Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Auke Huistra - PPP in The Netherlands and Europe
Auke Huistra - PPP in The Netherlands and Europe
Complications
Main question
Answer
Build and facilitate a (inter)national Public Private network based on: Trust and Value Create the Cybercrime Information Exchange (with sectoral ISACs) Use clear membership guidelines (incl TLP) Sector is in the lead (chair of the ISAC is from industry)
E-SCSIE - members
Users
Government
GOVCERT.CH Melani (CH) BSI (D) PET (DK) CERT Hungary NorCERT (N) NoNSA (N) GOVCERT.NL CPNI.NL MSB (Se) CPNI (UK), ANSSI/COSSI (F) CERT-FI (Fi) ENISA (EU)
R&D
EDF (F) CERN (CH) Electrabel (B) Laborolec (B) Verbund-Austrian Power Grid AG (A) SwissGrid (CH) Italian Association of CI Experts (I) GCSEC (I) Shell (NL)
JRC (EU)
Aim is for European industry, government, and research to benefit from the ability to collaborate on a range of common issues, and to focus effort and share resource where appropriate. Main focus is Information Sharing The outcome would be a raised level of protection adopted across Europes SCADA and Control Systems (SCADA/CS)
10
E-SCSIE - Topics
Sharing of incidents and good practices Questionnaire on Control System Cyber-Security (aimed at
vendors) 2008/2009 Standards and requirements (e.g. WIB Process Control Domain Security Requirements for Vendors) Self Assessment tools (like the one from CPNI UK) Smart Grids (e.g. Smart Grid Conference in Baarn - 2010)
11
12
13
Stakeholders
Industry
VNO/NCW CIO Platform Nederland WIB Industry organisations
Government
Responsible departments /inspections KLPD AIVD GOVCERT.NL
Commercial Entities
system vendors & integrators component suppliers 3rd party / outsourcing IT and Telecom providers
14
WIB Vendor Requirements and Achilles certification program - working together with WIB and ISACs on this - becoming IEC standard soon!
Benchmark PCS Security Energy-ISAC, Water-ISAC and Nuclear-ISAC Factsheets by GOVCERT.NL (e.g. on Stuxnet) Sharing of open source information (dissemination through LinkedIn, Twitter and website www.cpni.nl) Brochure management: Process Control Security in the Cybercrime IE
| September 16, 2011
15
White papers
Development of serious game High level session CEO/CIO (together with Dept. of Security & Justice) Standards (following ISA and IEC) / Auditing (also with big-4) Events Training & Education activities
16 | September 16, 2011
17 van 11
Cyber-TEC
A not-for-profit European Public Private Partnership on cyber security for critical infrastructures
Initial focus: smart grids and process control, to be extended to other critical infrastructures
17
18
Cyber-TEC
Situation
Electricity and ICT are of fundamental importance for our society Society becomes more and more vulnerable to disruption or misuse of ICT-infrastructures The Netherlands as one of the first countries in Europe just released a Cyber Security Strategy The Netherlands is already a respected participant in Europe on smart grids data privacy and cyber security Uninterrupted services and black start capabilities are required for our critical infrastructures The growing dependency of the critical infrastructures on ICT makes cyber security increasingly important Europe is investigating how to organize cyber security competences right now (Cyber) security awareness on CEO/CIO level is lagging behind No testing- and training facilities in Europe available, as there are in US and Israel No integral approach yet with focus on Personnel, Physical and Technical measures Especially in energy infrastructures rapid increase in dependency on ICT is making cyber security important
Complications
Message
Cyber-TEC wants to take a leading role in Europe on cyber security of Critical (Information) Infrastructures by bundling knowledge and know how through one organization
18
18
Cyber-TEC will link a unique set of actors in the field of cyber security
19
19
Cyber-TEC Opportunities
We have a unique opportunity to connect initiatives
Between Dutch, EU and Worldwide institutes in the field of Cyber Security Between Private and Public stakeholders Between end-users and vendors Between critical infrastructure, research institutions and academia Between sectors dealing with cyber security
20
20
Cyber-TEC profile
Cyber-TEC will develop into the European Cyber Security Research and Technology Centre. Initial focus area is security (and privacy) of Smart Grids and Process Control Domain.
Cyber-TEC offers: 1. World class education and training (including DHS/INL in the US):
Red Team Blue Team training Education of top management (CEO/CIO level) / process engineers / (risk) managers / (information) security professionals
2. R&D facilities:
Innovation Simulation
3. Test facilities:
Product testing Product evaluation
21
21
Red teaming
Testlabs
R&D
Fact finding
Recent insights Demonstration
Mitigation strategies
Test bed
I&KS Networking
Awareness raising
E&T
Web-based training Dissemination
22
22
23
23
Roadmap
Revenue: m Capex m FCF: m FTE: 4.7 1.9 m 3.3 m 83
Value
-3.4
42
Perform business case Establish relationships Establish work processes Set cybersecurity standards Develop and market product and services Improve work processes (K&I , E&T, R&D) Focus on Smart grids / PCS priv./public sector Establish work processes Market development EU expansion X-sectoral upscaling Expand portfolio
Market and product development Establish processes for new products / services Industry standard leader
Horizon 1
Horizon 2
Execution of R&D-projects
Test bed operational Launch product & services Obtain funding Cross sectoral Organisation in place Go/NoGo in December2011 upscaling
Cyber-TEC profitable
Financing, marketing & communication plan Program Management Market Research Finalize Business Plan
Globalization by alliances
24
Q3/4Q1/2 Q3 Q4 Q1 Q2 Q3 Q4 2011 12 13 24
Q1 Q2 Q3 Q4 14
Q1 Q2 Q3 Q4 15/16
Horizon 3
Financial consequences
5.5
15 m 2.2 m 0,2 m 76
34
Financials
Principal considerations / questions / conclusions Make impact in EU, with Grow as you go concept
Private/Public division in revenues 60/40 in 2012 => 80/20 in 2016.
Note: Figures are subject to further market research and business planning (available December 2011)
25
25
Next Steps
We believe in the idea and market for Cyber TEC We have done a fair amount of work to get where we are today Cyber-TEC will be a good practice in the EU-US working group on Cyber Security An activity plan has been worked out, next steps needed are a.o.
Perform market research: Assess need customers and size of market Spread the word: Find partners/members on a European level for Cyber-TEC
Finalizing the business plan (financial, legal, marketing, organisation, statues etc.)
Assess potential for (co)financing Branding
Working towards a go/no go decision to start with Cyber-TEC in December 2011, for that we deliver
A European market research report A launching plan (project plan) for the start-up of work streams. Agreements and commitments from the partners A financial plan
26
26
Founding partners:
27
27
In samenwerking met