Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
How Security enables the best journey
Building trust and delivering resilience
The best journey
INTERN
Door to door
Smart purchase Mobility
The shift to digital
INTERN
2003
70% 3%
Ticket office Self service
INTERN
2017
Ticket office Self service
6% 85%
INTERN
Kapittelnavn
Our app makes commuting less of a hassle
1.2,1 million app downloads 1.> 1/3 of Norwegian population
2.150 000 daily active users
Building trust
INTERN
• Digitalization challenges traditional trust building practices
• Digital technologies, both tools and systems, function as replacements for trusted human roles
• Most people do not understand the technology, much less the full digital supply chains involved
• Consent is given without understanding what is actually asked
• Customer data is used for unexpected purposes
INTERN
• Digital ethics and privacy, security a fundamental component
• Principled approach to collection and processing of customer data
• Consistent communication and behaviour throughout the digital customer journey
• Fair processing in keeping with customer expectations
INTERN
Delivering digital resilience
INTERN
Security & Safety
Physical Security
Personell Security
Information Security
Safety measures are created to protect people and property from injury or loss by circumstance,
accident or negligence
Security measures are created to protect people and property from injury or loss by deliberate
actions taken by people
Physical Security
Information Security
Personell Security
Analogue
InformationDigital
Information
Other things than
information
Cyber Security
IT Security
IT security is Information Security is Cyber Security…
INTERN
Why digital resilience?
• Individual assets combine multiple components
• The cyber/physical divide blurs
• Assets are linked to form individual systems and systems-of-systems shared amongst multiple stakeholders
Changes in the nature of transportation assets
• Assets are subject to a greater range of security threats
• Cyber security and physical safety can no longer be treated as separate concerns
• Determining where a transport operator’s (security) responsibilities end is no longer clear
The security implications are serious
Adapted from: Cyber Security and Resilience of Intelligent Public Transport, ENISA (2015)
Resilience – ability to resist, absorb, recover from or successfully adapt to adversity or a
change in conditions
INTERN
Key functions of the security office
Source: Structuring the Chief Information Security Officer Organization, SEI, Carnegie Mellon University
INTERN
Functional organisation
Chief Information Security Officer
Security Engineering and Asset Security
Application Security
Identity & Access Management
Host and Network Security
Physical Access Control
Information Asset Security
Security Operations
Center
Emergency Operations &
Incident mgmt.
Incident Response Team
Program management
Governance, Risk and Compliance
External Relations
Project management
Information Security Council
Adapted from: Structuring the Chief Information Security Officer Organization, SEI, Carnegie Mellon University
INTERN
Risk assessment
Risk Scenario
Asset
ThreatVulnerability
• Common threat assessment built on • Threat reports from national security services • Research reports (ENISA, ISF etc.) • Experience • Public incidents
• Vulnerabilities • Common to other ICT systems • Specific vulnerabilities in legacy systems • Fact based – scanning, audit, testing
INTERN
Govern
Building on common frameworks NSM Principles for ICT security, NIST Cyber Framework, CSC Top 20
Identify Protect Monitor Respond & Recover
INTERN
Future challenges
• Multiple operators sharing infrastructure
• Integration between carriers in multimodal transport systems
• Autonomous vehicles
• Mobility as a service (MaaS)…
• …in smart city environments
Source: Cyber Security and Resilience of Intelligent Public Transport, ENISA (2015)