CPNI
Protecting UK critical national infrastructure by securing industrial control systems
The UK Government's Centre for the Protection of National Infrastructure asked PA to develop guidance documents on protecting Industrial Control Systems
In our technology-driven world, the services we rely on need robust data, networks and systems. But as these are digital, they’re vulnerable to cyber-attack. To fight this threat to our essential services, the Network and Information Systems Regulations (NISR) demands heightened cyber security.
Following the NISR will be challenging. From securing the right cyber skills to taking responsibility for cyber security in third-party suppliers, the regulations ask operators of essential services to take a fresh look at their cyber security. But done properly, compliance will improve cyber resilience, creating benefits that far outweigh the cost.
The NISR aim to protect essential services like healthcare, drinking water, oil and gas, energy, transport and online marketplaces from cyber security issues. To do this, the regulations focus on four areas:
Operators of essential services need to have structures, policies and processes in place to understand, assess and manage cyber security risks.
Operators of essential services must design, communicate and enforce proper security policies, processes and technologies to protect critical systems.
Operators of essential services should continuously check networks and systems to detect cyber security breaches in real-time.
Operators of essential services need defined and tested incident management processes to minimise the impact of breaches and restore services quickly. They also need to report certain incidents within 72 hours.
Our diverse team combines in-depth knowledge from all sectors covered by the NISR with cyber security expertise to design and deploy effective cyber security management systems. Our five-step approach covers the whole journey, from identifying the essential services, assets and systems through to assuring your ability to meet the requirements of the NISR.
We examine which services you run in which countries, and the networks and systems needed to deliver them, to define the NISR’s applicability to your organisation.
We evaluate your current cyber security measures against the NISR requirements to find gaps and assess the risks.
We work with you to design and implement a programme that resolves any cyber security gaps we find to mitigate the risks and improve resilience.
We hone your ability to recognise breaches and report them by preparing for incidents, ensuring you can respond and testing your plans and people.
We run an internal and independent assurance exercise to show your management and board that you’re compliant with the NISR.
The UK Government's Centre for the Protection of National Infrastructure asked PA to develop guidance documents on protecting Industrial Control Systems
Oman's Authority for Electricity Regulation asked PA to develop guidance on protecting the nation's electricity supply from cyber attack
PA helped to deliver a series of transformational changes that would allow the full spectrum of business operations to be performed by systems that could be managed and defended against advanced and persistent cyber attacks.
