Securing strategic advantage

Similar documents
Integrating Cyber Security and Safety Systems Engineering Disciplines with a common Code of Practice

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Cyber Security Strategy

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

Defence services. Independent systems and technology advice that delivers real value. Systems and Engineering Technology

Continuous protection to reduce risk and maintain production availability

Cyber Security Technologies

Policy. Business Resilience MB2010.P.119

Cybersecurity. Securely enabling transformation and change

Future Resilience of the UK Electricity System Are we resilient to meet the needs of this rapidly changing world?

Principles for a National Space Industry Policy

Security Awareness Training Courses

CYBER RESILIENCE & INCIDENT RESPONSE

Enhancing the cyber security &

Critical Infrastructure Security Vulnerability Assessment. A New Approach. Norman Bird - Senior Technical Lead - Nuclear Security

Industrial control systems

Protecting information across government

Cyber Risk in the Marine Transportation System

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

Cybersecurity, Trade, and Economic Development

Critical Infrastructure Protection & Resilience Europe / Asia. Conference Discussion Reviews

Objectives of the Security Policy Project for the University of Cyprus

ISRAEL NATIONAL CYBER SECURITY STRATEGY IN BRIEF

The NIS Directive and Cybersecurity in

SPECIALIST CYBER SECURITY SERVICES & CYBER VULNERABILITY HEALTH CHECK FOR SMALLER COMPANIES

Security by Default: Enabling Transformation Through Cyber Resilience

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

Cybersecurity Overview

CIPMA CRITICAL INFRASTRUCTURE PROTECTION MODELLING & ANALYSIS. Overview of CIP in Australia

Andrew Durant/Ellen Sullivan

Control Systems Cyber Security Awareness

New Zealand National Cyber Security Centre Incident Summary

DIGITAL TRUST Making digital work by making digital secure

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

OUR VISION To be a global leader of computing research in identified areas that will bring positive impact to the lives of citizens and society.

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

National Policy and Guiding Principles

Unit 3 Cyber security

Forensics and Active Protection

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

An Introduction To Security Planning

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Call for expression of interest in leadership roles for the Supergen Energy Networks Hub

Office of Infrastructure Protection Overview

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

Connecting you to the future. Telecommunications, Smart Systems & Industrial IoT, Security & Critical Infrastructure Protection, Outside Plant Design

External Supplier Control Obligations. Cyber Security

our vision our mission BE A SOLUTION-DRIVEN ADVISOR WITH OUTSTANDING EXPERTISE. ALWAYS BE THE FIRST CHOICE FOR CLIENTS, PARTNERS AND EMPLOYEES.

Electrical Solutions in action

Improving the Resilience of Critical Infrastructure from Natural Hazards

Department of Management Services REQUEST FOR INFORMATION

Port Facility Cyber Security

GENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION

M&A Cyber Security Due Diligence

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Section One of the Order: The Cybersecurity of Federal Networks.

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

Implementation Strategy for Cybersecurity Workshop ITU 2016

Nuclear power aspects ITU/ENISA Regional Conference on Cybersecurity, Sofia

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cyber Security Program

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

TAN Jenny Partner PwC Singapore

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Information Technology Branch Organization of Cyber Security Technical Standard

Digital Health Cyber Security Centre

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Max Security Solutions

Building a resilient ICS

ICB Industry Consultation Body

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Critical Information Infrastructure Protection Law

Express Monitoring 2019

The University of Queensland

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Manchester Metropolitan University Information Security Strategy

ENISA EU Threat Landscape

Secure Societies Work Programme Call

Transforming the utilities industry. How our insight and infrastructure can help you thrive in a changing world

Critical Infrastructure Partnership

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

ISAO SO Product Outline

RUAG Cyber Security Understand Cyber. Protect Values.

How a global industry player addresses the Cybersecurity challenges of Air Transport

IMPACT Global Response Centre. Technical Note GLOBAL RESPONSE CENTRE

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

THE LINK BETWEEN ENTERPRISE RISK MANAGEMENT AND DISASTER MANAGEMENT

Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials

Wireless e-business Security. Lothar Vigelandzoon

European Union Agency for Network and Information Security

Transcription:

Securing strategic advantage Protecting industrial control systems Cyber Supplier to UK Government Plan Design Enable

In delivering our vision to be the best infrastructure company in the world, we pride ourselves on leading global protection of critical assets and businesses. This encompasses physical and information assets, particularly those involved in the control of industrial processes. 2

Identity assurance We have experience of delivering identity assurance solutions in a number of environments covering commercial, military and civil aviation sites and premises. Behavioural We help customers understand the importance of creating a positive culture within an organisation where management and staff contribute effortlessly towards shared protective security objectives. Business Continuity Atkins services are designed to put in place clear planned responses to business continuity challenges. Bringing it all together Atkins Holistic Security approach Industrial control systems For industrial control systems, availability and reliability are the key priorities, in contrast with IT in general, where the overriding concern is confidentiality. Physical Covering all aspects of physical security across commercial infrastructure, transport systems, military facilities and airport security services. Cyber Our impact focused, risk based approach builds the appropriate cyber security controls into the fabric of organisations. We ensure you can deter, defend and detect the inevitable attempts to compromise your operation. Securing strategic advantage 3

Atkins Holistic Security Proposition Physical, cyber and personnel security generally remain separate in many organisations. Our holistic security offering enables you to get a better understanding of overall organisational security risks by applying converged governance and risk management across all assets. In combination with our programme and security risk management expertise, this approach ensures better protection for assets, staff and information; your critical business enablers. 4

Industrial and Process Control Cyber Security Business processes relying upon industrial control systems are required to have high operational demands. System and data integrity are essential to satisfactory operation, with the absolute necessity to operate in real time. Availability or reliability of plant systems is the foremost priority, in contrast with IT in general, where the prime concern is confidentiality, the intellectual property of the process, recipe, product or the automation software. Understanding security risks to organisations and assessing the critical operations Develop a holistic security strategy to address challenges across the organisation, whether technical, procedural, or personnel based Establish resilience through realising cyber security events are inevitable. Appropriate planning and incident response will minimise impacts and enable a rapid return to business as usual. Assess and evaluate Operate Enterprise Situational Awareness Programme management Design Assurance and governance Education and training Test and commission Build 5

The scale of the challenge A number of publications, both in the UK and internationally, have underlined the importance of protecting critical national infrastructure and the scale of the challenge in doing so. The UK Parliamentary Office for Science and Technology (POST), a body that provides independent analysis of policy issues with a science and technology basis, published a briefing entitled Cyber Security in the UK (1). The briefing highlighted recent events in cyber security and discussed the potential for large-scale attacks on national infrastructure, emerging issues related to this, as well as the implementation of cyber security. Topics included the responsibility for UK cyber security, the types of attacks, industrial control systems and the need to improve resilience, security and knowledge in both industry and Government. Governance Compliance Cyber and information security Risk management Assurance Architecture 6

This was followed by the UK Government s Cyber Security Strategy (2), which outlines a programme of activity to work closely with companies responsible for critical national infrastructure systems. Moreover, it announces the Government s intention to work with a wider range of companies than those currently associated with national infrastructure; anywhere the threat to revenues and intellectual property is capable of causing significant economic damage is now firmly on the Government s radar. Furthermore data available from online media such as blogs, social networking sites and specialist publications could be used to mount a cyber attack on UK infrastructure, according to the report commissioned by the Institution of Engineering and Technology(IET). Key information regarding vulnerabilities in company systems is now openly available from a range of sources on the internet, said the report, entitled Using Open Source Intelligence to Improve ICS & SCADA Security. This research, published at the IET s Cyber Security for Industrial Control Systems seminar in London, found many industrial sector websites and academic papers provide information which identifies CNI-related staff and their social media information. (3) Article: Cyber Security and Critical National Infrastructure. Dr Richard Piggin, Atkins 1. POSTnote 389, September 2011 2. UK Cyber Security Strategy, Cabinet Office, November 2011 3. IET ICS Cyber Security for IndustrialControl Systems event, February 2014 Understand business objectives Vulnerability assessment Analytical assessment Recommendations 7

Protecting Global Infrastructure Confidential Critical National Infrastructure Client Vulnerability Assessment Atkins undertook an open source vulnerability assessment of a UK Critical National Infrastructure company focused upon Industrial Control Systems (ICS) and SCADA. The aim was to understand ICS information available in the public domain which could be obtained by a potential adversary in order to enable an assessment of the potential threats and the implementation of appropriate mitigation measures to improve security and safety. An analytical investigation was undertaken using, mainstream media, blogs, social media, sector-specific journals, academic material, web 2.0 and industrial sector websites. Once specific information was known, an assessment of the likely threat was made and recommendations proposed to reduce the open source footprint and to take compensating measures. The assessment is divided into various categories, including mapping, social media, ICS, and outward facing IT architecture. Publicly available tools were used to demonstrate the identification of networked control systems, their vulnerabilities and the exploits that may be used to attack them. This highlighted the low technical knowledge required to successfully mount an attack against Industrial Control Systems. 8

Confidential Global Oil and Gas Client Developing a major programme to protect process control systems Atkins has been working with one of the world s largest energy sector clients to help them develop a single framework approach for development of cyber security architecture. The method of achieving this encompassed first understanding the organisational objectives of the client and using a business objective orientated approach to establish asset criticality. Having understood what was critical to delivering business objectives the framework could then be developed to allow the client to focus its security on those areas that were actually critical to delivering the business objectives. The resulting framework was then used to establish a comprehensive single programme of work to ensure that the organisation was truly secure and facilitated, rather than impeded, doing business successfully. Industrial and process control systems are inevitably a key part of the organisation s critical business processes and central to the programme of development work. 9

Atkins securing strategic advantage: Atkins has the experience and expertise to help its clients deliver strategic advantage through an holistic approach to security: Atkins has considerable experience of designing and implementing protective security regimes for physical and information assets. We have a depth of understanding of the approach to protecting clients assets including: networks information intellectual property critical infrastructure; and control systems. Accessing information, entertainment and services digitally is now part of daily life, both at home, at work, from schools through to hospitals, from fire brigades to airports, and from offices to the armed services. In delivering our vision to be the best infrastructure company in the world, we pride ourselves on leading global protection of critical assets and business. This encompasses physical and informational property, particularly those which control critical processes. Physical, cyber and personnel security generally remain separate in many organisations. Our holistic security offering enables you to get a better understanding of overall organisational security risks by applying converged governance and risk management across all assets. We deliver high quality security consultancy services to clients across a wide range of capabilities and sectors. Our consultants are ready to help. For information on how Atkins can help guide you through the challenges of delivering effective security in your organisation please contact us via 10 holistic@atkinsglobal.com

Our capability encompasses: Physical security Cyber Security Industrial and Process Control Cyber Security Behavioural security Identity Assurance Business Continuity We bring all these capabilities together in an innovative holistic security approach. Our sector coverage includes: Critical national infrastructure Public sector Oil and Gas Defence and Intelligence In combination with our programme and security risk management expertise, this approach ensures better protection for assets, staff and information; your critical business enablers. Atkins engineers work with clients ensuring their information communications systems add value to our clients security projects. 11

Cyber Supplier to UK Government Andrew Cooke Business Development Director Security Atkins 11th/12th Floors Eagle Tower Montpellier, Drive Cheltenham Gloucestershire, GL50 1TA England T: +44 1242 54 6259 F: +44 1242 54 6246 M: +44 7803 25 9666 E: andrew.cooke@atkinsglobal.com Ian Buffey Technical Director Security Atkins 11th/12th Floors Eagle Tower Montpellier, Drive Cheltenham Gloucestershire,GL50 1TA England M: +44 7812 31 8463 F: +44 1242 54 6246 E: ian.buffey@atkinsglobal.com Atkins Security Woodcote Grove Ashley Road Epsom Surrey KT18 5BW www.atkinsglobal.com/security mailto:holistic@atkinsglobal.com Atkins Limited except where stated otherwise. The Atkins logo, Carbon Critical Design and the strapline Plan Design Enable are trademarks of Atkins Limited.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback