Critical Information Infrastructure Protection Initiative (*GFCE Initiative)

Summary

The GFCE-Meridian initiative aims to support government policy makers with responsibility for Critical Information Infrastructure Protection (CIIP) to understand the implications and consequences of cybersecurity issues and to maintain an awareness of current developments. By working together in a global initiative, the initiators leverage their CIIP expertise for the benefit of a broader audience to help develop CIIP capabilities, particularly in developing countries. This initiative is run by the Meridian Community, a large group of officials from 60+ countries. Since 2005, with the help of the Meridian Coordinator, a different country volunteers each year to organise the Annual Meridian CIIP  Conference for government CIIP policy officials.

Country participants of this initiative will automatically get access to the Meridian Community. This means access to Meridian Conferences, and eventually the Meridian membership portal (CIIP best practices, CIIP directory with expert contacts, etc.)

Details

Aim

This initiative by Spain, Switzerland, Norway and The Netherlands (as members and partners of the Global Forum on Cyber Expertise) aims to support policy makers with responsibility for Critical Information Infrastructure Protection (CIIP) to understand the implications and consequences of cybersecurity issues and to maintain an awareness of current developments. By working together in a global initiative the initiators leverage their CIIP expertise for the benefit of a broader audience to help develop CIIP capabilities, particularly in developing countries.

Context

CIIP is a vital component of cybersecurity that is sometimes overlooked in favour of more obvious aspects such as cybercrime and awareness-raising. Most countries understand the need to protect their critical infrastructures such as rail networks, power stations, airports etc, and any cross-border infrastructures such as gas pipelines and water supply systems. It is even more important however to protect the Critical Information Infrastructures such as telecommunications and data networks, financial systems and process control systems, because these don’t just cross borders, but are connected to every other part of the world, through the internet and other networks. That means they are all dependent on each other’s security, as the weakest link can cause vulnerabilities for many others. It is therefore of ever-increasing importance to us all.

Outcomes

1. Global Good Practices: Critical Information Infrastructure Protection (CIIP)
2. The GFCE-MERIDIAN Good Practice Guide on CIIP for Governmental Policy-Makers
3. Companion Document to the GFCE-MERIDIAN GPGuide on CIIP

Expected outcomes in 2016

• Research into specific CIIP relevant topics (initiated or in collaboration with existing researches). A CIIP maturity building blocks research project will be developed in partnership with the Meridian Community.
• Workshop aimed at developing countries to establish a baseline of CIIP knowledge. This would include basic CII sector definition, CERT models, NCSS, PPP and similar concepts. This could be a ‘primer’ day in advance of the Meridian Conference.
• Periodic topical seminars and workshops (possibly online), building upon the accumulated results and outputs of the various sessions at Meridian Conferences over the past 11 years. Building on prototyping of a ‘primer’ day at M2016, a ‘roadshow’ version could also be developed for ad-hoc deployment as required.
• Creation of Good Practice guidelines on aspects of CIIP. Appropriate past Meridian workshops will be developed into Good Practice guidelines e.g. Risk-Management for Strategic Decision Makers

Expected outcomes in 2017 and beyond

• Tool-kits or learning materials (virtual or physical) tailored to specific CIIP issues. The Meridian Community will be canvassed for suggestions and initiatives which may be developed and promoted via Meridian. Tool-kits or learning materials (virtual or physical) will be tailored to specific CIIP issues.

For more information please visit the GFCE website