercise Emergency plans Create Public-Private Partnerships Build Security/Resiliency into Operations Update and Innovate Technology/Processes Malawi Experience Conclusion 2

INTRODUCTION Modern life is increasingly reliant on a wide-ranging set of functions. These includes services, systems, and assets, commonly referred to as infrastructures. Governments view several of these infrastructures, such as communications, banking, energy, transportation, and healthcare etc, as critical. The disruption, destruction, or loss of integrity of these can impact a nation s stability hence the need for protection. Critical infrastructures are often thought of as physical assets but have now integrated information and communications technology (ICT). 3

Some Definitions Critical infrastructure: The key systems, services, and functions (IT or physical) whose disruption, destruction, or exploitation could have a debilitating impact on public health and safety, commerce, and national security, or any combination. Critical Infrastructure Protection: Concepts and Continuum, Microsoft Critical information infrastructure (CIIs) : are communications and/or information services whose availability, reliability and resilience are essential to the functioning of a modern economy. Critical Information Infrastructure Protection, A Report of the 2005 Rueschlikon Conference on Information Policy Critical infrastructure protection (CIP): CIP consists of the proactive activities to protect the indispensable people, physical assets, and communication/cyber systems from any degradation or destruction caused by all hazards. The Emergency Management and Response Information Sharing and Analysis Center 2007 4

Critical Infrastructure Protection (CIP) Stakeholders Government agencies, The Private sector, (Technology vendors) Research agencies (Academia), The Defense/Military/intelligence agencies All IT workers International organizations. 5

Protecting critical infrastructure Principles that form a CIP continuum: Establishing trustworthy policies and plans for protecting critical infrastructure in today s dynamic environment. Managing risk: Fostering capabilities for protecting, detecting, and responding to risks to promote operational resiliency. Promoting innovation and investments: By learning from policy and operations that can guide the allocation of resources for practices, programs, education, and research related to CIP 6

7 Steps for Critical Infrastructure Protection Microsoft Model. 1. Define Goals and Roles 2. Identify and Prioritize Critical Functions 3. Continuously Assess and Manage Risks 4. Establish and Exercise Emergency plans 5. Create Public-Private Partnerships 6. Build Security/Resiliency into Operations 7. Update and Innovate Technology/Processes 7

1a.CIP Goals. Establishing Clear Goals is Central to Success Policy Elements Critical Infrastructure Importance Critical Infrastructure Risks CIP Policy Goal/Statement Public-Private Implementation Provide the essential services that support modern information societies and economies. Support critical functions and essential services so vital Any Compromised can affect national security and economic well-being. The aim is to Prevent or minimize disruptions to CIIs,. In the event disruptions do occur, they should be infrequent, of minimal duration and manageable. Implementing the National CIIP framework includes government entities, as well as, voluntary public private partnerships involving corporate and nongovernmental organizations. 8

1b.Define Roles CIIP Coordinator (Executive Sponsor) Public-Private Partnerships Infrastructure Owners and Operators Law Enforcement Sector Specific Agency Computer Emergency Response Team IT Vendors and Solution Providers Government Shared Private 9

2.Identify and Prioritize Critical Functions Establish an open dialogue to understand the critical functions, infrastructure elements, and key resources necessary for delivering essential services, maintaining the orderly operations of the economy, and ensuring public safety. 10

3. Establish and Exercise Emergency plans. Protection is the Continuous Application of Risk Management Evaluate Program Effectiveness Leverage Findings to Improve Risk Management Identify Key Functions Assess Risks Evaluate Consequences Measure Effectiveness Assess Risks Implement Controls Identify Controls and Mitigations Seek Holistic Approach. Organize by Control Effectiveness Implement Defense-in Depth Define Functional Requirements Evaluate Proposed Controls Estimate Risk Reduction/Cost Benefit Select Mitigation Strategy 11

4. Establish and Exercise Emergency plans Improve Operational Coordination Form joint plans for managing emergencies including recovering critical functions in the event of significant incidents, including but limited to natural disasters, terrorist attacks, technological failures or accidents. Effective emergency response plans are generally short and highly actionable so they can be readily tested, evaluated, and implemented. Testing and exercising emergency plans promotes trust, understanding and greater operational coordination among public and private sector organizations. Exercises also provide an important opportunity to identify new risk factors that can be addressed in response plans or controlled through regular risk management functions. 12

5. Create Public-Private Partnerships Voluntary public-private partnerships Promote trusted relationships needed for information sharing and collaborating on difficult problems, Leverage the unique skills of government and private sector organizations, and Provide the flexibility needed to collaboratively address today s dynamic threat environment 13

6. Build Security and Resiliency into Ops Organizational incentives can drive security development lifecycle principles into all line of business Leveraging the security lifecycle promotes secure and resilient organizations and products 14

7. Update and Innovate Technology/Processes Cyber threats are constantly evolving Policy makers, enterprise owner and operators can prepare for changes in threats by Monitoring trends Keeping systems patched Maintaining the latest versions of software that have been built for the current threat environment. 15

Malawi Experience Growth of mobile and Internet penetration ( Connectivity) Increase in reliance of internet for social, economic, political interactions. Mult stakeholder Approach to Cyber security High level Cyber security Awareness workshops COMESA/MACRA (April 2015) MDF;Malawi Police and University (Sept 2015) Cyber security Strategy Project ( CTO/MACRA) (june2016 May 2017) New E-Transaction and Cyber security Law (July; 2016) New Reviewed Communications Law (July; 2016) 16

CONCLUSION CIP is crucial and specific policies might be necessary. Multi-stakeholder approach crucial Harmonization of laws ( regional & international) to enhance international coordination & elimination of safe harbors Innovation/Capacity building and Awareness equally crucial 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback