You are on page 1of 28


PPP in the Netherlands and Europe
Barcelona, September 16, 2011

2 | September 16, 2011

Cybercrime IE (NL) / EuroSCSIE (EU) 3 | .

Why is action needed? Situation – ICT is of fundamental importance for our society – Society becomes more and more vulnerable for disruption or misuse of ICT-infrastructures – Recent incidents: Stuxnet. Night Dragon. DDoS-attacks – Most critical infrastructures or owned by private sector – Private sector has its own responsibility. 2011 . voluntary partnerships – Not enough information exchange between public and private organisations – International problem How can we raise the resilience of critical infrastructure against cyber disturbance? Complications Main question Answer – Build and facilitate a (inter)national Public Private network based on: – Trust and Value – Create the Cybercrime Information Exchange (with sectoral ISACs) – Use clear membership guidelines (incl TLP) – Sector is in the lead (chair of the ISAC is from industry) 4 | September 16. RSA.

vulnerabilities and good practices . the participants can prevent incidents themselves. This will safeguard the Dutch economy as a whole and the continuity of the individual organisations at the same time. | September 16. threats. 2011 5 .Cybercrime Information Exchange Point of departure is that companies themselves will only take effective measures if they have access to the right information and are able to make accurate risk assessments. By sharing information intensively about incidents.

Information Sharing: Trust Value First the social network (meeting face-to-face) then a technical infrastructure to support this! 6 | September 16. 2011 .

2011 .• Information Sharing on a European and International level • E-SCSIE • European FI-ISAC • ENISA as a facilitating partner on a European level International: • Meridian (annual CIIP conference) • MPCSIE 7 | September 16.

members Users • • • • • • • • • • • • • • Government GOVCERT. ANSSI/COSSI (F) CERT-FI (Fi) ENISA (EU) R&D • • • • • • • • • EDF (F) CERN (CH) Electrabel (B) Laborolec (B) Verbund-Austrian Power Grid AG (A) SwissGrid (CH) Italian Association of CI Experts (I) GCSEC (I) Shell (NL) • JRC (EU) 8 | September 16.NL MSB (Se) CPNI (UK).CH Melani (CH) BSI (D) PET (DK) CERT Hungary NorCERT (N) NoNSA (N) GOVCERT.NL CPNI. 2011 .E-SCSIE .

and research to benefit from the ability to collaborate on a range of common issues. • Main focus is Information Sharing • The outcome would be a raised level of protection adopted across Europe’s SCADA and Control Systems (SCADA/CS) 9 | September 16.E-SCSIE . and to focus effort and share resource where appropriate.Terms of Reference • Started on 20 June 2005 • Aim is for European industry. government. 2011 .

or incidents were addressed.  Exchange experience on good practice (amongst which policies) used to mitigate SCADA and Control System security issues 10 | September 16.  Report warnings about vulnerabilities in SCADA and Control System products.E-SCSIE . 2011 .  Give advice as to how these vulnerabilities and.Information Sharing The following are examples of what each member should share at E-SCSIE meetings:  Report events or incidents that have affected SCADA and Control Systems.

WIB Process Control Domain Security Requirements for Vendors) Self Assessment tools (like the one from CPNI UK) Smart Grids (e.E-SCSIE .2010) 11 June 21. 2011 . Smart Grid Conference in Baarn .g.g.Topics • Sharing of incidents and good practices • Questionnaire on Control System Cyber-Security (aimed at • • • vendors) 2008/2009 Standards and requirements (e.

National Roadmap to Secure Process Control Systems 12 | .

National Roadmap to Secure Process Control Systems • Phase 1 (2010 .2014) – WP1: Awareness en knowledge dissemination – WP2: Building the network – WP3: Training & education – WP4: Knowledge development – WP5: Red teaming framework – WP6: International network – WP7: Plan for Phase 2 13 | September 16. 2011 .

.municipalities .Stakeholders Industry •VNO/NCW •CIO Platform Nederland •WIB •Industry organisations SOVI NAVI NICC Research & Knowledge •TNO. JUS.. 14 | September 16. DEF. KEMA •universities •Education & training •NEN Government •Responsible departments /inspections •KLPD •AIVD •GOVCERT.I&M. 2011 .NL Asset owners & CI operators Commercial Entities •system vendors & integrators •component suppliers •3rd party / outsourcing •IT and Telecom providers -Government as PCS user .etc.

2011 15 .4 meetings per year • • • • • WIB Vendor Requirements and Achilles certification program . on Stuxnet) Sharing of open source information (dissemination through Brochure management: ‘Process Control Security in the Cybercrime IE’ | September 16. Water-ISAC and Nuclear-ISAC Factsheets by GOVCERT. smart grids etc. Emerson and Siemens) .cpni. Twitter and website www.) •PCS-vendors-ISAC (with ABB.becoming IEC standard soon! Benchmark PCS Security Energy-ISAC.National Roadmap to Secure Process Control Systems DONE (amongst others): •Several PCS-events last year (different topics like risk assessment.g.working together with WIB and ISACs on this . Stuxnet deepdive. Invensys.NL (e. Honeywell.

National Roadmap to Secure Process Control Systems PLANNED (amongst others): • White papers - Cyber Threat landscape ICS .next month How to deal with legacy How to deal with removable media in PCD Gap analysis Training & Education •Development of serious game •High level session CEO/CIO (together with Dept. 2011 . of Security & Justice) •Standards (following ISA and IEC) / Auditing (also with big-4) •Events •Training & Education activities 16 | September 16.

to be extended to other critical infrastructures 17 .17 van 11 Cyber-TEC A not-for-profit European Public Private Partnership on cyber security for critical infrastructures Initial focus: smart grids and process control.

18 Cyber-TEC Situation • • • • Electricity and ICT are of fundamental importance for our society Society becomes more and more vulnerable to disruption or misuse of ICT-infrastructures The Netherlands – as one of the first countries in Europe – just released a Cyber Security Strategy The Netherlands is already a respected participant in Europe on smart grids data privacy and cyber security • Uninterrupted services and black start capabilities are required for our critical infrastructures • The growing dependency of the critical infrastructures on ICT makes cyber security increasingly important • Europe is investigating how to organize cyber security competences right now • (Cyber) security awareness on CEO/CIO level is lagging behind • No testing.and training facilities in Europe available. Physical and Technical measures • Especially in energy infrastructures rapid increase in dependency on ICT is making cyber security important Complications Message Cyber-TEC wants to take a leading role in Europe on cyber security of Critical (Information) Infrastructures by bundling knowledge and know how through one organization 18 18 . as there are in US and Israel • No integral approach yet with focus on Personnel.

Cyber-TEC will link a unique set of actors in the field of cyber security Cyber-TEC will provide a trusted environment Cyber-TEC’s Private Public Partnership will create new dynamics 19 19 .

EU and World – By adding a program to raise cyber security awareness at management level Due to the Private Public Partnership we are able to respond quickly to the rapid developments in the field of cyber security and spread this knowledge to other organizations. research institutions and academia Between sectors dealing with cyber security We have a unique opportunity to provide new input by: – research and testing cyber security – Help creating standards adding to cyber security in the NL. but also stimulate short. EU and Worldwide institutes in the field of Cyber Security Between Private and Public stakeholders Between end-users and vendors Between critical infrastructure.Cyber-TEC Opportunities We have a unique opportunity to connect initiatives – – – – – Between Dutch.and longtime research. 20 20 .

Development & Sharing of information and knowledge: • Cross sector open innovation • Public private partnerships • National and international coordination 21 21 .Cyber-TEC profile Cyber-TEC will develop into the European Cyber Security Research and Technology Centre. Test facilities: • Product testing • Product evaluation 4. Cyber-TEC offers: 1. R&D facilities: • Innovation • Simulation 3. Initial focus area is security (and privacy) of Smart Grids and Process Control Domain. World class education and training (including DHS/INL in the US): • Red Team Blue Team training • Education of top management (CEO/CIO level) / process engineers / (risk) managers / (information) security professionals European sectors to include after energy: • Water supply • Chemicals and oil • Food • Telecom / ICT • Transport • Defense • Governments • Others 2.

Cyber-TEC reinforcing activities Trusted community Mitigation strategies Input for standardisation Red teaming Testlabs R&D Fact finding Recent insights Demonstration Mitigation strategies Test bed Recommendations Latest vulnerabilities Open source intelligence (C-level) conferences C-level training course Hands-on and classical training I&KS Networking Awareness raising Information Exchange Dissemination Catalyst E&T Web-based training Dissemination Network of people and organizations 22 22 .

Cyber-TEC’s Private Public Partnership guarantees high impact Cyber-TEC follows the ‘seeing is believing’ principle Cyber-TEC will be a leading institute based on open collaboration 23 23 .

4 42 • Perform business case • Establish relationships • Establish work processes • Set cybersecurity standards • Develop and market product and services • Improve work processes (K&I .3 m 83 Value € -3.9 m FCF €5.5 • • • • Revenue: Capex FCF FTE € 15 m € 2.3mln FTE 87/91 . marketing & communication plan Program Management Market Research Finalize Business Plan Globalization by alliances 24 Q3/4Q1/2 Q3 Q4 Q1 Q2 Q3 Q4 2011 ‘12 ‘13 24 Q1 Q2 Q3 Q4 ‘14 Q1 Q2 Q3 Q4 ’15/16 Main programmes or Initiatives Launch new products & services Extension of R&D-portfolio Horizon 3 Effect on main operationa ddrivers Draft & Preliminary Financial consequences € 5.9 m €3.1/6. E&T./public sector • Establish work processes • Market development • EU expansion • X-sectoral upscaling • Expand portfolio • Market and product development • Establish processes for new products / services • Industry standard leader Horizon 1 Horizon 2 Execution of R&D-projects Test bed operational Launch product & services Obtain funding Cross sectoral Organisation in place Go/NoGo in December2011 upscaling Cyber-TEC profitable Financing.Roadmap • Revenue: m • Capex m • FCF: m • FTE: € 4.2 m 76 • Revenue: m • Capex • FCF • FTE € 34 • • • • Revenue: €40 m Capex € 1.2 m € 0. R&D) • Focus on Smart grids / PCS priv.7 €1.

with ‘Grow as you go’ concept • Private/Public division in revenues 60/40 in 2012 => 80/20 in 2016. Note: Figures are subject to further market research and business planning (available December 2011) 25 25 .Financials Principal considerations / questions / conclusions • Make impact in EU.

organisation.Next Steps • • • • We believe in the idea and market for Cyber TEC We have done a fair amount of work to get where we are today Cyber-TEC will be a good practice in the EU-US working group on Cyber Security An activity plan has been worked out. Agreements and commitments from the partners A financial plan 26 26 .o.) Assess potential for (co)financing Branding • Working towards a go/no go decision to start with Cyber-TEC in December 2011. marketing. statues etc. next steps needed are a. for that we deliver – – – – A European market research report A launching plan (project plan) for the start-up of work streams. – – Perform market research: Assess need customers and size of market Spread the word: Find partners/members on a European level for Cyber-TEC – – – Finalizing the business plan (financial. legal. +31 6 29 58 79 42 Annemarie Zielstra | +31 6 12 99 28 83 27 27 . please contact: Bram Reinders | Alliander and Netbeheer NL bram.Founding partners: For more information.NL annemarie.

nl | In samenwerking met .Auke Huistra Projectmanager •I: www.cpni.huistra@cpni.NL •Cybercrime IE •Roadmap to Secure PCS •M: +31 6 21479272 •E: auke.