Critical Infrastructure Protection & Resilience Europe

CPS Energy issues warning for drone owners

CPS Energy issued a warning for people who might have purchased or received drones over the holidays.

The utility said over the past few months it had four confirmed spottings of drones flying over critical infrastructure, like power plants.

“You don’t know whether or not the operator behind the drone is someone who’s up to criminal activity or someone who’s just playing with their Christmas gift,” Christine Patmon, CPS Energy spokesperson, said.

Patmon said the utility feared someone might obtain information that could shut down the energy system.


Successful Attacks On Oil And Gas Companies Increasing, Survey Shows

What remains unclear is how many of them actually impact critical industrial control systems.

The rate of cyberattacks and the number of successful attacks against organizations in the oil and gas industries are both continuing to increase, even as the ability to detect and respond to them is dropping, a new survey sponsored by Tripwire shows.

The security vendor commissioned Dimensional Research to survey IT professionals in the energy, utilities and gas industries and the results are based on responses from the over 150 professionals who participated in the study.

Eighty-two percent of the survey respondents said the number of successful attacks against their organizations had increased in the last 12 months. About 53 percent said the rate of cyberattacks, or attacks that were attempted but failed, increased between 50 percent and 100 percent during the same period.


Ard van der Steur, Minister of Security & Justice, The Netherlands will be giving on of the keynote at this year’s Critical Infrastructure Protection & Resilience Europe

Critical Infrastructure Protection & Resilience Europe is delighted to announce that Ard van der Steur, Minister of Security & Justice, The Netherlands will be giving the keynote address to open this year’s conference in The Hague from the 2nd -3rd March 2016

Some of the already confirmed speakers include:
– Matthias Ruete, Director General, DG HOME, European Commission
– Liviu Muresan, Executive President of EURISC Foundation – European Institute for Risk, Security and Communication Management, Romania
– Paul Gelton, Director of Resilience , Ministry of Security, The Netherlands
– Fred Ruonavar, Chief of the Contingency Operations and DoD Information Network (DoDIN) Critical Infrastructure Protection (CIP) Branch, Operations Directorate, Defense Information Systems Agency (DISA), USA
– Evangelos Ouzounis, Head of Unit – Secure Infrastructure and Services, European Union Agency for Network and Information Security – ENISA
– Andrew Wright, Head of Industrial Resources and Communications Services Group, NATO
– Cinzia Secchi, Manager of Integrated Prevention System Unit, Lombardy Region – G.D. Safety, Civil Protection and Immigration, Italy
– Jaime Martin Perez, Project Manager, Homeland Security and Defence Sector, Research & Innovation, ATOS
– Florian Haacke, CSO / Head of Group Security, RWE, Germany
– Ian Betts, Global Head, Risk Analysis, G4S Risk Consulting Ltd
– Elena Ragazzi, Project Coordinator ESSENCE, Italy
– Bharat Thakrar, Cyber Resilience & Advanced Threat Defence, BT Security Enterprise, BT GS, UK
– Dietmar Gollnick, CEO, e*Message W.I.S. Deutschland GmbH, Germany
– Dr Albert Fritzsche, Researcher, University Erlangen-Nuerenberg, Germany
– Ms. Lina Kolesnikova, Fellow, Institute of Civil Protection and Emergency Management
– Selcuk Nisancioglu, Senior Researcher, Federal Highways Research

For more go to:

Flooding – Keeping the power on!

by Tony Kingham, Editor, World Security Report

One of the recurring themes that comes up repeatedly at our Critical Infrastructure Protection and Resilience events in Europe and Asia, is that whilst the threat of terror attacks on our critical national infrastructure is an ever present danger, the reality is that for most of us, some sort of natural disaster like flooding, is far more likely to affect our daily lives than a terrorist attack.

Indeed back in 2000 my own home, which at the time was 125 years old, flooded for the first time and the local church which has been around since the 14th Century was also flooded for the first time.

The immediate cause, we were told, was a very biblical 40 days of rainfall, which we had of course noticed, combined with an exceptionally high tide. Being 20 miles inland with only a small stream running through the valley, the high tide issue came as a bit more of a surprise.

Other factors probably added to this “exceptional” event such as the changing of river courses, silting of rivers, greater numbers of houses using outdated Victorian drainage systems etc. but the experience really just confirmed what we already believed and that was that something is changing in our weather system and the local environment, and not for the better.

The UK’s Met Office has recently reported that global temperatures are set to rise more than one degree above pre-industrial levels and another report published in Nature, has now officially confirmed that global warming is changing global weather patterns and extreme heat waves and heavy rain storms are happening with increasing regularity worldwide.

Prof Stephen Belcher, of the UK’s Met Office said in delivering his report: “This is the first time we’re set to reach the 1C marker and it’s clear that it is human influence driving our modern climate into uncharted territory.”

We have surely reached the point when even the most ardent climate change deniers will struggle to maintain their stance, and even if they continue to blame the changes on other causes, they surely can’t deny that whatever the cause, doing nothing is no longer an option.

When it comes to rainfall, the equation is really quite simple; higher temperatures mean increased evaporation of the oceans, more evaporation means more cloud and water in the atmosphere and more cloud and water means more storms and rainfall. Add to that the melting ice caps and permafrost and you have a future with increasing extreme storms and flooding.

So what do these changing weather patterns mean to our critical national infrastructure. Well my own experience of what was really only localised flooding shows how vulnerable our national infrastructure really is. Power to the whole village was out for some time, the phone lines as well and the local emergency services were simply overwhelmed.

It also demonstrated the interdependence of all the infrastructure services that we depend on for our daily lives.

According to a report by the UK Parliament – The highly connected nature of NI is a major concern for sector operators trying to improve its resilience. The two main forms of interdependence are Cascade Failure and Single Point of Failure. Infrastructure components often exhibit a chain of dependencies. For example, water companies rely on energy companies for their power supplies and both sectors need communications to coordinate the functioning of their assets. Failure of one component in such a chain will thus propagate to dependents, a process dubbed ‘Cascade Failure’.

Since neither the extent nor complexity of chains of dependence is well known, cascade failure may represent a significant threat to infrastructure. When a number of components are dependent on a single asset, or type of asset, this becomes a Single Point of Failure (SPF). In this sense Regional Convergence, where multiple infrastructure components are located in the same area, is a form of SPF, and constitutes a risk to resilience by magnifying the impact of localised disasters.

Simply put, if the power goes off, so too might the water treatment and fresh water pumping stations, gas distribution system, phone lines, ISP’s, supply chain distribution for fuel and food etc.
Electricity sub stations in particular are a vulnerable part of the power grid system and CNI.


Cumbrian flood defences and critical infrastructure to be assessed

Local authorities, the Environment Agency and community planning groups will come together under a new Cumbrian Floods Partnership to consider what improvements are needed to the region’s defences.

Announced by environment secretary Elizabeth Truss today, the partnership will look at upstream options for slowing key rivers to reduce the intensity of water flows at peak times and build better links between local residents and flood defence planning groups.

Chaired by floods minister Rory Stewart, the group will publish a Cumbria Action Plan next summer. Stewart will also be taking on a special Floods Envoy role across Cumbria and Lancashire, the two worst-affected regions, to coordinate the flood recovery operations over the coming months.


The vulnerability and threat landscape in 2016

As software vulnerabilities are the root cause of many security issues (because vulnerable software is an open door for hackers attempting to access an IT infrastructure), understanding how to deal with them is a critical component for protecting any organisation from security breaches. IT teams must know when a vulnerability is threatening the infrastructure, where it will have the most critical impact, what the right mitigation strategy is and how to deploy it.

For as long as Secunia Research at Flexera Software has been monitoring the vulnerability landscape, the trend has been increasing. The total number of vulnerabilities increased by 55 per cent from 2009 to 2014 and we are expecting the trend to continue. This presents IT teams with the huge challenge of how to retain control over increasingly complex infrastructures and user device autonomy.

The frequency of vulnerabilities underscores the importance of regularly monitoring and patching all applications. This is a daunting task, and one that cannot be dealt with without automation. In addition, technically it is never possible to patch or apply work-arounds to all vulnerable programs on all devices immediately – which is why prioritisation of remediation efforts is a key element in securing data.


Cybersecurity focus increases in Canada, U.S. and U.K.

Over the past week, major initiatives have been launched in Canada, the United States and the United Kingdom focused on enhancing cybersecurity.
In Canada last week, the Canadian Council of Chief Executives and a group of leading Canadian companies recently announced plans for an independent, not-for-profit organization, the Canadian Cyber Threat Exchange (CCTX), to help Canadian businesses and consumers guard against cyber attacks.

Launching in 2016, the CCTX will work to share information about cyber threats and vulnerabilities among businesses, government and research institutions. It will provide its members and the general public with analysis of cybersecurity issues and act as a point of contact for cyber information-sharing organizations in other countries.

“Cybersecurity is top of mind for companies and institutions around the world,” said John Manley, President and CEO of the Canadian Council of Chief Executives. “CCTX will help member firms and organizations of all sizes by allowing them to gather, analyze and disseminate information about cyber attacks and mitigation options, and by building awareness of emerging cyber threats.”


Belden Delivers Cyber Security Solutions for Critical Infrastructure

Belden Inc., a global leader in high quality, end-to-end signal transmission solutions for mission-critical applications, today announced that Tripwire cyber security solutions for vulnerability and log management now support its brands, GarrettCom and Tofino Security’s products. The new, integrated solutions deliver an added level of cyber security assurance for mission-critical industrial networks. Tripwire, Tofino Security and GarrettCom are part of Belden’s portfolio of industry leading solutions.

To help protect critical infrastructure organizations from cyber-attacks, Tripwire Log Center now collects and processes logs from both GarrettCom switches and routers and the Tofino Xenon Security Appliance. Mutual customers can search and report on events of interest, generate alerts and build correlation rules for these devices as well as the additional 274 devices supported by Tripwire Log Center.

Tripwire IP360, an industry-leading vulnerability management solution, now discovers and profiles GarrettCom switches and routers. Joint customers can easily identify Belden devices in their environments and address many common security issues and vulnerabilities affecting a wide range of operating systems and applications.



Critical Infrastructure Protection & Resilience Europe is the regions premier conference and exhibition on securing Europe’s critical national infrastructure. Leading the debate and discussions for stakeholders, operators and agencies involved in CIP and CIIP.

Wireless network the weakest security link in enterprise IT infrastructure

A recent survey from global leader in high performance cyber security solutions, Fortinet reveals that wireless networks are the most vulnerable element of IT infrastructure. Nearly half (49%) of global respondents consisting of Information Technology decision makers (ITDMs) ranked wireless networks as the most exposed from a security standpoint, in contrast to just 29% for the core network.

Insufficient wireless security is also a concern for almost all (92%) of the CIOs polled in the Fortinet survey, which is hardly surprising given that more than one-third of the enterprise wireless networks for internal employees do not have the basic security function of authentication in place.