Allignment of CIIP Structures
0 likes389 views
The document discusses conclusions and recommendations from several projects and structures related to critical infrastructure protection. It recommends that attack and defense structures must be aligned through public-private partnerships and global cooperation. It also recommends developing common metrics and methods to assess risks, and holding common exercises on transnational scales. Finally, it concludes that global standards and processes are urgently needed to address global cybersecurity challenges.
![Initial Workshop: Background Workshop March 16/17 in Frankfurt, Germany Many Topics: Payment, Settlement, Stocks, BCM/DRP, Identity, Rating … Participants: ca. 70% executives and experts from CFI, ca. 30% academic and research Stakeholder Group Parsifal 100 experts from very senior to topic experts Market specific challenges: Identified by Parsifal / Break out group topics: Group 1: Controlling Instant On Demand Business in CFI: Authentication, Identity Management, Resilience and Denial of Service Group 2: Entitlement Management and Securing Content in the Perimeterless Financial Environment: Identity, Policy, Privacy and Audit [ 1,2 ] Identity is a s a new currency, it is absolutely essential Group 3: Business Continuity and Control in an Interconnected and Interdependent Service Landscape: Compliance, Protecting Critical Processes Description of status on international FI - Operational: Strong activities on BCM, Dependability, (Inter-)Dependencies probably not sufficient ready for new and upcoming issues - Regulation: T o o o o strong activities on regulation: Risk of conformity in risk evaluation - Strategic & Research: ???????? (not sufficiently provided)](https://image.slidesharecdn.com/allignment-of-ciip-structures2928/85/Allignment-of-CIIP-Structures-4-320.jpg)
Allignment of CIIP Structures
- 1. Allignment of CIIP Structures Bernhard M. Hämmerli President Swiss Informatics Society & Acris GmbH May 31 Davos
- 2. Overall Conclusions and Recommendations Content: Parsifal Project Attack and Defence Structure Centre for European Policy Studies CEPS Taskforce Preparedness and Reaction Structure Conclusions are taken for each part separately
- 3. Overall Conclusions and Recommendations Before Parsifal: Thematic Workshop September 2007 About Parsifal: P rotection a nd T r u s t i n F inanci al Infrastructure Type Co-ordination Action, Duration 18 Month, Start September 1, 2008 Related Projects: Comifin (Strep), Think Trust Advisory Board, RISEPTIS . 5 Partner: Atos Origin SAE (Spain), Avoco Secure LTD (UK), @bc (Germany) EDGE International BV (The Netherlands), Waterford Institute of Technology (Ireland), Acris GmbH (Switzerland) Parsifal Project objectives Bringing together CFI and TSD research stakeholders in order to establish and nurture relationships between the financial sector stakeholders and the ICT TSD RTD communities Contributing to the understanding of CFI challenges Developing longer term visions, research roadmaps, CFI scenarios and best practice guides Co-ordinating the relevant research work, knowledge and experiences.
- 4. Initial Workshop: Background Workshop March 16/17 in Frankfurt, Germany Many Topics: Payment, Settlement, Stocks, BCM/DRP, Identity, Rating … Participants: ca. 70% executives and experts from CFI, ca. 30% academic and research Stakeholder Group Parsifal 100 experts from very senior to topic experts Market specific challenges: Identified by Parsifal / Break out group topics: Group 1: Controlling Instant On Demand Business in CFI: Authentication, Identity Management, Resilience and Denial of Service Group 2: Entitlement Management and Securing Content in the Perimeterless Financial Environment: Identity, Policy, Privacy and Audit [ 1,2 ] Identity is a s a new currency, it is absolutely essential Group 3: Business Continuity and Control in an Interconnected and Interdependent Service Landscape: Compliance, Protecting Critical Processes Description of status on international FI - Operational: Strong activities on BCM, Dependability, (Inter-)Dependencies probably not sufficient ready for new and upcoming issues - Regulation: T o o o o strong activities on regulation: Risk of conformity in risk evaluation - Strategic & Research: ???????? (not sufficiently provided)
- 5. Conclusions on Structures Attack and Defence Structure (Mapping Scenarios and Challenges) Need to align the structure, known means Public Private Partnership integrated in a global context
- 6. 5. Business Continuity and Control in an Interconnected and Interdependent Service Landscape. Recommendation 7/8 Design and implementation of secure platforms and applications Secure platforms and backup platforms, including new levels of virtualized worlds Secure applications (including legacy): design, implementation and operation Application performance auditing: Application foot-printing Alternate secure communication channel (vs. virtualization) Data centre dependencies analysis Establishment of adequate and well networked coordination response teams
- 7. 5. Business Continuity and Control in an Interconnected and Interdependent Service Landscape. Recommendation 8/8 Model Definition Testing, design and implementation of secure platform, applications and infrastructure (including simulation) through trustworthy exercises between CIP Sector and government s Extensions of BCM and DRP Models including regular tests and evaluations and simulation The extensions are amongst others: - risk sharing models - end-to-end communication models; end point security - modelling complexity and volume of transaction in a reasonable way
- 8. Overall Conclusions and Recommendations Conclusions Parsifal Project Attack and Defence Structure must be aligned through Public Private Partnership, global cooperation and regulation as well inter corporation collaboration (main business competition, security is in spite of this a collaboration domain) Common metrics and method to assess risks and common exercises on supra national, i.e. Regional continental and global scale are required Global agreement on standards and process to face a global challenges (Airtraffic, Climate Change) are urgently needed
- 9. CEPS I Goals Defining policy options on CIP Shaping a public-private partnership: opportunities and challenges. CI and CII: a Transatlantic perspective Risk assessment and CIP and CIIP-related issues in EU policy making Increase Preparedness and Reaction Structure
- 10. CEPS II About the taskforce Selected early outcome Preparedness: 27 EU member states need attention of supplier Reaction: 27 EU member states need attention of supplier Not possible to finance for suppliers: An organized preparedness and reaction structure must be developed Define CIIP exposure metrics and risk assessment which are internationally agreed on Incidents are not national or regional, but global. Global entities (as e.g. In air traffic IATA ) are needed to counter fight the global challenge