Peter Burnett

1
National Infrastructure Security Co-ordination
Centre
Peter Burnett Head of Information Sharing
www.niscc.gov.uk
2
Home Secretary 1999

• working with the private sectorto ensure
  adequate standards of protection for the key
  systems falling within the critical national
  infrastructure
• raising awareness and standards of information
  security more generally in the private sector
• developing a dialogue with international partners
• I have established the NISCC to act as a point of
  contact for those involved in this work in both
  government and the private sector.

3
What is NISCC?

• NISCC is an interdepartmental centre which
  co-ordinates activity in support of this aim
  across a range of organisations. Each of these
  contributes resources and expertise to NISCCs
  programme of work according to its own remit, its
  own priorities, in relation to the challenge in
  hand, and depending on what value it can add.

4
an Interdepartmental Centre
5
What is the CNI?

• Those parts of the United Kingdoms
  infrastructure for which continuity is so
  important to national life that loss, significant
  interruption or degradation of service would have
  life-threatening, serious economic or other grave
  social consequences for the community, or would
  otherwise be of immediate concern to the
  Government.
• NISCCs aim is to minimise the risk to the
  critical national infrastructure from electronic
  attack.

6
The CNI Sectors

• Telecommunications
• Energy
• Finance
• Central Government
• Water and Sewerage
• Health Services
• Emergency Services
• Transport
• Hazards
• Food

7
INFORMATION SHARING
8
Strategic Objectives
NISCC Information Sharing

• Increase IT Security Awareness, Education
• Healthier e-environment (reduce Viruses, Worms,
  Trojans, DDoS etc)
• Provide useful and timely warnings
• Gather IT security incident reports
• Crime reports (only with consent)
• Statistics, Trends, Threat assessment
• Attack detection

9
Information Sharing

• UK CERTs forum
• Encouraging new CERTs in UK
• Encouraging Information Sharing Bodies
• Reporting System (NHTCU/NISCC)
• National Warning System
• Partnership arrangements
• Symantec, Microsoft
• Conceive establish Information Exchanges
• Finance, Telecomms, SCADA, MSPs
• Conceive promote WARPs
• Warning, Advice Reporting Points

10
The WARP model
WARP
e-COMMUNITY
Local authority, trade association, interest
group, industry sector
11
The WARP Model - Functions
NISCC Information Sharing

• Issue Warnings to its community
• Provide Advice on Internet problems share Good
  Practice amongst members
• Gather, sanitise, and share Incident Reports

12
WARP for London Boroughs (www.lcwarp.org)
13
The WARP TOOLBOX

• Toolbox
• Filtered Warning Alerting System (FWAS)
• Tick-List Software
• Good Practice Advice Brokering Service (GPABS)
• Bulletin Board
• Reporting and Trusted Sharing Service (RTSS)
• Business Cases
• Security Policy
• Commercial sponsorship
• Independent Study

14
A Shared Solution
WARP
WARP
Incident Reports Good Practice Solutions Skills
e-COMMUNITY
e-COMMUNITY
Experience, Expertise, Solutions
15
Kent Gets its Own WARP
16
Thank You for listening patiently
17
Contact me on 020 7821 1330ext
4508peterb_at_niscc.gov.uk
QUESTIONS ?