Mr. John Harrison is an independent consultant and engineer with over 30 years experience in the telecommunications industry working for BT. Since 1996 he has worked in the field of Critical Information Infrastructure Protection and for the last six years supported the UKs CPNI and their trusted information sharing WARP programme www.warp.gov.uk, as well as a number of projects on infrastructure resilience. John and his team at landitD have recently completed work on the EC funded project "messaging standard for sharing security information (MS3i)" (www.ms3i.eu) as well as the ENISA guide on "trusted information Exchanges". Mr. Harrison is currently working on the 2 year EC funded project "National and European Information Sharing and Alerting System (NEISAS)", as well as continuing to support the WARP programme.
Trusted Information Sharing
The recent 2009 Communication from the European Commission on Critical Information Infrastructure Protection [COM(2009) 149 - "Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience"] reported that the World Economic Forum estimated in 2008 that there is a 10-20% probability of a major critical information infrastructure breakdown in the next 10 years, with a potential global economic cost of ~ 250 billion US$. The Communication went on to say that in addressing the problem "cooperation and information sharing between Member States of reliable and actionable data on security incidents appears underdeveloped". The action plan in the Communication includes many references to the need for effective information sharing and exchange, all of which it is argued must start by building trust between those taking part in both the public and private sectors. This session looks at the background to trusted information sharing as a means to help protect Critical Information Infrastructures and to help build citizens confidence in these infrastructures. The session looks at the different information sharing models in common use together with some case studies of real life examples. Particular attention will be focussed on building trust where research from the WARP programme in the UK (www.warp.gov.uk) and the EC project MS3i (www.ms3i.eu) will be presented. The concluding part of this session will look at the recent ENISA Guide on building "Trusted Information Exchanges" which was created from an analysis of good practice in a number of European countries and the US.