Tag: basic cyber security practice.

Cyber Security for Nuclear New Build discussed in UK May 22-24th 2017

Chief Information Security Officer, Graeme Hockey and Lead C&I Engineering Manager, Peter Partington of Nugeneration Limited will present this May 23 and 24th at the 2nd Annual ICS Cyber Security Nuclear Summit  on “New Build. Are we really starting with a blank canvas?
The presentation session will address the following points:
Cybersecurity in a Security context – Integration into the Security environment
Resources – Information, People and Skills
Incident Response – Red Team, Blue Team, Corporate Integration
Strategy – What could it look like?


Don’t forget if your part of the local Warrington Nuclear Hub we have incentives to attend.

2nd Annual
Industrial Control Cyber Security Nuclear Summit 
“Transformation, Preparedness and Developing Cyber Security Assurance ”
www.industrialcontrolsecuritynuclear.comMay 23/24th Warrington United Kingdom
 Co-Sponsors Kroll 
Co-Sponsors Airbus
Associate Sponsors PA Consulting Group


May 22nd Pre-Conference Workshops

Morning Workshop A hosted by Unisys
“Strategic planning for Industrial Control System (ICS) Security and Privacy”

Afternoon Workshop B with PA Consulting Group 
“How examining attack scenarios can help manage your security risk”

 
All Workshops are FREE to the first 15 qualifying Operators



Thought Leaders include:

  • Chris Roberts, Chief Security Architect at AcalvioTechnologies/Principal AMCyber Org
  • NCSC, Name withheld
  • Paddy Francis, Airbus
  • Chris Blask, Unisys Global Industrial Control Security Director, Chair ICS-ISAC
  • Roger Howsley, Executive Director WINS
  • Eric Knapp, Chief Engineer and Global Director of Solutions and Technology for Honeywell Industrial Cyber Security
  • John Dickinson, Cybersecurity Control Systems Manager, Control Systems Group, Sellafield Ltd 
  • Karen J Frith, Head of Cyber Operations and Risk, Sellafield Ltd
  • John Donald, Superintending Inspector, Office for Nuclear Regulation 
  • Graeme Hockey, Chief Information Security Officer, Peter Partington, Lead C&I Engineering Manager, NuGeneration Limited
  • Andreu Bravo Sanchez, Chief Information Security Officer, Information Security and Cybersecurity, Gas Natural Fenosa
  • Mike St John Green, Honorary Fellow, University of Warwick, Independent Consultant
  • Rakesh Burgul Senior Security Delivery Manager (Information & Personnel) & Chief Information Security Officer, International Nuclear Services
  • Andrew Beckett, Managing Director, Kroll
  • Karl Williams, Security Advisor, PA Consulting Group

Media Partners include The World Institute for Nuclear Security (WINS), The Industrial Control System Information Sharing and Analysis Center (ICS-ISAC), CCI, the Industrial Cybersecurity Center, Infosecurity Magazine and the OSGP Alliance.

2nd annual Industrial Control Cybersecurity Nuclear Summit to take place in Birchwood

PRESS RELEASE

2/8/2017

Warrington chosen to host international nuclear conference
2nd annual Industrial Control Cybersecurity Nuclear Summit to take place in Birchwood

Warrington is set to host the second annual Industrial Control Cybersecurity Nuclear Summit on 22nd – 24th May 2017.

Taking place at The Centre, Birchwood Park, the two-day conference will cover pressing cyber security challenges in the nuclear industry, including managing supply chains, preparing for the Internet of Things (IoT) and what public/private partnerships could mean for the sector.

The event, which is aimed at an international audience, will be structured around presentations and debate from some of the world’s leading cyber security experts and authorities in nuclear security.

Past presenters have included the IAEA, ONR, NDA, BEIS, Engie, Lockheed Martin, Airbus, Horizon Nuclear, EDF and Honeywell.

Discussing the conference, event organiser James Nesbitt, Founder of the Cyber Senate said: “The security landscape is changing and the way we protect the safety, reliability and stability of our critical nuclear infrastructure must change with it.

“This event will address several key areas such as how to reduce vulnerability, detect threats and how IT and operational technology can work in synergy to defend nuclear assets. It will also cover wider issues in the industry, such as the growing skills gap. We’ve brought together an impressive range of world experts on these topics who will be sharing best practice and providing insight as to what the future may hold for this sector.”

“Warrington is home to a number of organisations in the nuclear industry, including Sellafield Ltd, AMEC Nuclear, NNL and Rolls Royce Nuclear, so holding the conference here felt like a natural step. These are big issues that affect not just the security of businesses, but of whole nations and events like these are an important way to share best practice and plan for the future.”

ENDS

For more information, visit: https://www.industrialcontrolsecuritynuclear.com/

The Cyber Senate announce ICS ISAC Alliance

ICS-ISAC Chair Chris Blask noted that Cyber Senate is an example of an information sharing organization which spans key demographics. “The mission of information sharing involves many stakeholders groups across the entire global community. Cyber Senate captures key thought leaders and works to share information among them and with critical communities. We see Cyber Senate as a highly valuable organization and are pleased to support the good work they are doing.”

Cyber security for the digital railway

Join the Cyber Senate on March 16th in London for an in-depth discussion on the current and future threat, how the industry is responding, the absolute importance of “Security by Design,” the challenges that bridging IT and OT bring in deploying enterprise facing architecture and how to further develop a culture of awareness. Cyber threats are growing in frequency and capability across every industry, but none carry more consequences than those carried out against critical national infrastructure. The global rail industry is where the Smart Grid industry was 10 years ago, now realising that through advanced connectivity and digitisation that greater levels of efficiency and optimisation can be achieved, reduction of carbon footprints and greater value can be provided to both asset owners and operators, passengers and shareholders. The rush to next generation infrastructure however is not with out its vulnerabilities. The proliferation of machine to machine sensors, the Internet of Things and the convergence of IT and OT – two very different disciplines, has extended the attack surface dramatically for an industry historically isolated from modern day cyber threats. Join the Cyber Senate on March 16th in Londonfor an in-depth discussion on the advancing threat, the reality of security of our future rail networks, the absolute importance of “Security by Design,” the challenges that bridging IT and OT bring in deploying enterprise facing architecture and more. This is a unique opportunity to address key cyber issues in the design stage within the rail industry, so let us begin. A strong cyber security strategy saves lives. All stakeholders have a responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Information sharing is paramount in educating ourselves and the industry

 

 

 

Anti-IS group’ claims BBC website attack

Reports state the BBC was subject to a DDoS attack by group calling itself “New World Hacking,” targeting IS affiliated web activity. They are reported to have stated “We are based in the US, but we strive to take down Isis [IS] affiliated websites, also Isis members. The reason we really targeted the BBC is because we wanted to see our actual server power. It was a test.”

Source: BBC news

Read more here 

New Trojan based campaign, apparently focused on the Middle East, targeting energy companies and specifically trade secrets.

According to Symantec, “A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised computer.”

More information can be found on Symantecs blog and we highly suggested familiarising your firm with this latest threat as although it is focused on the Middle East, it started as a “Multi staged attack campaign against energy companies around the world.”

http://www.symantec.com/connect/blogs/new-reconnaissance-threat-trojanlaziok-targets-energy-sector

the Industrial Control Systems Cyber Emergency Response Team received and responded to 245 incidents reported by asset owners and industry partners.

“The Energy Sector led all others again in 2014 with the most reported incidents” Please find the report here https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Sep2014-Feb2015.pdf
“Of the total number of incidents reported to ICS-CERT, roughly 55 percent involved advanced persistent threats (APT) or sophisticated actors. Other actor types included hacktivists, insider threats, and criminals. In many cases, the threat actors were unknown due to a lack of attributional data.”
Those involved in the security sector however are quoting numbers for higher than this, as many incidents go unreported.

Attack on Pakistan Grid leaves 140 million without electricity

According to Skynews, “some 140 million people were left without electricity after a transmission line was attacked, knocking out the national grid.”

Power has been restored to much of Pakistan after more than 140 million people were plunged into darkness due to an apparent rebel attack on a key power line.

Up to 80% of the country’s population lost electricity in the early hours of Sunday and disruption was reported at Lahore’s international airport, but flights were not affected.
Read more

Common Cyber Attacks: Reducing The Impact – CERT UK

“In GCHQ we continue to see real threats to the UK on a daily basis, and I’m afraid the scale and rate of these attacks shows little sign of abating.”
Robert Hannigan
Director GCHQ
http://goo.gl/2RaCGD

Confessions of a IT / OT Hacker

UK Government mandates new cyber security standard for suppliers

The government has worked with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to develop Cyber Essentials, a set of basic technical controls for organisations to use.

Download Cyber Essentials documents here: https://www.cyberstreetwise.com/cyberessentials/

The full scheme, launched on 5 June 2014, enables organisations to gain 1 of 2 new Cyber Essentials badges. It is backed by industry including the Federation of Small Businesses, the CBI and a number of insurance organisations which are offering incentives for businesses.

The Cyber Essentials Requirements document sets out the necessary technical controls. The Assurance Framework shows how the independent assurance process works and the different levels of assessment organisations can apply for to achieve the badges. It also contains guidance for security professionals carrying out the assessments.

From 1 October 2014, government requires all suppliers bidding for certain sensitive and personal information handling contracts to be certified against the Cyber Essentials scheme.

More information available here : https://www.gov.uk/government/publications/cyber-essentials-scheme-overview#history

CYBER ESSENTIALS SCHEME
https://www.cyberstreetwise.com/cyberessentials/

The Cyber Essentials scheme provides businesses small and large with clarity on good basic cyber security practice. By focussing on basic cyber hygiene, your company will be better protected from the most common cyber threats.

Cyber Essentials is for all organisations, of all sizes, and in all sectors – we encourage all to adopt the requirements as appropriate to their business. This is not limited to companies in the private sector, but is also applicable to universities, charities, and public sector organisations.

Cyber Essentials is mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services. Find out more here.

The Cyber Essentials scheme has been developed as part of the UK’s National Cyber Security Programme and in close consultation with industry.