SlideShare a Scribd company logo

dcb1203CyberNDI

P
Paul Elliott
1 of 1
Download to read offline
1716 MOD DCB :: 19 February 2014 :: Vol 12 No 3 :: www.contracts.mod.uk www.contracts.mod.uk :: Vol 12 No 3 :: 19 February 2014 :: MOD DCB 1716 1716 1716 strategic capability.This was a key driver for MOD to join the DCPP and seek to implement cyber standards as some level of insurance within defence contracts.The Department is doing this to ensure that providers of capability to the MOD are cyber aware and cyber protected. The MOD has to share some sensitive information with industry to enhance its capability.The sharing of classified information obviously presents an element of risk.Some relatively small companies supply incredibly sophisticated technology to the defence programme and will be in receipt of very secure information.With cyber security a growing issue,questions remain around how that information is going to be securely managed from the MOD to prime to supplier. One suggestion is that primes should look at the supply chain and assess,test and indeed help the supply chain to attain an appropriate level of cyber awareness as part of the selection criteria for using suppliers on a programme.The question is:how? Regarding information security,industry and the MOD have a set of shared problems surrounding the ownership of risk,the transfer of risk,the cost implications of managing that risk,and how the issue of cyber protection will be incorporated into contracts.It’s an issue that neither government nor industry alone can solve; the involvement of both parties is needed for the DCPP to be successful.You have to understand what the threats are to set standards and then inform and help the supply chain.As a result three workstreams have been created to address these problems:information management, standards,and the means by which the DCPP can involve the wider supply chain.By 2015 businesses should have a much clearer idea of how and where they will fit into this. Mr Leverett said it comes down to the three‘Cs’:clarity,commitment and communication.This concept was echoed by DCPP member Peter Armstrong,Director of Cyber Security at Thales UK,who said:“The DCPP will focus on the vulnerability that is aggregated by the weaknesses that we know are endemic right across the supply chain,not just at levels below the prime but including the primes.We will have to all embark on the journey,not smaller companies on the primes’ behalf.We all have improvements to make and the DCPP deep focus is in this aggregated low- level risk in the supply chain.” Indeed,as Glenn Attridge,Head ofThreat Management and Cyber Security for Royal Bank of Scotland,stated:“A standalone defence is no defence at all.We absolutely must work together to protect businesses and customers.” Cyber security is also at the top of the UK’s defence exports agenda.Defence exports are an important area for national economic growth and Mr Leverett said international customers are becoming increasingly aware of cyber security as a business imperative.Poor cyber security can cost you business,but one of the messages resonating strongly at Cyber Security 2014 was that strong cyber security on the other hand can win you more business at home and overseas.Who would contract a company that has been proven to be unreliable in its information security? Reliable businesses are successful businesses,and this is true too of cyber security.At the conference businesses were encouraged to make themselves more attractive through good cyber security. One company exhibiting at the event that is taking this message on board and has the ambition to make itself more appealing to contractors through building a strong reputation in cyber security is Newburgh Engineering.Lee Townsend of Newburgh said:“Due to the accreditations that are going to be coming from cyber security,we need to be at the forefront of our supply chain.When you look at big contracts with big companies, we as a supplier want to be at the top of the list and ready with these cyber security measures in place.” So,what is good cyber security? Accepting that you face a real threat from cyber attack is a good start.Collaboration,preparation, briefing,speed of reaction and information- sharing are all key to a strong and successful approach to cyber security.Read the‘Ten Steps to Cyber Security’guidance produced by CESG,the information security arm of GCHQ,the Department for Business, Innovation and Skills (BIS),the CPNI and the Cabinet Office.This guidance has been embraced by the DCPP. There are lots of cyber security products and services available on the market,many provided by innovative SMEs and micro SMEs.What came across loud and clear at Cyber Security 2014 was that taking the threat seriously,and taking action now,is the best policy if you want to be able to meet the standards of cyber security required for securing future defence contracts. 16161616 Cyber Security 2014: a call for clarity, commitment and communication Further Information For more information,visit: www.gov.uk and www.ndi.org.uk nformation is valuable;it always has been.The value of a particular piece of information depends on who and where you are.Whether it concerns military or political intelligence,sensitive business data,intellectual property (IP) or insider knowledge of what the future may hold for a specific commercial organisation or industry sector,information is always deeply desired by someone,somewhere. Cyber security,or information security as it should possibly be called,faces a rapidly evolving threat.National concern about cyber security in the UK is now greater than ever,and with the number of cyber attacks accelerating at an unprecedented rate it is the responsibility of business and government leaders to protect themselves and the nation’s critical networks and supply chains in order to build national resilience and ensure that the UK continues to compete securely in global markets. The varying threats posed by cyber crime – from random automated attacks to sophisticated,targeted strikes – were well outlined at the NDI Cyber Security 2014 Threats & Opportunities conference held earlier this month in Edinburgh.Delegates heard about worms,viruses,script kiddies, frameworks,skilled attackers and Zero Day. The threats are very real and the statistics mentioned at the conference didn’t make for comfortable listening.Ninety three per cent of large corporations and 87 per cent of small businesses have reported a cyber breach in the past year.The cost of a typical cyber security breach is estimated to be between £450,000 and £850,000 for large businesses and between £35,000 and £65,000 for smaller ones.Cyber security in SMEs is generally weak and even larger companies have been found to be vulnerable owing to poor information security.The fallout for businesses could include loss of revenue and loss of reputation – both very damaging. In the Keynote Arena,Dave Stubley,CEO of independent security testing consultancy 7 Elements,set the scene by highlighting that small businesses can be targeted as part of a supply chain.One way of damaging a large company can be to damage a smaller company that it sub-contracts work to and this is one of the problems supply chains face from cyber crime.Mr Stubley cautioned: “We need to accept we can’t be 100 per cent secure.You have to work from the premise that you can become compromised.” Andrew Fitzmaurice,CEO of Templar Executives,a company that delivers information assurance and cyber security for government and commercial organisations, said there needs to be more focus on the ‘insider threat’,referring to high-profile cases such as Bradley Manning.In cases such as Manning,where there was a significant vetting process prior to employment,Mr Fitzmaurice advised there should be management aftercare to ensure the initial vetting remains robust. The general message to firms was that a good cyber security strategy will enhance business,with a holistic approach strongly recommended.Bad cyber security is bad for your business:your reputation is everything. The Ministry of Defence takes cyber security very seriously.Protecting the supply chain is a key issue across industry, particularly in defence which is a larger target than other sectors for cyber criminals. In response,the MOD intends to mandate adoption of a strong cyber defence posture in the MOD supply chain and defence contracts by 2015.This will be piloted throughout 2014 with feasibility testing starting soon. A panel of members of the Defence Cyber Protection Partnership (DCPP) attended the conference to discuss the future of cyber in the industry.The DCPP is a partnership between industry and government seeking to protect the defence industry from cyber attack.The partnership includes the Centre for the Protection of National Infrastructure (CPNI),Government Communications Headquarters (GCHQ),the MOD and nine companies:BAE Systems,BT,Cassidian,CGI, Hewlett Packard,Lockheed Martin,Rolls- Royce,Selex ES and Thales UK.By sharing their experience of operating under the constant threat of sophisticated cyber attack,the DCPP aims to identify and implement actions that have a real impact on the cyber defences of its members and the UK defence sector as a whole.DCPP Chair Vic Leverett said that commitment was needed across the defence industry as a whole to protect the supply chain from cyber attack. There have been examples of potential programme disruption due to smaller companies being targeted as part of a larger supply chain.This could result in reduced capability,as well as significant revenue loss throughout the supply chain.For the MOD, programme disruption and IP theft is a major concern in terms of reduction of I “Poor cyber security can cost you business, but one of the messages resonating strongly at Cyber Security 2014 was that strong cyber security on the other hand can win you more business at home and overseas” >>F E A T U R E The National Security Strategy has categorised cyber attacks as a Tier One threat to UK national security,alongside international terrorism.The threat from cyber attacks is real and growing with terrorists,rogue states and cyber criminals among those targeting computer systems in the UK. MOD DCB features writer Paul Elliott was at NDI’s recent Cyber Security 2014 conference in Edinburgh to find out about the many different facets of cyber security.

Recommended

2019 Hiscox Cyber Readiness Report
2019 Hiscox Cyber Readiness Report2019 Hiscox Cyber Readiness Report
2019 Hiscox Cyber Readiness ReportΔρ. Γιώργος K. Κασάπης
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyberbusinessforward
 
pentesting-and-buzzwords
pentesting-and-buzzwordspentesting-and-buzzwords
pentesting-and-buzzwordsClint Bodungen
 
The Proactive Approach to Cyber Security
The Proactive Approach to Cyber SecurityThe Proactive Approach to Cyber Security
The Proactive Approach to Cyber SecurityNathan Desfontaines
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crimeNathan Desfontaines
 
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Seungjoo Kim
 
The Cellular Business Model 2010
The Cellular Business Model 2010The Cellular Business Model 2010
The Cellular Business Model 2010Steve Garnett, MBA, CSC
 
Cyber
Cyber Cyber
Cyber Alberto Peñaranda Echevarría
 

Recommended

2019 Hiscox Cyber Readiness Report
2019 Hiscox Cyber Readiness Report2019 Hiscox Cyber Readiness Report
2019 Hiscox Cyber Readiness ReportΔρ. Γιώργος K. Κασάπης
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyberbusinessforward
 
pentesting-and-buzzwords
pentesting-and-buzzwordspentesting-and-buzzwords
pentesting-and-buzzwordsClint Bodungen
 
The Proactive Approach to Cyber Security
The Proactive Approach to Cyber SecurityThe Proactive Approach to Cyber Security
The Proactive Approach to Cyber SecurityNathan Desfontaines
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crimeNathan Desfontaines
 
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Seungjoo Kim
 
The Cellular Business Model 2010
The Cellular Business Model 2010The Cellular Business Model 2010
The Cellular Business Model 2010Steve Garnett, MBA, CSC
 
Cyber
Cyber Cyber
Cyber Alberto Peñaranda Echevarría
 
OS17 Brochure
OS17 BrochureOS17 Brochure
OS17 BrochureDominic Vogel
 
The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsJose Lopez
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
symc_annual2001
symc_annual2001symc_annual2001
symc_annual2001finance40
 
Revolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryRevolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryWilliam Beer
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentationwhmillerjr
 
CyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalCyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalRobertPike
 
As telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Henry Draughon
 
Cybersecurity isaca
Cybersecurity isacaCybersecurity isaca
Cybersecurity isacaAntoine Vigneron
 
HOW TO RETALIATE AGAINST CYBER THREATS WITH PAYMENT-OVER-TIME MODELS
HOW TO RETALIATE AGAINST CYBER THREATS WITH PAYMENT-OVER-TIME MODELS HOW TO RETALIATE AGAINST CYBER THREATS WITH PAYMENT-OVER-TIME MODELS
HOW TO RETALIATE AGAINST CYBER THREATS WITH PAYMENT-OVER-TIME MODELS Marie-Neige Roux
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
Uk Security Breach Investigations Report 2010
Uk Security Breach Investigations Report 2010Uk Security Breach Investigations Report 2010
Uk Security Breach Investigations Report 2010Hongyang Wang
 
Étude mondiale d'EY sur la cybersécurité (2018)
Étude mondiale d'EY sur la cybersécurité (2018)Étude mondiale d'EY sur la cybersécurité (2018)
Étude mondiale d'EY sur la cybersécurité (2018)Paperjam_redaction
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber InsuranceJohn Ryan
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!topseowebmaster
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
NEBOSH
NEBOSHNEBOSH
NEBOSHMatthew Phillips
 
Chefs d’œuvre
Chefs d’œuvreChefs d’œuvre
Chefs d’œuvrepaladinhfg
 

More Related Content

What's hot

The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsJose Lopez
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Securityinside-BigData.com
 
symc_annual2001
symc_annual2001symc_annual2001
symc_annual2001finance40
 
Revolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryRevolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryWilliam Beer
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentationwhmillerjr
 
CyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalCyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalRobertPike
 
As telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcMert Akın
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Henry Draughon
 
HOW TO RETALIATE AGAINST CYBER THREATS WITH PAYMENT-OVER-TIME MODELS
HOW TO RETALIATE AGAINST CYBER THREATS WITH PAYMENT-OVER-TIME MODELS HOW TO RETALIATE AGAINST CYBER THREATS WITH PAYMENT-OVER-TIME MODELS
HOW TO RETALIATE AGAINST CYBER THREATS WITH PAYMENT-OVER-TIME MODELS Marie-Neige Roux
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
Uk Security Breach Investigations Report 2010
Uk Security Breach Investigations Report 2010Uk Security Breach Investigations Report 2010
Uk Security Breach Investigations Report 2010Hongyang Wang
 
Étude mondiale d'EY sur la cybersécurité (2018)
Étude mondiale d'EY sur la cybersécurité (2018)Étude mondiale d'EY sur la cybersécurité (2018)
Étude mondiale d'EY sur la cybersécurité (2018)Paperjam_redaction
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber InsuranceJohn Ryan
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!topseowebmaster
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 

What's hot (20)

OS17 Brochure
OS17 BrochureOS17 Brochure
OS17 Brochure
 
The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clients
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
 
symc_annual2001
symc_annual2001symc_annual2001
symc_annual2001
 
Revolution Or Evolution Exec Summary
Revolution Or Evolution Exec SummaryRevolution Or Evolution Exec Summary
Revolution Or Evolution Exec Summary
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentation
 
CyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalCyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) final
 
As telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwcAs telcos go digital, cybersecurity risks intensify by pwc
As telcos go digital, cybersecurity risks intensify by pwc
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
 
Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?Accountability for Corporate Cybersecurity - Who Owns What?
Accountability for Corporate Cybersecurity - Who Owns What?
 
Cybersecurity isaca
Cybersecurity isacaCybersecurity isaca
Cybersecurity isaca
 
HOW TO RETALIATE AGAINST CYBER THREATS WITH PAYMENT-OVER-TIME MODELS
HOW TO RETALIATE AGAINST CYBER THREATS WITH PAYMENT-OVER-TIME MODELS HOW TO RETALIATE AGAINST CYBER THREATS WITH PAYMENT-OVER-TIME MODELS
HOW TO RETALIATE AGAINST CYBER THREATS WITH PAYMENT-OVER-TIME MODELS
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
 
Uk Security Breach Investigations Report 2010
Uk Security Breach Investigations Report 2010Uk Security Breach Investigations Report 2010
Uk Security Breach Investigations Report 2010
 
Étude mondiale d'EY sur la cybersécurité (2018)
Étude mondiale d'EY sur la cybersécurité (2018)Étude mondiale d'EY sur la cybersécurité (2018)
Étude mondiale d'EY sur la cybersécurité (2018)
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber Insurance
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber security
 

Viewers also liked

Chefs d’œuvre
Chefs d’œuvreChefs d’œuvre
Chefs d’œuvrepaladinhfg
 
ICP TAP event - March, 8, 2016
ICP TAP event - March, 8, 2016ICP TAP event - March, 8, 2016
ICP TAP event - March, 8, 2016nvhaelst
 
De la torre a la nube
De la torre a la nubeDe la torre a la nube
De la torre a la nubemagarques
 
Coursera 2WYUNH4PXS2M
Coursera 2WYUNH4PXS2MCoursera 2WYUNH4PXS2M
Coursera 2WYUNH4PXS2MVievara Rosel
 
Chuyen de corticoid
Chuyen de corticoidChuyen de corticoid
Chuyen de corticoidHospital
 
Jstr
JstrJstr
Jstrф ф
 
Holder & holder in due course
Holder & holder in due courseHolder & holder in due course
Holder & holder in due courseMohit yadav
 
GUDHIA HIGH SCHOOL GOLDEN JUBILEE QUIZ - 2015; GUDHIA, MURSHIDABAD; W.B.
GUDHIA HIGH SCHOOL GOLDEN JUBILEE QUIZ - 2015; GUDHIA, MURSHIDABAD; W.B.GUDHIA HIGH SCHOOL GOLDEN JUBILEE QUIZ - 2015; GUDHIA, MURSHIDABAD; W.B.
GUDHIA HIGH SCHOOL GOLDEN JUBILEE QUIZ - 2015; GUDHIA, MURSHIDABAD; W.B.Saswata Chakraborty
 

Viewers also liked (11)

NEBOSH
NEBOSHNEBOSH
NEBOSH
 
Chefs d’œuvre
Chefs d’œuvreChefs d’œuvre
Chefs d’œuvre
 
ICP TAP event - March, 8, 2016
ICP TAP event - March, 8, 2016ICP TAP event - March, 8, 2016
ICP TAP event - March, 8, 2016
 
De la torre a la nube
De la torre a la nubeDe la torre a la nube
De la torre a la nube
 
Coursera 2WYUNH4PXS2M
Coursera 2WYUNH4PXS2MCoursera 2WYUNH4PXS2M
Coursera 2WYUNH4PXS2M
 
Chuyen de corticoid
Chuyen de corticoidChuyen de corticoid
Chuyen de corticoid
 
Degree
DegreeDegree
Degree
 
Jstr
JstrJstr
Jstr
 
Holder & holder in due course
Holder & holder in due courseHolder & holder in due course
Holder & holder in due course
 
Poco yo
Poco yoPoco yo
Poco yo
 
GUDHIA HIGH SCHOOL GOLDEN JUBILEE QUIZ - 2015; GUDHIA, MURSHIDABAD; W.B.
GUDHIA HIGH SCHOOL GOLDEN JUBILEE QUIZ - 2015; GUDHIA, MURSHIDABAD; W.B.GUDHIA HIGH SCHOOL GOLDEN JUBILEE QUIZ - 2015; GUDHIA, MURSHIDABAD; W.B.
GUDHIA HIGH SCHOOL GOLDEN JUBILEE QUIZ - 2015; GUDHIA, MURSHIDABAD; W.B.
 

Similar to dcb1203CyberNDI

SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services OfferedRachel Anne Carter
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessibleCharmaine Servado
 
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfMetaorange
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxMetaorange
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021Management Events
 
Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Graeme Cross
 
5 Security Trends to Watch in 2020
5 Security Trends to Watch in 20205 Security Trends to Watch in 2020
5 Security Trends to Watch in 2020Dharmendra Rama
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Networkers cyber security market intelligence report
Networkers cyber security market intelligence reportNetworkers cyber security market intelligence report
Networkers cyber security market intelligence reportSimon Clements FIRP DipRP
 
cybersecurity-250
cybersecurity-250cybersecurity-250
cybersecurity-250Chris Crowe
 
Digital economy and its effect on cyber risk
Digital economy and its effect on cyber riskDigital economy and its effect on cyber risk
Digital economy and its effect on cyber riskaakash malhotra
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991Jim Romeo
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber securitySAHANAHK
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis
 

Similar to dcb1203CyberNDI (20)

The Future of Cybersecurity
The Future of CybersecurityThe Future of Cybersecurity
The Future of Cybersecurity
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdf
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptx
 
16231
1623116231
16231
 
Cyber security investments 2021
Cyber security investments 2021Cyber security investments 2021
Cyber security investments 2021
 
Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Aon Cyber Newsletter v10
Aon Cyber Newsletter v10
 
5 Security Trends to Watch in 2020
5 Security Trends to Watch in 20205 Security Trends to Watch in 2020
5 Security Trends to Watch in 2020
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
Networkers cyber security market intelligence report
Networkers cyber security market intelligence reportNetworkers cyber security market intelligence report
Networkers cyber security market intelligence report
 
cybersecurity-250
cybersecurity-250cybersecurity-250
cybersecurity-250
 
Digital economy and its effect on cyber risk
Digital economy and its effect on cyber riskDigital economy and its effect on cyber risk
Digital economy and its effect on cyber risk
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
 

dcb1203CyberNDI

  • 1. 1716 MOD DCB :: 19 February 2014 :: Vol 12 No 3 :: www.contracts.mod.uk www.contracts.mod.uk :: Vol 12 No 3 :: 19 February 2014 :: MOD DCB 1716 1716 1716 strategic capability.This was a key driver for MOD to join the DCPP and seek to implement cyber standards as some level of insurance within defence contracts.The Department is doing this to ensure that providers of capability to the MOD are cyber aware and cyber protected. The MOD has to share some sensitive information with industry to enhance its capability.The sharing of classified information obviously presents an element of risk.Some relatively small companies supply incredibly sophisticated technology to the defence programme and will be in receipt of very secure information.With cyber security a growing issue,questions remain around how that information is going to be securely managed from the MOD to prime to supplier. One suggestion is that primes should look at the supply chain and assess,test and indeed help the supply chain to attain an appropriate level of cyber awareness as part of the selection criteria for using suppliers on a programme.The question is:how? Regarding information security,industry and the MOD have a set of shared problems surrounding the ownership of risk,the transfer of risk,the cost implications of managing that risk,and how the issue of cyber protection will be incorporated into contracts.It’s an issue that neither government nor industry alone can solve; the involvement of both parties is needed for the DCPP to be successful.You have to understand what the threats are to set standards and then inform and help the supply chain.As a result three workstreams have been created to address these problems:information management, standards,and the means by which the DCPP can involve the wider supply chain.By 2015 businesses should have a much clearer idea of how and where they will fit into this. Mr Leverett said it comes down to the three‘Cs’:clarity,commitment and communication.This concept was echoed by DCPP member Peter Armstrong,Director of Cyber Security at Thales UK,who said:“The DCPP will focus on the vulnerability that is aggregated by the weaknesses that we know are endemic right across the supply chain,not just at levels below the prime but including the primes.We will have to all embark on the journey,not smaller companies on the primes’ behalf.We all have improvements to make and the DCPP deep focus is in this aggregated low- level risk in the supply chain.” Indeed,as Glenn Attridge,Head ofThreat Management and Cyber Security for Royal Bank of Scotland,stated:“A standalone defence is no defence at all.We absolutely must work together to protect businesses and customers.” Cyber security is also at the top of the UK’s defence exports agenda.Defence exports are an important area for national economic growth and Mr Leverett said international customers are becoming increasingly aware of cyber security as a business imperative.Poor cyber security can cost you business,but one of the messages resonating strongly at Cyber Security 2014 was that strong cyber security on the other hand can win you more business at home and overseas.Who would contract a company that has been proven to be unreliable in its information security? Reliable businesses are successful businesses,and this is true too of cyber security.At the conference businesses were encouraged to make themselves more attractive through good cyber security. One company exhibiting at the event that is taking this message on board and has the ambition to make itself more appealing to contractors through building a strong reputation in cyber security is Newburgh Engineering.Lee Townsend of Newburgh said:“Due to the accreditations that are going to be coming from cyber security,we need to be at the forefront of our supply chain.When you look at big contracts with big companies, we as a supplier want to be at the top of the list and ready with these cyber security measures in place.” So,what is good cyber security? Accepting that you face a real threat from cyber attack is a good start.Collaboration,preparation, briefing,speed of reaction and information- sharing are all key to a strong and successful approach to cyber security.Read the‘Ten Steps to Cyber Security’guidance produced by CESG,the information security arm of GCHQ,the Department for Business, Innovation and Skills (BIS),the CPNI and the Cabinet Office.This guidance has been embraced by the DCPP. There are lots of cyber security products and services available on the market,many provided by innovative SMEs and micro SMEs.What came across loud and clear at Cyber Security 2014 was that taking the threat seriously,and taking action now,is the best policy if you want to be able to meet the standards of cyber security required for securing future defence contracts. 16161616 Cyber Security 2014: a call for clarity, commitment and communication Further Information For more information,visit: www.gov.uk and www.ndi.org.uk nformation is valuable;it always has been.The value of a particular piece of information depends on who and where you are.Whether it concerns military or political intelligence,sensitive business data,intellectual property (IP) or insider knowledge of what the future may hold for a specific commercial organisation or industry sector,information is always deeply desired by someone,somewhere. Cyber security,or information security as it should possibly be called,faces a rapidly evolving threat.National concern about cyber security in the UK is now greater than ever,and with the number of cyber attacks accelerating at an unprecedented rate it is the responsibility of business and government leaders to protect themselves and the nation’s critical networks and supply chains in order to build national resilience and ensure that the UK continues to compete securely in global markets. The varying threats posed by cyber crime – from random automated attacks to sophisticated,targeted strikes – were well outlined at the NDI Cyber Security 2014 Threats & Opportunities conference held earlier this month in Edinburgh.Delegates heard about worms,viruses,script kiddies, frameworks,skilled attackers and Zero Day. The threats are very real and the statistics mentioned at the conference didn’t make for comfortable listening.Ninety three per cent of large corporations and 87 per cent of small businesses have reported a cyber breach in the past year.The cost of a typical cyber security breach is estimated to be between £450,000 and £850,000 for large businesses and between £35,000 and £65,000 for smaller ones.Cyber security in SMEs is generally weak and even larger companies have been found to be vulnerable owing to poor information security.The fallout for businesses could include loss of revenue and loss of reputation – both very damaging. In the Keynote Arena,Dave Stubley,CEO of independent security testing consultancy 7 Elements,set the scene by highlighting that small businesses can be targeted as part of a supply chain.One way of damaging a large company can be to damage a smaller company that it sub-contracts work to and this is one of the problems supply chains face from cyber crime.Mr Stubley cautioned: “We need to accept we can’t be 100 per cent secure.You have to work from the premise that you can become compromised.” Andrew Fitzmaurice,CEO of Templar Executives,a company that delivers information assurance and cyber security for government and commercial organisations, said there needs to be more focus on the ‘insider threat’,referring to high-profile cases such as Bradley Manning.In cases such as Manning,where there was a significant vetting process prior to employment,Mr Fitzmaurice advised there should be management aftercare to ensure the initial vetting remains robust. The general message to firms was that a good cyber security strategy will enhance business,with a holistic approach strongly recommended.Bad cyber security is bad for your business:your reputation is everything. The Ministry of Defence takes cyber security very seriously.Protecting the supply chain is a key issue across industry, particularly in defence which is a larger target than other sectors for cyber criminals. In response,the MOD intends to mandate adoption of a strong cyber defence posture in the MOD supply chain and defence contracts by 2015.This will be piloted throughout 2014 with feasibility testing starting soon. A panel of members of the Defence Cyber Protection Partnership (DCPP) attended the conference to discuss the future of cyber in the industry.The DCPP is a partnership between industry and government seeking to protect the defence industry from cyber attack.The partnership includes the Centre for the Protection of National Infrastructure (CPNI),Government Communications Headquarters (GCHQ),the MOD and nine companies:BAE Systems,BT,Cassidian,CGI, Hewlett Packard,Lockheed Martin,Rolls- Royce,Selex ES and Thales UK.By sharing their experience of operating under the constant threat of sophisticated cyber attack,the DCPP aims to identify and implement actions that have a real impact on the cyber defences of its members and the UK defence sector as a whole.DCPP Chair Vic Leverett said that commitment was needed across the defence industry as a whole to protect the supply chain from cyber attack. There have been examples of potential programme disruption due to smaller companies being targeted as part of a larger supply chain.This could result in reduced capability,as well as significant revenue loss throughout the supply chain.For the MOD, programme disruption and IP theft is a major concern in terms of reduction of I “Poor cyber security can cost you business, but one of the messages resonating strongly at Cyber Security 2014 was that strong cyber security on the other hand can win you more business at home and overseas” >>F E A T U R E The National Security Strategy has categorised cyber attacks as a Tier One threat to UK national security,alongside international terrorism.The threat from cyber attacks is real and growing with terrorists,rogue states and cyber criminals among those targeting computer systems in the UK. MOD DCB features writer Paul Elliott was at NDI’s recent Cyber Security 2014 conference in Edinburgh to find out about the many different facets of cyber security.