CyberSec4CNI

This session will give insights into differing national approaches to Cyber Regulation and Frameworks including the various European implementations of the NIS Directive and the Cyber Security Act and NIST guidelines, and how they are helping to meet the cybersecurity objectives laid out for our global critical infrastructure.

Following quickfire presentations (7 minutes each), we will discuss how we can work towards developing outcome-oriented cybersecurity frameworks.

• How are we going to prove compliance to Cyber Security Regulations?
• How are the various frameworks and methodologies effective and where are they deficient?
• Are we on track to reduce our cyber risk profile?

• How have we managed to refine the art of addressing specific stakeholder groups to deliver a common cyber-security message with the right level of granularity?
• How can we translate standards like NIST to the correct language for specific use cases of stakeholder groups?
• What are our success stories and the methodologies that have been effective in overcoming cultural barriers to addressing cyber risk?
• How can we leverage existing skill-sets, tools and methodologies within our organisation to develop a culture of cyber security?

We don't need to look very far in any direction to see organisations who have been the victim of attempts by sophisticated attackers to disrupt operations, steal money or data, undermine public confidence or cause physical damage. When the assets we protect are critical to the functioning of society, livelihoods and public safety, the repercussions of failure can be severe. Ultimately, somebody will be to blame... so who is jumping at the chance to own cyber risk?
 ·         Effective escalation of operational to strategic risk
·         The importance of a clear and coordinated strategy to attributing responsibility
·         Proactive and considered approaches and the danger of overreacting to high profile cyber attacks
·         What needs to be better understood by senior management before setting out a fit for purpose cyber governance strategy and what part do you play?

·         The ISAC Model, the power of anonymised information sharing and limitations
·         How can cross-sector and transnational information sharing be improved?
·         Intelligence sharing vs information sharing
·         What does good look like for the future of critical infrastructure information sharing?

Arguably, we can no longer separate our strategy into operational and information technology, or cyber and physical security. With the rapid uptake of IoT devices and connected systems, the attack surface has grown and converged; so must our defensive strategy.
 
To what extent should we maintain separate approaches?
How can we get better at aligning stakeholders behind the common goal of efficient and secure operations of our technology as a whole?        
Where have we had success in collaborative approaches to Technology Security?
How should we be challenging traditional approaches to IT security to take into account the changes in our ecosystem?

Quickfire presentations followed by discussion of:
How are suppliers able to demonstrate an adequate level of compliance to Cyber Security regulations and standards?
Where do we need uniformity in our approach to securing critical infrastructure and where is diversity a strength?
What can be done to collaborate more closely across the supply chain?