Role of the CPNIThe Centre for the Protection of National Infrastructure is therecognised UK government authority for protective securityadvice to the National Infrastructure.It protects national security through:• Minimising risk to the National Infrastructure; by• Delivering authoritative advice; to• Reduce the vulnerability of the National Infrastructure to terrorist and other threats.
The N iTh National Infrastructure (NI): lI f (NI) Telecommunications Energy E Finance Government & Public Services Water Health Emergency Services Transport FoodDeliveringD li i essential services to ti l i tthe citizenNot everything is criticalEach sector is different
Protecting the NI: Our Strategic Approach•Impact driven•Vulnerability focused•Threat informed•Under pinned by: p y Tripartite Relationship International angle Research and Technology Programme
TheTh Old Approach to Criticality A h t C iti lit•‘CNI’ means different things to different people.•Only ‘catalogue’ was f EKP (S O l ‘ t l ’ for EKPs (Supers, 1 2 ) 1s, 2s).•Focus on the site, not the service.•Old fashioned language. language•EKPs did not cover critical networks & systems.•Criteria different across sectors.•Insufficient account taken of non-’critical’ infrastructure.
Updating the Meaning of C iti lit U d ti th M i f Criticality•Focus on delivery of ‘critical services’, includinginformation infrastructure infrastructure.•Scale from 5 (most critical) down to 0.•Cat 5 = Supers; Cat 4 = EKP 1s; etc.•Common approach for sites and critical networks.•Categories 3 – 5 likely to represent ‘critical’ nationalinfrastructure.•Foundation for prioritisation of advice and resources.
Criticality Scales Definition Example 5 Catastrophic Loss of > 20% of national gas supply for > 24 hours 4 Severe Loss of electricity for > 1m consumers for > 18 hours 3 Substantial Loss of water for > 100k consumers > 3 days 2 Significant Disruption to payment settlement systems for up to 12 hours 1 Moderate Local disruption to emergency services p g y 0 Minor
Criticality sc cale 1 2 3 4 5 Communic cations Emer rgency Se ervices E Energy Fi inance FoodNI Sectors Gover rnment Health Criticality Scale Tran nsport Water Th Critical Threshold h ld
CPNI Knowledge Development Integrated advice… PHYSICAL SECURITY …to reduce INFORMATION vulnerability in y SECURITY the national infrastructure PERSONNEL SECURITY & BEHAVIOURAL ASSESSMENT
Advice D li Ad i DeliveryExternal Inputs Processes Outputs Outcomesfactors Contest C t t2 Prioritisation f P i iti ti of Focused F d Reduced R d dTerrorism resources consultancy vulnerability in National Risk CNIEspionage Assessment Advice delivery Better plans products & Shaped IA Strategy services environment CNI Self Knowledge: assessment Better skilled •Threats advisers Requirement •Sectors setting Performance management •Technology R&D Programme •People Training •Criticalities Information •Vulnerabilities sharing
Information Exchanges Transport Sector Pharmaceuticals Industry 28 Representatives 12 Representatives 18 Companies 7 Companies Managed Service Providers Finance Sector 36 Representatives 54 Representatives 23 Companies 34 Companies TSIE PIIE MSPIE FSIE Northern Ireland Aerospace/Defence Crossover 32 Representatives 26 Representatives NIXIE CPNI ADMIE 17 Companies 14 Companies Information SCADA Exchanges SCSIE 77 Representatives Space Industries SPIIE 37 Companies 10 Representatives 7 Companies WSIE NSIE Water S W t Security it VIE SRIE VSIE 40 Representatives Network Security 27 Representatives 18 Companies 15 Companies Security Researchers Vendor S V d Security i12 Exchanges 23 Representatives 30 Representatives 15 Companies 15 Companies220 Companies
Building Trust•Flourishes i small groups with th same members. It i Fl i h in ll ith the b ispersonal.•Start small and grow – you can’t easily shrink a group.•Trust and value grow together but needs investment andan understanding of incentives.•Regular face to face contact works best Other options best.are teleconferences and “meetings outside of meetings”. Trust will only develop if all members contribute.