Page:ISC-China.pdf/189

Rh It carries out a number of tailored briefings and engagements at Energy sector forums, which include a considerable focus on China and the wider HSA threat.

In response to suspected hostile reconnaissance by *** at Energy CNI sites ***. (This is an example of non-China-specific work which will nonetheless help harden the UK's CNI ***.)

At the time of writing, the National Cyber Security Centre (NCSC) agreed an annual plan of work with the (then) Department for Business, Energy and Industrial Strategy (BEIS) for its support to the Energy sector. Examples of NCSC's work in this area include:

the provision of technical support to a new Industrial Control System for Electricity Northwest, one of the UK’s six electricity distribution companies, serving over 2.4m homes;

a technical design review of Greenergy's implementation of Fuel-FACS, a piece of software that is used to automate fuel terminal operations (Greenergy supplies up to 35% of the UK’s road fuel);

a review of cyber security improvements at South Hook Liquefied Natural Gas Terminal, a facility that has the capability to supply up to 20% of the UK's gas; and

a 'deep-dive' consulting exercise with National Grid over changes to the Balancing Mechanism, the system that ensures the UK’s electricity supply meets demand.

In addition to the specific advice offered to the Civil Nuclear or Energy sectors, there are a number of CPNI/NCSC initiatives that are not sector-specific—for example:

'Secure Business' risk management advice for UK companies doing business with hostile states—which is freely available on the CPNI and NCSC websites;

Project CONISTON, which sought to communicate the Chinese insider threat across Government and Industry (amongst the CONISTON work strands were a series of briefings advising Government departments and UK Industry representatives on how to detect malicious targeting of staff on their networks); and