|

PPP in the Netherlands and Europe

Barcelona, September 16, 2011

2 | September 16, 2011

Cybercrime IE (NL) / EuroSCSIE (EU)

Why is action needed?

Situation ICT is of fundamental importance for our society Society becomes more and more vulnerable for disruption or misuse of ICT-infrastructures Recent incidents: Stuxnet, Night Dragon, RSA, DDoS-attacks Most critical infrastructures or owned by private sector Private sector has its own responsibility, voluntary partnerships Not enough information exchange between public and private organisations International problem How can we raise the resilience of critical infrastructure against cyber disturbance?

Complications

Main question

Answer

Build and facilitate a (inter)national Public Private network based on: Trust and Value Create the Cybercrime Information Exchange (with sectoral ISACs) Use clear membership guidelines (incl TLP) Sector is in the lead (chair of the ISAC is from industry)

| September 16, 2011

Cybercrime Information Exchange

Point of departure is that companies themselves will only take effective measures if they have access to the right information and are able to make accurate risk assessments. By sharing information intensively about incidents, threats, vulnerabilities and good practices , the participants can prevent incidents themselves. This will safeguard the Dutch economy as a whole and the continuity of the individual organisations at the same time.
| September 16, 2011

Information Sharing: Trust Value

First the social network (meeting face-to-face) then a technical infrastructure to support this!

| September 16, 2011

 Information Sharing on a European and International level

E-SCSIE European FI-ISAC ENISA as a facilitating partner on a European level International: Meridian (annual CIIP conference) MPCSIE
7 | September 16, 2011

E-SCSIE - members
Users

Government
GOVCERT.CH Melani (CH) BSI (D) PET (DK) CERT Hungary NorCERT (N) NoNSA (N) GOVCERT.NL CPNI.NL MSB (Se) CPNI (UK), ANSSI/COSSI (F) CERT-FI (Fi) ENISA (EU)

R&D

EDF (F) CERN (CH) Electrabel (B) Laborolec (B) Verbund-Austrian Power Grid AG (A) SwissGrid (CH) Italian Association of CI Experts (I) GCSEC (I) Shell (NL)

JRC (EU)

| September 16, 2011

E-SCSIE - Terms of Reference

Started on 20 June 2005

Aim is for European industry, government, and research to benefit from the ability to collaborate on a range of common issues, and to focus effort and share resource where appropriate. Main focus is Information Sharing The outcome would be a raised level of protection adopted across Europes SCADA and Control Systems (SCADA/CS)

| September 16, 2011

E-SCSIE - Information Sharing

The following are examples of what each member should share at E-SCSIE meetings: Report events or incidents that have affected SCADA and Control Systems; Report warnings about vulnerabilities in SCADA and Control System products; Give advice as to how these vulnerabilities and, or incidents were addressed; Exchange experience on good practice (amongst which policies) used to mitigate SCADA and Control System security issues

10

| September 16, 2011

E-SCSIE - Topics
Sharing of incidents and good practices Questionnaire on Control System Cyber-Security (aimed at
vendors) 2008/2009 Standards and requirements (e.g. WIB Process Control Domain Security Requirements for Vendors) Self Assessment tools (like the one from CPNI UK) Smart Grids (e.g. Smart Grid Conference in Baarn - 2010)

11

June 21, 2011

National Roadmap to Secure Process Control Systems

12

National Roadmap to Secure Process Control Systems

Phase 1 (2010 - 2014)
WP1: Awareness en knowledge dissemination WP2: Building the network WP3: Training & education WP4: Knowledge development WP5: Red teaming framework WP6: International network WP7: Plan for Phase 2

13

| September 16, 2011

Stakeholders

Industry
VNO/NCW CIO Platform Nederland WIB Industry organisations

SOVI NAVI NICC

Research & Knowledge

TNO, KEMA universities Education & training NEN

Government
Responsible departments /inspections KLPD AIVD GOVCERT.NL

Asset owners & CI operators

Commercial Entities
system vendors & integrators component suppliers 3rd party / outsourcing IT and Telecom providers

-Government as PCS user - I&M, DEF, JUS.. - municipalities - etc.

14

| September 16, 2011

National Roadmap to Secure Process Control Systems

DONE (amongst others):

Several PCS-events last year (different topics like risk assessment,

Stuxnet deepdive, smart grids etc.)

PCS-vendors-ISAC (with ABB, Invensys, Honeywell, Emerson and

Siemens) - 4 meetings per year

WIB Vendor Requirements and Achilles certification program - working together with WIB and ISACs on this - becoming IEC standard soon!
Benchmark PCS Security Energy-ISAC, Water-ISAC and Nuclear-ISAC Factsheets by GOVCERT.NL (e.g. on Stuxnet) Sharing of open source information (dissemination through LinkedIn, Twitter and website www.cpni.nl) Brochure management: Process Control Security in the Cybercrime IE
| September 16, 2011

15

National Roadmap to Secure Process Control Systems

PLANNED (amongst others):

White papers

Cyber Threat landscape ICS - next month

How to deal with legacy

How to deal with removable media in PCD Gap analysis Training & Education

Development of serious game High level session CEO/CIO (together with Dept. of Security & Justice) Standards (following ISA and IEC) / Auditing (also with big-4) Events Training & Education activities
16 | September 16, 2011

17 van 11

Cyber-TEC
A not-for-profit European Public Private Partnership on cyber security for critical infrastructures
Initial focus: smart grids and process control, to be extended to other critical infrastructures

17

18

Cyber-TEC
Situation
Electricity and ICT are of fundamental importance for our society Society becomes more and more vulnerable to disruption or misuse of ICT-infrastructures The Netherlands as one of the first countries in Europe just released a Cyber Security Strategy The Netherlands is already a respected participant in Europe on smart grids data privacy and cyber security Uninterrupted services and black start capabilities are required for our critical infrastructures The growing dependency of the critical infrastructures on ICT makes cyber security increasingly important Europe is investigating how to organize cyber security competences right now (Cyber) security awareness on CEO/CIO level is lagging behind No testing- and training facilities in Europe available, as there are in US and Israel No integral approach yet with focus on Personnel, Physical and Technical measures Especially in energy infrastructures rapid increase in dependency on ICT is making cyber security important

Complications

Message

Cyber-TEC wants to take a leading role in Europe on cyber security of Critical (Information) Infrastructures by bundling knowledge and know how through one organization

18

18

Cyber-TEC will link a unique set of actors in the field of cyber security

Cyber-TEC will provide a trusted environment

Cyber-TECs Private Public Partnership will create new dynamics

19

19

Cyber-TEC Opportunities
We have a unique opportunity to connect initiatives
Between Dutch, EU and Worldwide institutes in the field of Cyber Security Between Private and Public stakeholders Between end-users and vendors Between critical infrastructure, research institutions and academia Between sectors dealing with cyber security

We have a unique opportunity to provide new input by:

research and testing cyber security Help creating standards adding to cyber security in the NL, EU and World By adding a program to raise cyber security awareness at management level Due to the Private Public Partnership we are able to respond quickly to the rapid developments in the field of cyber security and spread this knowledge to other organizations, but also stimulate short- and longtime research.

20

20

Cyber-TEC profile
Cyber-TEC will develop into the European Cyber Security Research and Technology Centre. Initial focus area is security (and privacy) of Smart Grids and Process Control Domain.

Cyber-TEC offers: 1. World class education and training (including DHS/INL in the US):
Red Team Blue Team training Education of top management (CEO/CIO level) / process engineers / (risk) managers / (information) security professionals

European sectors to include after energy:

Water supply Chemicals and oil Food Telecom / ICT Transport Defense Governments Others

2. R&D facilities:
Innovation Simulation

3. Test facilities:
Product testing Product evaluation

4. Development & Sharing of information and knowledge:

Cross sector open innovation Public private partnerships National and international coordination

21

21

Cyber-TEC reinforcing activities

Trusted community Mitigation strategies Input for standardisation

Red teaming

Testlabs

R&D
Fact finding
Recent insights Demonstration

Mitigation strategies

Test bed

Recommendations Latest vulnerabilities

Open source intelligence (C-level) conferences

C-level training course Hands-on and classical training

I&KS Networking
Awareness raising

Information Exchange Dissemination Catalyst

E&T
Web-based training Dissemination

Network of people and organizations

22

22

Cyber-TECs Private Public Partnership guarantees high impact

Cyber-TEC follows the seeing is believing principle

Cyber-TEC will be a leading institute based on open collaboration

23

23

Roadmap
Revenue: m Capex m FCF: m FTE: 4.7 1.9 m 3.3 m 83

Value

-3.4

42
Perform business case Establish relationships Establish work processes Set cybersecurity standards Develop and market product and services Improve work processes (K&I , E&T, R&D) Focus on Smart grids / PCS priv./public sector Establish work processes Market development EU expansion X-sectoral upscaling Expand portfolio

Market and product development Establish processes for new products / services Industry standard leader

Horizon 1

Horizon 2

Execution of R&D-projects

Test bed operational Launch product & services Obtain funding Cross sectoral Organisation in place Go/NoGo in December2011 upscaling

Cyber-TEC profitable

Financing, marketing & communication plan Program Management Market Research Finalize Business Plan

Globalization by alliances

24

Q3/4Q1/2 Q3 Q4 Q1 Q2 Q3 Q4 2011 12 13 24

Q1 Q2 Q3 Q4 14

Q1 Q2 Q3 Q4 15/16

Main programmes or Initiatives

Launch new products & services Extension of R&D-portfolio

Horizon 3

Effect on main operationa ddrivers

Draft & Preliminary

Financial consequences

5.5

Revenue: Capex FCF FTE

15 m 2.2 m 0,2 m 76

Revenue: m Capex FCF FTE

34

Revenue: 40 m Capex 1.9 m FCF 5.1/6.3mln FTE 87/91

Financials

Principal considerations / questions / conclusions Make impact in EU, with Grow as you go concept
Private/Public division in revenues 60/40 in 2012 => 80/20 in 2016.
Note: Figures are subject to further market research and business planning (available December 2011)

25

25

Next Steps

We believe in the idea and market for Cyber TEC We have done a fair amount of work to get where we are today Cyber-TEC will be a good practice in the EU-US working group on Cyber Security An activity plan has been worked out, next steps needed are a.o.
Perform market research: Assess need customers and size of market Spread the word: Find partners/members on a European level for Cyber-TEC

Finalizing the business plan (financial, legal, marketing, organisation, statues etc.)
Assess potential for (co)financing Branding

Working towards a go/no go decision to start with Cyber-TEC in December 2011, for that we deliver
A European market research report A launching plan (project plan) for the start-up of work streams. Agreements and commitments from the partners A financial plan

26

26

Founding partners:

For more information, please contact:

Bram Reinders | Alliander and Netbeheer NL bram.reinders@alliander.com +31 6 29 58 79 42 Annemarie Zielstra | CPNI.NL annemarie.zielstra@cpni.nl +31 6 12 99 28 83

27

27

Auke Huistra Projectmanager CPNI.NL Cybercrime IE Roadmap to Secure PCS

M: +31 6 21479272 E: auke.huistra@cpni.nl I: www.cpni.nl

In samenwerking met