ISSN 2516-0087 (Print) ISSN 2516-0095 (Online)
Critical Infrastructure Protection Review Spring 2018
ITALY’s CRITICAL INFRASTRUCTURE PROTECTION STATE–OF– THE ART, DATA, AND THE REFORM DEBATE UK AVIATION SECURITY – DIRECT AND INSPECT TO OWN AND ASSURE INDIA’s NUCLEAR SECURITY PREPAREDNESS HUMAN COMPONENTS OF CRITICAL INFRASTRUCTURE PROTECTION BRAZILIAN CYBERSECURITY – THE CHALLENGE AMONG TECHNOLOGY, PROCESSES, PEOPLE AND ENVIRONMENT
Thursday 28 and Friday 29 June | Chatham House | London
Cyber 2018
Speakers include:
Risks, governance and crisis response The sixth annual Chatham House Cyber conference will explore the dynamics of state-sponsored cyber threats and assess the main reasons behind the targeting of critical infrastructure and specific sectors by cyber attackers. It will consider strategic approaches to quantify and control cyber risks and improve cyber crisis management practices when things go wrong. Discussions will also assess security considerations for the proliferation of internet of things (IoT) technologies and the design and deployment of artificial intelligence (AI) and look at how responsibilities for this can be shared.
Rt Hon Ben Wallace MP Minister of State for Security and Economic Crime UK Home Office Marina Kaljurand Chair Global Commission on Stability of Cyberspace Thomas Fitschen Director for the United Nations, International Cyber Policy and Counter-Terrorism Federal Foreign Office of Germany Carmen Gonsalves Head, International Cyber Policy Ministry of Foreign Affairs, The Hague
Registration and information: www.chathamhouse.org/conferences/cyber-2018 cburnettrae@chathamhouse.org +44 (0) 20 7957 5727
Jamie Shea Deputy Assistant Secretary General for Emerging Security Challenges NATO Steven Wilson Head of the European Cybercrime Centre (EC3) EUROPOL
Sponsors
Media partners
EDITORIAL CONTRIBUTORS
Critical Infrastructure Protection Review Published by Delta Business Media Limited 3rd floor, 207 Regent Street London, W1B 3HH United Kingdom Tel: +44 (0) 20 7193 2303 Fax: +44 (0) 20 3014 7659 info@deltabusinessmedia.com www.deltabusinessmedia.com www.criticalinfrastructureprotectionreview.com
ISSN 2516-0087 (Print) ISSN ISSN 2516-0095 (Online)
UPCOMING EVENTS
The opinions and views expressed in the editorial content in this publication are those of the authors alone and do not necessarily represent the views of any organisation with which they may be associated. Material in advertisements and promotional features may be considered to represent the views of the advertisers and promoters. The views and opinions expressed in this publication do not necessarily express the views of the publisher. While every care has been taken in the preparation of this edition, the publisher is not responsible for such opinions and views or for any inaccuracies in the articles. Š2018. The entire contents of this publication are protected by copyright. Full details are available from the publisher. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical photocopying, recording or otherwise, without the prior permission of the copyright owner. criticalinfrastructureprotectionreview.com
3
CONTENTS
CONTENTS
IFC CYBER 2018 5
EUROSATORY 2018
7
TRANSPORT SECURITY & SAFETY EXPO 2018
8
EDEX 2018
9 FOREWORD
By Jack Caravelli
11
THE 3rd CRITICAL INFRASTRUCTURE PROTECTION AND RESILIENCE ASIA
12
IDEF 2019
13
ITALY’S CRITICAL INFRASTRUCTURE PROTECTION STATE-OF-THE ART, DATA AND THE REFORM DEBATE. AN OVERVIEW
By Luisa Franchina, Laura Teodonno and Giulia Lodi
18 INTELLIGENCE-SEC DEFENCE AND SECURITY EVENTS 19 UK AVIATION SECURITY - DIRECT AND INSPECT TO OWN AND ASSURE 4
By Peter Drissell, Director Aviation Security, Civil Aviation Authority Critical Infrastructure Protection Review - Spring 2018
CONTENTS
23 HUMAN COMPONENTS OF CRITICAL INFRASTRUCTURE PROTECTION
By Zsuzsanna Balogh, PhD.
28 DELTA BUSINESS MEDIA - PRINT AND ONLINE SPECIALIST PUBLISHER 29 INDIA’S NUCLEAR SECURITY PREPAREDNESS
By Colonel H R Naidu Gade – Indian Army Veteran
36
MILIPOL QATAR 2018
37 BRAZILIAN CYBERSECURITY – THE CHALLENGE AMONG TECHNOLOGY, PROCESSES, PEOPLE AND ENVIRONMENT
By Rogério Winter, Rodrigo Ruiz, Alexandre Costa, Bruna Martins CTI – Renato Archer
45 CYBER SECURITY: THREATS AND RESPONSES FOR GOVERNMENT AND BUSINESS CONFERENCE HEALTHCARE, BLOCKCHAIN AND DIGITAL TRUST 46 CYBER SECURITY REVIEW 47
NIS DIRECTIVE AND ITALIAN PERSPECTIVE
51
CALL FOR PAPERS - CRITICAL INFRASTRUCTURE PROTECTION REVIEW
6
By Luisa Franchina, Ph.D. in Electronic Engineering, Consultant in risk management and cyber security
Critical Infrastructure Protection Review - Spring 2018
co-located with
Gold Sponsor
Stronger Than Firewalls
Silver Sponsor
June 11-12, 2018 Hilton, Washington D.C.
SECURITY AND SAFETY FOR MASS TRANSPORT IN THE DIGITAL AGE 11%+
CAGR of the global transport security technology market from 2017 to 2022* *Source: QYReports
“Understanding how to better safeguard operations and protect critical networks and infrastructure from damage is paramount. Opportunities like TSSX that bring the industry together for training and solutions are welcomed by SANS.� Doug Wylie, Director, Industrials & Infrastructure Portfolio, SANS Institute
Contact Tim Edwards, Event Director to see how you can get involved: tim@transportsecurityworld.com +44 (0) 207 045 0945 Please visit www.transportsecurityworld.com for more information.
produced by
HELD UNDER THE PATRONAGE OF HIS EXCELLENCY, PRESIDENT ABDEL FATTAH EL-SISI THE PRESIDENT OF THE ARAB REPUBLIC OF EGYPT, THE SUPREME COMMANDER OF THE EGYPTIAN ARMED FORCES
BOOK YOUR STAND TODAY
3-5 DECEMBER 2018 EGYPT INTERNATIONAL EXHIBITION CENTRE
JOIN EGYPT’S FIRST TRI-SERVICE DEFENCE EXHIBITION IN 2018 EGYPT INTERNATIONAL EXHIBITION CENTRE 3-5 DECEMBER 2018 300+
EXHIBITORS sales@egyptdefenceexpo.com
Supported by
FULLY-HOSTED VIP
10,000+
DELEGATION PROGRAMME
VISITORS
www.egyptdefenceexpo.com
Supported by
/egyptdefenceexpo
Silver Sponsor
@egyptdefenceexpo
Media Partner
@visitedex
Organised by
FOREWORD
FOREWORD By Dr. Jack Caravelli
T
he early months of 2018 underscored the lengthening shadow of cyber threats to critical infrastructure – energy assets, banking and transport – around the globe. For those charged with protecting critical infrastructure, cyber challenges augment rather than replace the scope of physical threats and challenges extant for decades, resulting in the need for considerable demands for improved and expanded training, resources and planning. This is a striking if not unique example of the ongoing battle under the critical infrastructure “umbrella” of offence against defence. It is a battle which must be won. New challenges will arise. Saudi Arabia, for example, is planning the development of commercial nuclear power as a centrepiece of its vision 2030 national strategic plan. Doing so will take years, but also involve extensive safety and security planning in one of the world’s most fragile political regions. These issues are examined with great skill and insight in Colonel H.R. Naidu Gade’s “India’s Nuclear Security Preparedness.” Colonel Gade takes the reader succinctly through the threats to India’s extensive nuclear infrastructure, examining both external threats from neighbouring Pakistan such as the deadly Lashkar e Taiba (LeT) terrorist organisation
of India has established policies, practices and institutions to deal with the threat environment. Governments as well as industry are not powerless in the face of extended threats. On the contrary, India has shown a commitment to active and expanded efforts to recalibrate its security procedures internally and work with international partners. This is the best but still not guaranteed path to success. Colonel’s Gade’s macro approach is finely balanced by the discussion of human trust factors in Zsuzsanna Balogh’s equally insightful piece “Human Components of Critical Infrastructure Protection.” Human interaction with critical infrastructure is a daily, ongoing set of activities, many carried out unconsciously such as going to an ATM bank machine as the author notes. Some of these activities also are coordinated and some are not, forming a mosaic of human interaction with critical infrastructure. On the professional level, the interaction of hundreds of experts with different training and skill sets melds, ideally, into a robust set of capabilities. At the same time, these capabilities are fragile, susceptible to human error, incompetence and malevolence. It is virtually inevitable – as shown in many national
as well as Maoist organisations operating in India. Gade shows the reader the scope of India’s nuclear assets, leading to the immediate conclusion that the challenges of preserving and enhancing safety and security are daunting. Perhaps the most appreciated aspect of Gade’s fine overview is the extent to which the Government
infrastructure settings – that systems and capabilities can fail and will be subject to attack. Almost always, those problems have short or limited duration. Resilience, an enduring British trait, can be a critical factor in recovering. At the same time, and as Balogh underscores, questions still remain about the way and extent to which individuals retain trust in the
criticalinfrastructureprotectionreview.com
9
FOREWORD
infrastructure. That question is not easily answered or quantified but merits ongoing attention and Balogh does considerable service by placing a spotlight on it. While Britain long has been recognised for its maritime prowess, it is one of the driving forces in civil aviation. That leading role brings responsibility in many areas, not least in properly organising security functions. Air Commodore Peter Drissell’s excellent review of major changes in British thinking on aviation security was reflected in an April 2014 move to have the Civil Aviation Authority (CAA), which assumed new security responsibilities. As Drissell recounts, the critical change was moving British regulations from a Direct and Inspect regime, which often resulted in little dialogue between regulator and operator. The result was, in the author’s words, a “cyclic and inconsistent performance across industry.” Having managed large programs in the US federal government, I found Commodore Drisell’s insights enlightening but also highly candid as managing major change in any bureaucratic setting is never easy. I will leave it to the reader to finish the rest of the story regarding how the CAA will pick up and implement the challenges it faces over the next few years. Finally, Rogerio Winters and colleagues take
As the reader takes on these articles – and they all merit close attention for their insights and erudition – pehaps he/she will share my personal view, having had the benefit of reading them already, that we can have renewed confidence in the myriad ways the international community is well served by the expertise and dedication reflected in the following pages. I hope you will discover the same pleasure and confidence. ■
a rigorously researched approach in “Brazilian Cybersecurity – The Challenge Among Technology, Processes, People and Environment.” It is a first class piece of work demonstrating the linkage between those various elements with implications for their support for E-Governance driven by a topic bound to catch the interest of many readers.
reduction programmes, which worked in Russia and other parts of the former Soviet Union to secure nuclear and radioactive materials at risk of theft or diversion. He is also the author of other books on national security policy, has appeared on the BBC and is a regular guest on various US television and radio talk shows. He is a visiting professor at the UK Defence Academy.
10 Critical Infrastructure Protection Review - Spring 2018
ABOUT DR JACK CARAVELLI Dr Jack Caravelli is the author of the recently published book, “The Age of Hatred: ISIS, Iran and the New Middle East”, which is listed on the UK and US Amazon websites. His career in service to the US government included a senior assignment on the White House National Security Council staff, where he was President Bill Clinton’s principal adviser on Russian and Middle Eastern non-proliferation issues. Mr Caravelli also served as a senior official at the US Department of Energy, where he managed the department’s threat
To receive a full version of the Critical Infrastructure Protection Review, please complete the Subscription Form. Please provide a valid corporate, government or academic email address. We reserve the right to refuse to accept any subscription at our discretion. If you have any queries, please email to: editorial@deltabusinessmedia.com
www.criticalinfrastructureprotectionreview.com
Published by Delta Business Media 3rd floor, 207 Regent Street, London, W1B 3HH, United Kingdom Tel: +44 (0) 20 7193 2303 Fax: +44 (0) 20 3014 7659 info@deltabusinessmedia.com www.deltabusinessmedia.com