The US Department of Energy (DOE) developed the Oil and Natural Gas Subsector Cybersecurity Capability Maturity Model (ONG-C2M2) as a derivative of the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2). The ES-C2M2 was developed in support of a White House initiative led by the DOE, in partnership with the Department of Homeland Security (DHS), and in collaboration with private- and public-sector experts.
The US 2015 Energy Sector-Specific Plan (SSP) was developed in accordance with the NIPP 2013: Partnering for Critical Infrastructure Security and Resilience, which guides the national effort to manage risk to the Nation’s critical infrastructure. The U.S. Department of Energy (DOE), as the Sector-Specific Agency (SSA) for the Energy Sector, led the development of the 2015 Energy SSP in close collaboration with its sector partners. A myriad of Energy Sector partners exist in both private and public sectors in the Critical Infrastructure Partnership Advisory Council (CIPAC) framework, under which the Electricity and Oil and Natural Gas Subsector Coordinating Councils (SCCs) and the Energy Government Coordinating Council (GCC) operate.
The Department of Energy (DOE) has statutory, sector-specific, scientific, and national security missions that contribute to advancing our Nation’s cybersecurity. DOE is responsible for its own enterprise cybersecurity as well as supporting the sector’s efforts to strengthen cybersecurity.
The European Union Agency for the Cooperation of Energy Regulators (ACER) was established in March 2011 by theThird Energy Package legislation as an independent body to foster the integration and completion of the European Internal Energy Market for electricity and natural gas. ACER is one of the EU decentralised agencies. Distinct from the EU institutions, agencies are set up as separate legal entities to perform specific technical and scientific tasks that help EU institutions and Member States to implement policies and take decisions.
This study provides an assessment of existing European policies and legislation to address cyber security in the energy sector and recommends additional policy prescriptions that may be necessary to protect Europe and its citizens. The assessment is based upon a review of the profound changes that the energy system is undergoing. It is against these current and future challenges that existing Cyber security policy and actions must be measured.
The Council of European Energy Regulators (CEER) is the voice of Europe's national energy regulators at EU and international level. Through CEER, the national regulators cooperate and exchange best practices. The overall aim of the Council of European Energy Regulators is to facilitate the creation of a single, competitive, efficient and sustainable internal market for gas and electricity in Europe. The CEER acts as a platform for cooperation, information exchange and assistance between Europe's national energy regulators and is their interface at EU and international level. On EU issues, CEER works very closely with (and supports) the Agency for the Cooperation of Energy Regulators (ACER), an EU Agency formed for the cooperation of energy regulators. CEER also strives to share regulatory best practice worldwide through its membership in the International Confederation of Energy Regulators (ICER) which brings together similar associations from across the globe including NARUC (America), ERRA (Central/Eastern Europe) and MEDREG (the Mediterranean region).
a. Sectors and Industries.
14. Sanctions Risk
15. Travel Security
b. Understanding Cybersecurity.
c. Understanding Cybersecurity in the European Union.
The exchange of information between the private and the public sector
Cyber Risk GmbH supports the national strategy for the protection of Switzerland against cyber risks (NCS), and promotes the exchange of information.
We often read that the public sector must learn from the private sector. We strongly believe that the opposite is more important. The private sector must learn from the public sector:
1. Switzerland, NDB. The Federal Intelligence Service (Nachrichtendienst des Bundes) works for the prevention of terrorism, violent extremism, espionage, proliferation of weapons of mass destruction and their delivery system technology, as well as cyberattacks against the critical infrastructure.
2. Switzerland, NCSC. The National Cybersecurity Centre (Nationale Zentrum für Cybersicherheit) is the Swiss Confederation's competence centre for cybersecurity and thus the first contact point for businesses, public administrations, educational institutions and the general public. It is responsible for the coordinated implementation of the national strategy for the protection of Switzerland against cyber-risks (NCS).
3. Switzerland, Cybercrimepolice.ch. The Zurich Cantonal Police (Kantonspolizei Zürich) operates www.cybercrimepolice.ch
4. Switzerland, SKP. The Swiss Crime Prevention (Schweizerische Kriminalprävention) is an agency specializing in the prevention of crime and the fear of crime.
5. Switzerland, GovCERT. The Computer Emergency Response Team of the Swiss government, the official national CERT of Switzerland.
6. Germany, BfV - The domestic intelligence service of the Federal Republic of Germany (Bundesamt für Verfassungsschutz). The Office for the Protection of the Constitution ensures that the free democratic basic order is secured at federal level and in the 16 federal states.
7. Germany, BND - The foreign intelligence service of the Federal Republic of Germany (Bundesnachrichtendienst). The BND works for the acquisition and processing of information, to inform the federal government on developments important for foreign and security policy.
8. Germany - BAMAD. The military counter-intelligence service (Bundesamt für den Militärischen Abschirmdienst) is one of the three German intelligence services at federal level, and works for the protection of the constitution. The Military Counterintelligence Service Report is highly recommended (https://www.bundeswehr.de/resource/blob/5361404/4fa2a6e88f8fc77863022395942e6241/mad-report-2020-data.pdf).
9. Canada - CSIS. The Canadian Security Intelligence Service investigates activities suspected of constituting threats to the security of Canada, and reports to the Government of Canada. They take measures to reduce threats to the security of Canada.
10. UK - MI5. For more than a century, MI5 protects the UK from a range of threats, whether it be from terrorism or hostile activity by states.
11. UK - MI6. They have three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.
12. UK - GCHQ. With priorities set by the UK’s National Security Strategy and the decisions of the National Security Council, chaired by the Prime Minister, as well as the Joint Intelligence Committee.
13. UK - NCA. The National Crime Agency houses the UK’s International Crime Bureaux including INTERPOL and EUROPOL. They manage the routine exchange of police and law enforcement information through these channels and provide access to international databases and capabilities.
14. US - ODNI. The Office of the Director of National Intelligence serves as the head of the U.S. Intelligence Community, overseeing and directing the implementation of the National Intelligence Program and acting as the principal advisor to the President, the National Security Council, and the Homeland Security Council for intelligence matters related to national security.
15. US - CIA. The Central Intelligence Agency provides intelligence on foreign countries and global issues to the president, the National Security Council, and other policymakers to help them make national security decisions.
16. US - NSA. The National Security Agency leads the U.S. Government in cryptology that encompasses both signals intelligence (SIGINT) insights and cybersecurity products and services.
17. US - FBI. The Federal Bureau of Investigation protect the U.S. from terrorist attacks, against foreign intelligence, espionage, and cyber operations. FBI combats significant cyber criminal activity.
18. Australia, ASIO. The Australian Security Intelligence Organisation protects Australia and its people from acts of foreign interference, attacks on Australia’s defence systems, espionage, politically motivated violence including terrorism, promotion of communal violence, sabotage, and serious threats to Australia’s border integrity.
19. Australia, ONI. The Office of National Intelligence, following the passage of the Office of National Intelligence Act (2018), came into being on 20 December 2018. Represents a key component in the formation of Australia’s new National Intelligence Community (NIC), and is responsible for enterprise level management of the NIC, ensuring a single point of accountability to the Prime Minister and National Security Committee of Cabinet.
20. Australia, ASIS. The Australian Secret Intelligence Service is Australia's foreign intelligence collection agency. They collect and distribute secret foreign intelligence, information which would be otherwise unavailable to Australia, to protect Australia and its interests.