NISCC WARP WORKSHOP

1
NISCC WARP WORKSHOP WARPs IN CENTRAL GOVERNMENT
2
Advertisement

• The WARP process is great for an open
  environment where classification is not a
  problem.

• What if my problem is sensitive to
• my Department?

• How do I benefit from the WARP structure
• when the information Im interested in is
• protectively marked above RESTRICTED?

3
Advertisement

• Well show you how one Government department has
  approached the problem (MOD).

• Well discuss how this approach could be
• modified to both large and small
• departments.

• Well have a discussion forum to hear your
• views and try to assist you with your problem
• areas.

4
Advertisement

• All in..
• 1 hour
• and
• 10 minutes

However, we know the real reason youll come to
our workshop is..
5
Why come to our workshop?

• Were interesting.

• Were funny.

• Were great guys

• And.we have sweets!

.so thatll be the workshop on WARPS in
Central Government with Andrew and Ian
6
NISCC WARP WORKSHOP WARPs IN CENTRAL GOVERNMENT
7
Workshop Overview

• Introduction
• MOD Alert Warning and Response Infrastructure
• MOD Approach to WARPs
• What should a Government WARP do?
• NISCC Approach to Government WARPs
• Open Forum

8
RELATIONSHIP BETWEEN WARPS, MRCs, SPs and SOAs
OGD WARPs e.g. FCO
Public Sector WARPs e.g. Kent CC
Private Sector WARPs
Tier 0
NISCC National Infrastructure Security
Co-ordination Centre
DCBMJ6
JSYCC Primary WARP
Tier 1
Top Level Budget WARPs e.g. Fleet / Land /
STC PJHQ
Trading Fund WARPs e.g. AWE / HO / MO DARA
DCIRT Primary MRC
Service Provider Interface e.g. Fujitsu / BT /EDS
Tier 2
SUB WARPS e.g. PJHQ deployed
SUB MRCs Sub Monitoring and Reporting
Centres e.g.DSTL
Tier 3
UNITS / FORMATIONS e.g. HMS X / RAF Y
SPs
MRCs
WARPs
9
RELATIONSHIP BETWEEN WARPS, MRCs, SPs and SOAs
Tier 1
JSYCC Primary WARP
WARPs
SPs
MRCs
Service Provider Interface / GOSCC
Service Operating Authority Interface / WARP
Top Level Budget WARPs e.g. Fleet / Land /
STC PJHQ
Trading Fund WARPs e.g. AWE / HO / MO DARA
DCIRT Primary MRC
Tier 2
SUB MRCs Sub Monitoring and Reporting
Centres e.g.DII
SUB WARPS e.g. PJHQ deployed
Tier 3
Service Provider IPT e.g. DFN
Service Provider IPT
Single Point of Contact (SPOC)
UNITS / FORMATIONS e.g. HMS X / RAF Y
Service Provider
Service Provider e.g. Fujitsue, BT
10
Organisation of MOD WARPs

• Top Level Budget (TLB) WARPs
• e.g. Navy, Army, Air Force
• Characteristics
• Large number of users
• Sub-WARPs
• Small but permanent staff
• Trading Fund WARPs
• e.g. Met Office, Hydro Office, ABRO, DARA.
• Characteristics
• Small number of users
• Singleton / often part-time/ITSO

11
UPWARD INFOFLOW (TIER 3 TO 1) BETWEEN WARPS, SPs
and SOAs
JSYCC Primary WARP
Tier 1
Top Level Budget WARPs e.g. Fleet / Land /
STC PJHQ
Service Provider Interface / GOSCC
Service Operating Authority Interface / WARP
DCIRT Primary MRC
Tier 2
Service Provider e.g. Fujitsue, BT
Tier 3
Service Provider / Helpdesk for non-DII
Single Point of Contact (SPOC) for DII
SUB WARPS e.g. PJHQ deployed
USER IN UNITS / FORMATIONS e.g. HMS X / RAF Y
12
DCSA MANAGED AND STAFFED NETWORKS
JSYCC Primary WARP
Tier 1
ALL
Top Level Budget WARPs e.g. Fleet / Land /
STC PJHQ
DCIRT Primary MRC
GOSCC Service Provider Interface
CND ONLY
Tier 2
SERVICE OPERATING AUTHORITY (IPT FUNCTION) e.g.
DCSA DII IPT
SERVICE PROVIDER e.g. FUJITSU
SINGLE POINT OF CONTACT (SPOC)
USER
ITSO
13
CANNEL MOD CIS Alert State
General or Specific DirectedAttack
RED
AMBER
Increased Risk of Compromise
Normal Background Activity
BLACK
14
CND Risk Management
RECOVER
ELECTRONIC ATTACK
REACT
15

Requirements for MOD WARPs (1)

• WARPs act with the authority of the PSyA for all
  InfoSy matters and ultimately with the full
  authority of the DSO.
• WARP staffs must be capable of briefing both
  their command chain and the JSyCC on the
  implications and effects on their FLC/TLB/TF or
  Agency of the alerts that they are providing.
• They must have knowledge of any systems and
  applications used within their command to conduct
  business and/or operations.
• They must also have a sufficient understanding of
  the network architecture, service provision and
  information flows of the networks, which process
  information, to be capable of briefing both their
  command chain and the JSyCC on the implications
  of the warnings they receive.
• WARPs will, therefore, require staff with the
  skills and competences to provide Information
  Security advice to their commands as well as to
  Tier 1 and 3 organisations.

16
Requirements for MOD WARPs (2)

• WARPs are required to act as the focal point for
• The dissemination of changes to the MOD CIS Alert
  State state to their Tier 3 organisations,
  including
• Recognition of the implications for their
  FLC/TLB/TF or Agency that the change of state
  will incur.
• Briefing any significant issues both to their
  chain of command and the JSyCC.
• The reporting of CIS Alerts to the JSyCC, in
  accordance with the instructions and timings laid
  down in MOD Information Security Incident
  Response System , taking due account of the fact
  that CND / CNE alerts must be timely and
  responsive and will require a 24/7 response
  capability, which may be on-call.
• The dissemination of CIS Warnings to their Tier 3
  organisations, in a timely and accurate manner,
  taking due account of the fact that JSyCC Alerts
  relating to serious vulnerabilities may require
  dissemination during out-of working hours, in
  order to be effective.
• The co-ordination of Requests for Information and
  Directives, in accordance with the instructions
  and timings specified.
• The collation of all information relating to an
  incident.

17
Requirements for MOD WARPs(3)

• Liaison with JSyCC on all Information Security
  issues, which may have implications for
• Law Enforcement, including legal and forensic
  issues.
• Counter-Intelligence.
• CND.
• Parliamentary Questions being raised or Briefs
  to Ministers required.
• Press / Media interest.
• WARPs are to recognise that any incident
  involving compromise of Defence information may
  have Law Enforcement and/or Counter-Intelligence
  (LE/CI) issues attached..

18
Requirements for MOD WARPs (4)

• In essence
• A MOD WARP needs to understand the operations and
  business processes of its TLB/TF and be able to
  translate to the chain of command (business
  process owner) the impact of a change in risk
  (brought about by a change in threat or
  vulnerability) on those processes.
• The WARP should also be able to do something
  about the risk even if only to notify the chain
  of command.

19
QUESTIONS?