Links
Cybersecurity and Infrastructure Security Agency (CISA) - The Pipeline Cybersecurity Initiative (PCI) was established to help CISA, the Transportation Security Administration (TSA), and interagency partners build a better understanding of the cybersecurity posture of America’s oil and natural gas (ONG) pipeline industry.
The Pipeline Cybersecurity Initiative (PCI).
US Department of Homeland Security - The Cybersecurity for the Oil and Gas Sector (COGS) project undertakes collaborative research and development (R&D) efforts to improve the level of cybersecurity in critical systems of interest to the oil and natural gas sector. The project objective is to promote the interests of the sector while maintaining impartiality, the independence of the participants and vendor neutrality.
Cybersecurity for the Oil and Gas Sector (COGS), US Department of Homeland Security.
The US 2015 Energy Sector-Specific Plan (SSP) was developed in accordance with the NIPP 2013: Partnering for Critical Infrastructure Security and Resilience, which guides the national effort to manage risk to the Nation’s critical infrastructure. The U.S. Department of Energy (DOE), as the Sector-Specific Agency (SSA) for the Energy Sector, led the development of the 2015 Energy SSP in close collaboration with its sector partners. A myriad of Energy Sector partners exist in both private and public sectors in the Critical Infrastructure Partnership Advisory Council (CIPAC) framework, under which the Electricity and Oil and Natural Gas Subsector Coordinating Councils (SCCs) and the Energy Government Coordinating Council (GCC) operate.
The Department of Energy (DOE) has statutory, sector-specific, scientific, and national security missions that contribute to advancing our Nation’s cybersecurity. DOE is responsible for its own enterprise cybersecurity as well as supporting the sector’s efforts to strengthen cybersecurity.
The National Cybersecurity Center of Excellence (NCCoE) developed an example solution that electric utilities can use to more securely and efficiently manage access to the networked devices and facilities on which power generation, transmission, and distribution depend. This National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide uses commercially available products that can be included alongside your current products in your existing infrastructure. The integration of these products provides a converged view of all users within the electric utility’s operational technology (OT) systems and information technology (IT) systems, as well as access to buildings and other facilities.
Identity and Access Management for Electric Utilities
The European Union Agency for the Cooperation of Energy Regulators (ACER) was established in March 2011 by the Third Energy Package legislation as an independent body to foster the integration and completion of the European Internal Energy Market for electricity and natural gas. ACER is one of the EU decentralised agencies. Distinct from the EU institutions, agencies are set up as separate legal entities to perform specific technical and scientific tasks that help EU institutions and Member States to implement policies and take decisions.
The European Union Agency for the Cooperation of Energy Regulators (ACER)
This study provides an assessment of existing European policies and legislation to address cyber security in the energy sector and recommends additional policy prescriptions that may be necessary to protect Europe and its citizens. The assessment is based upon a review of the profound changes that the energy system is undergoing. It is against these current and future challenges that existing Cyber security policy and actions must be measured.
EU - Cyber Security Strategy for the Energy Sector
The Council of European Energy Regulators (CEER) is the voice of Europe's national energy regulators at EU and international level. Through CEER, the national regulators cooperate and exchange best practices. The overall aim of the Council of European Energy Regulators is to facilitate the creation of a single, competitive, efficient and sustainable internal market for gas and electricity in Europe. The CEER acts as a platform for cooperation, information exchange and assistance between Europe's national energy regulators and is their interface at EU and international level. On EU issues, CEER works very closely with (and supports) the Agency for the Cooperation of Energy Regulators (ACER), an EU Agency formed for the cooperation of energy regulators. CEER also strives to share regulatory best practice worldwide through its membership in the International Confederation of Energy Regulators (ICER) which brings together similar associations from across the globe including NARUC (America), ERRA (Central/Eastern Europe) and MEDREG (the Mediterranean region).
CEER, the voice of Europe’s energy regulators.
The objective of this paper is to provide European energy regulators’ views on the content and process for the preparation of D-NDPs. It addresses aspects DSOs should take into account when preparing and consulting on their network development plans, as well as actions that national regulatory authorities (NRAs) could take to foster transparency and participation in distribution network planning processes.
CEER Views on Electricity Distribution Network Development Plans.
Our websites
a. Sectors and Industries.
2. Social Engineering Training
12. Transport Cybersecurity Toolkit
14. Sanctions Risk
15. Travel Security
b. Understanding Cybersecurity.
4. What is Synthetic Identity Fraud?
c. Understanding Cybersecurity in the European Union.
2. The Digital Operational Resilience Act (DORA)
3. The Critical Entities Resilience Directive (CER)
5. The European Data Governance Act (DGA)
6. The European Cyber Resilience Act (CRA)
7. The Digital Services Act (DSA)
8. The Digital Markets Act (DMA)
10. The Artificial Intelligence Act
11. The Artificial Intelligence Liability Directive
12. The Framework for Artificial Intelligence Cybersecurity Practices (FAICP)
13. The EU Cyber Solidarity Act
14. The Digital Networks Act (DNA)
15. The European ePrivacy Regulation
16. The European Digital Identity Regulation
17. The European Media Freedom Act (EMFA)
18. The Corporate Sustainability Due Diligence Directive (CSDDD)
19. The European Health Data Space (EHDS)
20. The European Financial Data Space (EFDS)
21. The Financial Data Access (FiDA) Regulation
22. The Payment Services Directive 3 (PSD3), Payment Services Regulation (PSR)
23. The European Cyber Defence Policy
24. The Strategic Compass of the European Union
25. The EU Cyber Diplomacy Toolbox
The exchange of information between the private and the public sector
Cyber Risk GmbH supports the national strategy for the protection of Switzerland against cyber risks (NCS), and promotes the exchange of information.
We often read that the public sector must learn from the private sector. We strongly believe that the opposite is more important. The private sector must learn from the public sector:
1. Switzerland, NDB. The Federal Intelligence Service (Nachrichtendienst des Bundes) works for the prevention of terrorism, violent extremism, espionage, proliferation of weapons of mass destruction and their delivery system technology, as well as cyberattacks against the critical infrastructure.
https://www.vbs.admin.ch/de/vbs/organisation/verwaltungseinheiten/nachrichtendienst.html
2. Switzerland, NCSC. The National Cybersecurity Centre (Nationale Zentrum für Cybersicherheit) is the Swiss Confederation's competence centre for cybersecurity and thus the first contact point for businesses, public administrations, educational institutions and the general public. It is responsible for the coordinated implementation of the national strategy for the protection of Switzerland against cyber-risks (NCS).
3. Switzerland, Cybercrimepolice.ch. The Zurich Cantonal Police (Kantonspolizei Zürich) operates www.cybercrimepolice.ch
https://www.cybercrimepolice.ch
4. Switzerland, SKP. The Swiss Crime Prevention (Schweizerische Kriminalprävention) is an agency specializing in the prevention of crime and the fear of crime.
5. Switzerland, GovCERT. The Computer Emergency Response Team of the Swiss government, the official national CERT of Switzerland.
6. Germany, BfV - The domestic intelligence service of the Federal Republic of Germany (Bundesamt für Verfassungsschutz). The Office for the Protection of the Constitution ensures that the free democratic basic order is secured at federal level and in the 16 federal states.
https://www.verfassungsschutz.de
7. Germany, BND - The foreign intelligence service of the Federal Republic of Germany (Bundesnachrichtendienst). The BND works for the acquisition and processing of information, to inform the federal government on developments important for foreign and security policy.
8. Germany - BAMAD. The military counter-intelligence service (Bundesamt für den Militärischen Abschirmdienst) is one of the three German intelligence services at federal level, and works for the protection of the constitution. The Military Counterintelligence Service Report is highly recommended (https://www.bundeswehr.de/resource/blob/5361404/4fa2a6e88f8fc77863022395942e6241/mad-report-2020-data.pdf).
9. Canada - CSIS. The Canadian Security Intelligence Service investigates activities suspected of constituting threats to the security of Canada, and reports to the Government of Canada. They take measures to reduce threats to the security of Canada.
https://www.canada.ca/en/security-intelligence-service.html
10. UK - MI5. For more than a century, MI5 protects the UK from a range of threats, whether it be from terrorism or hostile activity by states.
11. UK - MI6. They have three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.
12. UK - GCHQ. With priorities set by the UK’s National Security Strategy and the decisions of the National Security Council, chaired by the Prime Minister, as well as the Joint Intelligence Committee.
13. UK - NCA. The National Crime Agency houses the UK’s International Crime Bureaux including INTERPOL and EUROPOL. They manage the routine exchange of police and law enforcement information through these channels and provide access to international databases and capabilities.
https://www.nationalcrimeagency.gov.uk
14. US - ODNI. The Office of the Director of National Intelligence serves as the head of the U.S. Intelligence Community, overseeing and directing the implementation of the National Intelligence Program and acting as the principal advisor to the President, the National Security Council, and the Homeland Security Council for intelligence matters related to national security.
15. US - CIA. The Central Intelligence Agency provides intelligence on foreign countries and global issues to the president, the National Security Council, and other policymakers to help them make national security decisions.
16. US - NSA. The National Security Agency leads the U.S. Government in cryptology that encompasses both signals intelligence (SIGINT) insights and cybersecurity products and services.
17. US - FBI. The Federal Bureau of Investigation protect the U.S. from terrorist attacks, against foreign intelligence, espionage, and cyber operations. FBI combats significant cyber criminal activity.
18. Australia, ASIO. The Australian Security Intelligence Organisation protects Australia and its people from acts of foreign interference, attacks on Australia’s defence systems, espionage, politically motivated violence including terrorism, promotion of communal violence, sabotage, and serious threats to Australia’s border integrity.
19. Australia, ONI. The Office of National Intelligence, following the passage of the Office of National Intelligence Act (2018), came into being on 20 December 2018. Represents a key component in the formation of Australia’s new National Intelligence Community (NIC), and is responsible for enterprise level management of the NIC, ensuring a single point of accountability to the Prime Minister and National Security Committee of Cabinet.
20. Australia, ASIS. The Australian Secret Intelligence Service is Australia's foreign intelligence collection agency. They collect and distribute secret foreign intelligence, information which would be otherwise unavailable to Australia, to protect Australia and its interests.