ciip.html
GNSEC
Singapore CIIP Services
Considering the variety of tasks affiliated with CIIP, the first step
towards an effective and efficient CIIP organizational unit is to
define its essential priorities and responsibilities. These essential
tasks of CIIP are arranged in a “Four-Pillar Model†of
CIIP. The four pillars of this model are: prevention and early warning;
detection; reaction; and crisis management. This section describes the
four pillars and defines which role the CIIP organization should play
in each of these four pillars.
We help to develop
A national
CIIP Framework
CIIP Basic
Concepts and Communication
PREVENTION AND EARLY WARNING
Prevention and early warning are indispensable components of CIIP. They
aim to reduce the number of information security breaches. However,
since threats to CIIP are manifold, interdependent, and complex, it is
unrealistic to expect that incidents can be altogether prevented.2 A
more realistic goal is to ensure that critical infrastructures
“are less vulnerable to disruptions, any impairment is short in
duration and limited in scale, and services are readily restored when
disruptions occur.â€3 The main function of prevention is to
ensure that companies operating critical infrastructures are prepared
to cope with incidents.
We develop a
concept for a national early Warning system, based on a localized
Threat Analysis
We help to do
a basic risk assessment to identify the weak points of the national
critical information infrastructure
DETECTION
Detection is the second pillar. In order to promote security and to
avoid particularly vulnerable technologies, it is crucial that new
threats be discovered as quickly as possible. In order to recognize
emerging threats on a timely basis, the CIIP unit depends on a broad
national and international net-work. In close collaboration with
technical experts from Computer Emergency and Response Teams (CERTs),
the CIIP unit should identify new technical forms of attacks as soon as
possible.
REACTION
Reaction includes the identification and correction of the causes of a
disruption. Initially, the CIIP unit should provide technical help, and
support to the targeted company. However, the CIIP unit cannot take on
the management of incident response for these companies. The activities
of the CIIP unit should complement, but not replace, the efforts of
companies. Instead, the CIIP unit usually provides advice and guidance
on how to tackle an incident, rather than offering complete solutions.
We
help with our international network to establish the necessary
communica-tion between CERT’s, Governments and private Sectors.
We
show, how to build a Cyber Readiness Team out of an existing Emergency
Response Team to change the focus from passive Response to active
Readiness
CRISIS MANAGEMENT
Crisis management has been part of CIIP since its inception. Minimizing
the effects of any disruptions on society and the state has always been
a major task of protection, so the CIIP unit must be embedded in the
national crisis management structure. Depending on the organization of
a state’s crisis management administration, the CIIP unit can
be positioned in several different ways. It should be well-positioned
in order to have direct access to decision-makers, because a key
function of the CIIP unit is to alert the responsible people and
organizations. In case of a national crisis, the CIIP unit must be able
to offer advice directly to the government.
We support our clients in
Establishing
risk and crisis management
Defining the
Strategic protection aims
performing a
Risk analysis with a focus on the special characteristics of critical
in-frastructures
Establishing
Communication between sectors
ANALYTICAL CAPACITY
The gathering and analysis of threat information are demanding tasks,
requiring a broad network of national and international contacts. It
could prove inefficient if the CIIP unit established its own
intelligence unit. Instead, the task of analyzing threat information
could be allocated to specific units of the intelligence services.
Their international networks and experience in international
investigation are invaluable in the fight against cyber-crime. In order
to cooperate in the most efficient way, specific units of the
intelligence services should cooperate with the CIIP unit as partners.
In an ideal scenario, the leader of the analysis sub-unit could be a
staff member of the intelligence service, acting as an interface
between the CIIP unit and the intelligence service
We support our clients in
Establishing
and running a Situation Centre
Threat- and
Malware Analysis
Threat
Simulation
TECHNICAL COMPETENCIES
In many countries, CERTs6 are responsible for the technical questions
of information security. The role of CERTs can be compared to that of a
fire department. They are ready to help in case of inci-dents, but also
engage actively in prevention by providing information, warnings, and
advice to their constituencies. The size of CERTs and of their
constituencies varies widely, but despite their differences, all CERTs
are designed as centers of expertise run by information specialists.
Certs are often run by agencies that are completely independent from
the government. CERTs operated by universities are particularly
interesting, as they have major advantages: First, the scientific staff
of universities is more likely to cope with the complex research in the
fields of information technology and network environments. Second, the
universities’ academic networks are very useful for research
and cooperation with the CIIP unit. Regardless of who runs the CERTs,
the CIIP unit should closely cooperate with the CERTs. Moreover, the
CIIP unit should try to integrate an established national CERT as a
partner. In this way, the CIIP unit can gain technical competence,
without having to build up its own body of technical staff.
We support our clients in
Integrating
the existing Cert into the new CIIP Structure