CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens •...
Transcript of CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens •...
![Page 1: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/1.jpg)
CYBERSECURITY – BUILDING A RELIABLE CHAINISACA Round Table Eindhoven, 16 November 2016
Sandra Konings, Partner BDO Advisory – Cybersecurity
Chair Eindhoven Cyber Security Group
![Page 2: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/2.jpg)
Supply chain security risks
© 2016 BDOPage 2
Data protection risks
Leakage of sensitive customer/supplier information
Leakage of your sensitive information, like
Privacy sensitive information
Intellectual Property
Financial figures before press release
Cybersecurity – building a reliable chain
![Page 3: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/3.jpg)
BDO Investigation local government / cities
Recent developments
• Cities buy healthcare for citizens
• Cities need data to proof legality of
bought healthcare
• Many cities request too much data to
ensure proper control -> privacy issues!
• Cities and healthcare companies have to
formalize their information exchange in
Data Processing Agreements
© 2016 BDOPage 3Cybersecurity – building a reliable chain
This report can be downloaded from
https://www.bdo.nl/nl-nl/branches/lokale-
overheid/informatiebeveiliging
![Page 4: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/4.jpg)
BDO Investigation housing corporations
Recent developments
• Housing corporations receive an increasing
number of data from their tenants
• Many do not know how the responsibility
for data protection has been arranged
within the organization and with external
parties
© 2016 BDOPage 4Cybersecurity – building a reliable chain
This report can be downloaded from
https://www.bdo.nl/nl-
nl/branches/woningcorporaties/informatiebeveiliging
![Page 5: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/5.jpg)
Denial of Service risks
Denial of service key IT systems
Factory downtime leading to delayed delivery
Supply chain security risks
© 2016 BDOPage 5
Data protection risks
Leakage of sensitive customer/supplier information
Leakage of your sensitive information, like
Privacy sensitive information
Intellectual Property
Financial figures before press release
Cybersecurity – building a reliable chain
![Page 6: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/6.jpg)
Cybersecurity supply chain risk analysis
Developed in 2015 by
Shelll, Gasunie, Nuon, TenneT and Alliander
With NCSC and ‘Cyber Security Raad’
Key objectives:
• Define cybersecurity risks for energy supply
• Define method re-usable for other industries
https://www.cybersecurityraad.nl/010_Actueel/digitale
-ketenveiligheid-krijgt-veel-te-weinig-aandacht.aspx
© 2016 BDOPage 6Cybersecurity – building a reliable chain
![Page 7: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/7.jpg)
Denial of Service risks
Denial of service key IT systems
Factory downtime leading to delayed delivery
Supply chain security risks
© 2016 BDOPage 7
Data protection risks
Leakage of sensitive customer/supplier information
Leakage of your sensitive information, like
Privacy sensitive information
Intellectual Property
Financial figures before press release
Cybersecurity – building a reliable chain
Malware infection risks
Inherited malware
![Page 8: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/8.jpg)
Cooperation initiatives
![Page 9: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/9.jpg)
Information Sharing & Analysis Centres (ISACs)
© 2016 BDOPage 9
Insurance
ISACFinancial
Institutions
ISAC
Multinat.
ISAC
Telecom
ISAC
Water
ISAC
Energy
ISAC
Keren en
Beheren
ISAC
Nucleair
ISAC
Rijks
ISAC
Zorg
ISAC
MSP
ISAC
Haven
ISAC
Pensioen
ISAC
Airport
ISAC
NCSC
AIVD
THTU
Cybersecurity – building a reliable chain
![Page 10: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/10.jpg)
Topics like
© 2016 BDOPage 10
Sharing Incidents/ best practices
Legal aspects of Cyber
IP Protection, IAM
SOC, SIEM, Threat Intelligence
Cyber Insurance
Awareness
Cybersecurity – building a reliable chain
![Page 11: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/11.jpg)
Local initiatives
© 2016 BDOPage 11
Rotterdamse
Haven
Schiphol
Eindhoven Cyber
Security Group
Cybersecurity – building a reliable chain
![Page 12: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/12.jpg)
EU Directive on security of network
and information systems
![Page 13: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/13.jpg)
Directive on security of network and information
systems(NIS)
This Directive was adopted by the European Parliament in July 2016
It is in force since August 2016
Key objectives
• Increasing cybersecurity capabilities and cooperation
• Making the EU a strong player in cyber security
• Mainstreaming cyber security in EU policies
© 2016 BDOPage 13Cybersecurity – building a reliable chain
![Page 14: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/14.jpg)
Purpose of NIS: Legal measures to boost the overall
level of cybersecurity in the EU
1. Member States must be prepared via
• Computer Security Incident Response Team (CSIRT)
• Competent national NIS authority
2. Member States must co-operate via
• Cooperation groups
• A CSIRT Network
3. Sectors which are vital for our economy and society and rely heavily on ICT must
create a culture of security
• Such as energy, transport, water, banking, financial market infrastructures,
healthcare, digital infrastructure, and digital service providers (search engines,
cloud computing services and online marketplaces)
• Operators of essential services must take appropriate security measures to notify
serious incidents to the relevant national authority
© 2016 BDOPage 14Cybersecurity – building a reliable chain
![Page 15: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/15.jpg)
NIS Directive – Next steps
This Directive is in force since August 2016
Member States have
• 21 months to transpose the Directive into their national laws, and
• 6 months more to identify operators of essential service
Translation to Dutch law
• The House of Representatives (‘Tweede kamer’) has adopted the law about
cybersecurity on 27-Oct-2016
o Critical sectors have to report severe security incidents to NCSC
o Critical sectors are: electricity, gas, nucleair, drinking water, telecom,
transport (mainports Rotterdam and Schiphol), finance and government
o Currently waiting for approval by Senate (‘Eerste kamer’)
© 2016 BDOPage 15Cybersecurity – building a reliable chain
![Page 16: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/16.jpg)
For more information and support
![Page 17: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/17.jpg)
Cybersecurity – Building a reliable chain
More information and support
Sandra Konings
Partner BDO Advisory – Cyber Security
Chair Eindhoven Cyber Security Group
Email: [email protected]
Phone: +31 (0)30 284 9960
© 2016 BDOPage 17Cybersecurity – building a reliable chain
![Page 18: CYBERSECURITY BUILDING A RELIABLE CHAIN - isaca.nl · • Cities buy healthcare for citizens • Cities need data to proof legality of ... Developed in 2015 by Shelll, Gasunie, Nuon,](https://reader033.fdocuments.us/reader033/viewer/2022050301/5f6a8cf9c4a3a76102463398/html5/thumbnails/18.jpg)