Cyber Security in EU: ENISA approach

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cyber Security in EU: ENISA approach"

Transcription

1 Cyber Security in EU: ENISA approach Konstantinos Moulinos, Security Expert European Union Network and Information Security Agency Norwegian Energy Days 2015, Oslo European Union Agency for Network and Information Security

2 Securing Europe s Information Society Operational Office in Athens 2

3 Positioning ENISA activities 3

4 Terms and interrelationships Critical Infrastructure Protection* Energy Energy sector (e.g. gas, nuclear) Security & safety Energy sector Cybersecurity Smart grid cybersecurity National Cybersecurity Strategies 4

5 EU Policy Context Energy and CIIP Directive 114/2008 EU s CIIP action plan Proposal for a NIS Directive EU Cyber Security Strategy (COM Digital Single Market strategy 5

6 Why cyber? ICS-CERT Year in Review 2014 HP Enterprise Security s 2014 Global Report on the Cost of Cyber Crime by the Ponemon Institute Many incidents but no major disruptions yet Everybody agrees that we have to do something but what? 6

7 Cyber security management Smart grid dependencies on telcos Smart grid threat landscape Risk assessment Information Security Intelligence Smart grid devices certification ICS SCADA security Governance and roles Appropriate security measures Cost of implementation Security measures Incident Reporting Cyber Security is not only technical but also operational and organisational? Root causes? Assets affected 7

8 Governance models report- Why? Low participation of public authorities in EG2 ad hoc group on Smart grid security measures Overlapping mandates amongst different national authorities TSOs do not consider smart grid security as their problem Energy regulators usually not empowered with cyber security mandate Smart grids an emerging area sometimes not covered by CIIs 8

9 Status of existing governance models Legend: Size: Roles and Responsibilities o Small: No roles and responsibilities defined o Medium: Definition ongoing o Large: Roles and responsibilities already defined Color: Smart Grid Cybersecurity Framework o Red: Existing Smart Grid Cybersecurity Framework o Blue: No existing Smart Grid Cybersecurity Framework Sub-quadrants position: Smart Grids and Critical Infrastructure Protection o Right: Smart Grid part of National Cyber Security Strategy (NCSS) o Left: Smart Grid not part of NCSS o Up: Smart Grids part of National Critical Infrastructures (NCIs) o Down: Smart Grids not part of NCIs 9

10 An example of Incident Reporting: Telecoms Most major outages were caused by software bugs and hardware failures Detailed Causes and Affected Assets (Percentage of all incidents) Most major outages affected base stations and switches 10

11 ENISA effort in Smart Grids Challenging area, emerging technology Different types of stakeholders Various sizes of organizations Not a clear view of the market Setting baseline cyber security measures for Smart Grids Not an easy task Consensus is needed ENISA aims to reach better harmonisation across the EU this way contributing to the Digital Single Market Strategy Collaboration with the European Commission Smart Grids Task Force (SGTF) Adoption by the SGTF EG2 and CEN/CENELEC/ETSI Smart Grid Coordination Group Practical guide to deploy baseline security measures This year ENISA is developing a study on smart grid dependencies on telcos (expected mid of Nov.) 11

12 ENISA efforts EuroSCSIE ICS Security Stakeholder Group Protecting Industrial Control Systems. Recommendations for Europe and Member States Can we learn from SCADA security incidents? Window of exposure a real problem for SCADA systems? Good Practices for an EU ICS Testing Coordination Capability Certification of Cyber Security skills of ICS/SCADA professionals This year ENISA is developing a study on ICS SCADA maturity models (expected mid of November) 12

13 like curling 13

14 Information Sharing ERNCIP European Reference Network for Critical Infrastructure Protection. TNCEIP Thematic Network on Critical Energy Infrastructure Protection DENSEK European Energy - ISAC NIS platform ENISA SISEC Smart Infrastructures Security Experts Community ENISA ICS Security Stakeholder Group Collaboration with: CEER ACER ENTSO-E Eurelectric 14

15 Trends Mandatory incident reporting (EU) Information sharing and analysis (EU) Baseline security measures (EU) National risk assessment (MS) Compliance Audits (MS) 15

16 Key recommendations Governance Model Foster R&D Cybersecurity as a Requirement Identify and Analyze Cost of Cybersecurity Measures Common EU Energy Cybersecurity Framework Trusted Information Sharing Initiatives Increase User Awareness National Risk Assessment National Energy Cybersecurity Framework Incident Response Capabilities and Report Mechanisms Definition of Roles and Responsibilities Join International Forums and WG Collaboration Platform National Forum on Energy Cybersecurity Support Dialogue Among Stakeholders Define Baseline Security Requirements 16

17 Open issues Next Steps Identification of good practices for Energy Sector incident reporting Certification of smart grid components and systems Definition of EU baseline security requirements A roadmap for more harmonized national certification approaches Certification of smart grid cyber security skills Incident response capability for smart grids and relationships to existing national ICS-CERT/Gov CERTs Bring competent authorities on board 17

18 Conclusions Cyber Security becomes important for the well functioning of the society and economy Critical Services and Infrastructures (including energy) should be better protected from cyber attacks and threats MS recognize the importance and develop NCSS A more coordinated cybersecurity approach is needed to address cyber security issues for different energy subsectors (e.g. gas, nuclear) ENISA s develop good practices for EU MS and Private Sector to address the emerging issues Sharing experiences and deploying good practices improves the situation quickly When it is necessary additional regulatory measures are introduced to resolve issues More involvement by NRAs is required 18

19 Konstantinos Moulinos

Cyber Security in EU: ENISA approach

Cyber Security in EU: ENISA approach Cyber Security in EU: ENISA approach Konstantinos Moulinos, Security Expert European Union Network and Information Security Agency in Electricity Distribution Grids, Brussels European Union Agency for

More information

CIIP : ENISA s Role in Assisting Member States

CIIP : ENISA s Role in Assisting Member States CIIP : ENISA s Role in Assisting Member States Steve Purser Head of Core Operations SEDE Committee Brussels 21 April 2016 European Union Agency for Network and Information Security ENISA ENISA was formed

More information

Cyber Security in Europe

Cyber Security in Europe Cyber Security in Europe Steve Purser Head of Core Operations Dept. - ENISA www.enisa.europa.eu Agenda About ENISA The ENISA Threat Landscape National Cyber Security Strategies Supporting the CERT Community

More information

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012 ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe CENTR General Assembly, Brussels October 4, 2012 christoffer.karsberg@enisa.europa.eu 1 Who we are ENISA was

More information

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013 EU Priorities in Cybersecurity Steve Purser Head of Core Operations Department June 2013 Agenda About ENISA The EU Cyber Security Strategy Protecting Critical Information Infrastructure National & EU Cyber

More information

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015 Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015 European Union Agency for Network and Information Security Summary 1 Presentation

More information

Prof. Udo Helmbrecht

Prof. Udo Helmbrecht Prof. Udo Helmbrecht Guiding EU Cybersecurity from Policy to Implementation Udo Helmbrecht Executive Director Information Security for the Public Sector 2015 Stockholm 02/09/15 European Union Agency for

More information

Achieving Global Cyber Security Through Collaboration

Achieving Global Cyber Security Through Collaboration Achieving Global Cyber Security Through Collaboration Steve Purser Head of Core Operations Department December 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Agenda

More information

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt Cyber European Union Security Agency for Network Energia, and Informa8on Rome, Security 24/09/15

More information

EU Cybersecurity Policy & Legislation ENISA s Contribution

EU Cybersecurity Policy & Legislation ENISA s Contribution EU Cybersecurity Policy & Legislation ENISA s Contribution Steve Purser Head of Core Operations Oslo 26 May 2015 European Union Agency for Network and Information Security Agenda 01 Introduction to ENISA

More information

Cooperation in Securing National Critical Infrastructure

Cooperation in Securing National Critical Infrastructure Cooperation in Securing National Critical Infrastructure Dr. Steve Purser Head of Core Operations Department European Network and Information Security Agency Agenda About ENISA Protecting Critical Information

More information

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA ViS!T - Verwaltung integriert sichere Informationstechnologie, Wien, 29.10.2014 European Union Agency

More information

European priorities in information security

European priorities in information security European priorities in information security Graeme Cooper Head of Public Affairs Unit, ENISA 12th International InfoSec and Data Storage Conference, 26th September 2013, Sheraton Hotel, Sofia, Bulgaria

More information

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final}

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Trust and Security Unit DG Communica5ons Networks, Content and Technology

More information

WORK PROGRAMME 2013 27 NOVEMBER 2012

WORK PROGRAMME 2013 27 NOVEMBER 2012 WORK PROGRAMME 2013 27 NOVEMBER 2012 2 Contents 1 EXECUTIVE SUMMARY...7 1.1 Introduction... 7 1.2 Structure... 7 1.2.1 Core operational activities... 7 1.2.2 Operational Horizontal activities... 7 1.2.3

More information

European Union Agency for Network and Information Security ENISA ANNUAL REPORT

European Union Agency for Network and Information Security ENISA ANNUAL REPORT European Union Agency for Network and Information Security ENISA ANNUAL REPORT 2013 Europe Direct is a service to help you find answers to your questions about the European Union. Freephone number (*):

More information

Towards defining priorities for cybersecurity research in Horizon 2020's work programme 2016-2017 Contributions from the Working Group on Secure ICT

Towards defining priorities for cybersecurity research in Horizon 2020's work programme 2016-2017 Contributions from the Working Group on Secure ICT Towards defining priorities for cybersecurity research in Horizon 2020's work programme 2016-2017 Contributions from the Working Group on Secure ICT - Research and Innovation of the NIS Platform 8 April

More information

European Distribution System Operators for Smart Grids

European Distribution System Operators for Smart Grids European Distribution System Operators for Smart Grids Network and information security (NIS): Recommendations for information sharing and risk management September 2014 Executive summary Our modern society

More information

The Growth of the European Cybersecurity Market and of a EU Cybersecurity Industry

The Growth of the European Cybersecurity Market and of a EU Cybersecurity Industry The Growth of the European Cybersecurity Market and of a EU Cybersecurity Industry Yves Lagoude, Director of European Affairs and Thales & Member of the Board of Directors of EOS European Organisation

More information

EU policy on Network and Information Security and Critical Information Infrastructure Protection

EU policy on Network and Information Security and Critical Information Infrastructure Protection EU policy on Network and Information Security and Critical Information Infrastructure Protection Andrea SERVIDA European Commission Directorate General Information Society and Media - DG INFSO Unit A3

More information

CYSPA - EC projects supporting NIS

CYSPA - EC projects supporting NIS CYSPA - EC projects supporting NIS Nina Olesen, EOS March 2014 Athens, Greece www.cyspa.eu CYSPA the European project The European Cyber Security Protection Alliance, or CYSPA, is an initiative by 17 organisationsfrom

More information

ICS-SCADA testing and patching: Recommendations for Europe

ICS-SCADA testing and patching: Recommendations for Europe ICS-SCADA testing and patching: Recommendations for Europe Adrian Pauna adrian.pauna@enisa.europa.eu European Union Agency for Network and Information Security www.enisa.europa.eu Agenda ENISA previous

More information

Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors

Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors www.enisa.europa.eu European Union Agency For Network And Information Security About ENISA The European Union Agency for Network

More information

Achieving Global Cyber Security Through Collaboration

Achieving Global Cyber Security Through Collaboration Achieving Global Cyber Security Through Collaboration Steve Purser Head of Core Operations Department November 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Agenda

More information

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security www.enisa.europa.eu European Union Agency for Network and Information

More information

Session V: Cybersecurity

Session V: Cybersecurity Session V: Cybersecurity 12 th EU-US Energy Regulators Roundtable 26 th April 2016 Philipp Irschik, CEER, Chair Cybersecurity Workstream AGENDA 1. Why is Cybersecurity (in the energy sector) such a hot

More information

Cloud and Critical Information Infrastructures

Cloud and Critical Information Infrastructures Cloud and Critical Information Infrastructures Cloud computing in ENISA Dr. Evangelos Ouzounis Head of Infrastructure & Services Unit www.enisa.europa.eu About ENISA The European Union Network and Information

More information

ENISA workshop on Security Certification of ICT products in Europe

ENISA workshop on Security Certification of ICT products in Europe ENISA workshop on Security Certification of ICT products in Europe Introduction On 16th of March 2016 ENISA organised a workshop aiming at bringing together stakeholders from the ICT security certification

More information

CYSPA launch event - Turkey

CYSPA launch event - Turkey CYSPA launch event - Turkey Rome, 09 June 2014 Ankara 17th February, 2015 Luigi REBUFFI CEO EOS CYSPA Coordination www.cyspa.eu CYSPA launch events 6 June 2014 - UK: London 9 June 2014 IT: Rome 30 June

More information

Energy Industry Cybersecurity Report. July 2015

Energy Industry Cybersecurity Report. July 2015 Energy Industry Cybersecurity Report July 2015 Energy Industry Cybersecurity Report INTRODUCTION Due to information sharing concerns, energy industry cybersecurity information is not readily available.

More information

ENISA Work programme

ENISA Work programme ENISA Work programme 2016 SECURITY Including multiannual planning www.enisa.europa.eu European Union Agency for Network and Information Security About ENISA The European Union Agency for Network and Information

More information

Good practice guide for CERTs in the area of Industrial Control Systems

Good practice guide for CERTs in the area of Industrial Control Systems Good practice guide for CERTs in the area of Industrial Control Systems Computer Emergency Response Capabilities considerations for ICS October 2013 European Union Agency for Network and Information Security

More information

Cyber security initiatives in European Union and Greece The role of the Regulators

Cyber security initiatives in European Union and Greece The role of the Regulators Cyber security initiatives in European Union and Greece The role of the Regulators Constantinos Louropoulos President of Hellemic Telecoms and Post Commission Agenda Cyberspace challenges EU security initiatives

More information

National-level Risk Assessments

National-level Risk Assessments European Union Agency for Network and Information Security www.enisa.europa.eu Executive summary This report is based on a study and analysis of approaches to national-level risk assessment and threat

More information

Smart grid security certification in Europe Challenges and recommendations

Smart grid security certification in Europe Challenges and recommendations Smart grid security certification in Europe European Union Agency for Network and Information Security www.enisa.europa.eu About ENISA ENISA is a centre of network and information security expertise for

More information

The State of Industrial Control Systems Security and National Critical Infrastructure Protection

The State of Industrial Control Systems Security and National Critical Infrastructure Protection The State of Industrial Control Systems Security and National Critical Infrastructure Protection Emerging Threats Tinuade Adesina, Lulea University of Technology Sweden IT Security for the Next Generation

More information

Cyber Security for Railway Signalling

Cyber Security for Railway Signalling Cyber Security for Railway Signalling Dr. Cédric LÉVY-BENCHETON Network and Information Security Expert European Union Agency for Network and Information Security How to protect signalling system against

More information

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security

More information

Partnership for Cyber Resilience

Partnership for Cyber Resilience Partnership for Cyber Resilience Principles for Cyber Resilience 1. Recognition of interdependence: All parties have a role in fostering a resilient shared digital space 2. Role of leadership: Encourage

More information

Good Practices on Reporting Security Incidents

Good Practices on Reporting Security Incidents Resilient e-communications Networks December 09 Good Practices on Reporting Security Incidents 2 Good Practices on- Reporting Security Incidents Resilient e-communications Networks 3 Acknowledgements About

More information

ROADMAP. Proposal on a European Strategy for Internet Security

ROADMAP. Proposal on a European Strategy for Internet Security TITLE OF THE INITIATIVE ROADMAP Proposal on a European Strategy for Internet Security TYPE OF INITIATIVE xcwp Non-CWP Implementing act/delegated act LEAD DG RESPONSIBLE UNIT INFSO A3 EXPECTED DATE OF ADOPTION

More information

Deliverables and work programme 2012 Christophe Schramm DG ENER

Deliverables and work programme 2012 Christophe Schramm DG ENER Smart Grid Task Force EG4 Infrastructure Development Deliverables and work programme 2012 Christophe Schramm DG ENER 28/03/2012 Overall deliverables for 2012 Establish a process for identifying projects

More information

National Cyber Security Strategies. Practical Guide on Development and Execution

National Cyber Security Strategies. Practical Guide on Development and Execution National Cyber Security Strategies December 2012 National Cyber Security Strategies National Cyber Security Strategies I About ENISA The European Network and Information Security Agency (ENISA) is a centre

More information

Stocktaking, Analysis and Recommendations on the Protection of CIIs JANUARY 2016. European Union Agency For Network And Information Security

Stocktaking, Analysis and Recommendations on the Protection of CIIs JANUARY 2016. European Union Agency For Network And Information Security Stocktaking, Analysis and Recommendations on the Protection of CIIs JANUARY 2016 www.enisa.europa.eu European Union Agency For Network And Information Security About ENISA The European Union Agency for

More information

National Cyber Security Strategy 2015-2017

National Cyber Security Strategy 2015-2017 National Cyber Security Strategy 2015-2017 Table of Contents Table of Contents...i Executive Summary... 1 1. Introduction... 2 2. Context - People, Economy, and State... 4 3. Guiding Principles... 10 4.

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

Methodologies for the identification of Critical Information Infrastructure assets and services

Methodologies for the identification of Critical Information Infrastructure assets and services Methodologies for the identification of Critical Information Infrastructure assets and services Guidelines for charting electronic data communication networks European Union Agency for Network and Information

More information

Cyber Security in Austria

Cyber Security in Austria Cyber Security in Austria The Austrian Cyber Security Strategy Andreas Reichard 18 th May, 2015 Roadmap Austrian Cyber Security Strategy 1/2 MRV MRV 11/2011 03/2012 06/2012 09/2012 10/2012 03/2013 Fed.

More information

National Cyber Security Strategies

National Cyber Security Strategies May 2012 National Cyber Security Strategies About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is

More information

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure

More information

NIST Cybersecurity Framework What It Means for Energy Companies

NIST Cybersecurity Framework What It Means for Energy Companies Daniel E. Frank J.J. Herbert Mark Thibodeaux NIST Cybersecurity Framework What It Means for Energy Companies November 14, 2013 Your Panelists Dan Frank J.J. Herbert Mark Thibodeaux 2 Overview The Cyber

More information

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012 Co-Chair s Summary Report 1. Pursuant to the 18 th ASEAN Regional Forum (ARF) Ministerial meeting in Bali,

More information

Incentives and barriers for the cyber insurance market in Europe

Incentives and barriers for the cyber insurance market in Europe Incentives and barriers for the cyber insurance market in Europe Dr. Konstantinos MOULINOS ENISA 1 Agenda o A few words about ENISA o State of play - Why cyber insurance is needed? o Barriers - challenges?

More information

Smart grid cyber security certification

Smart grid cyber security certification Smart grid cyber security certification 1 Introduction On 30th September 2014 ENISA organised a workshop where the results of the report on Smart grid security certification (to be published by end of

More information

Appropriate security measures for smart grids

Appropriate security measures for smart grids 1 Appropriate security measures for smart grids Guidelines to assess the sophistication of security measures implementation [2012-12-06] 1 Copyright TenneT Appropriate security measures for smart grids

More information

EU Cybersecurity: Ensuring Trust in the European Digital Economy

EU Cybersecurity: Ensuring Trust in the European Digital Economy EU Cybersecurity: Ensuring Trust in the European Digital Economy Synthesis of the FIC Breakfast-Debate 15 October 2013, Brussels With the participation of Tunne Kelam Member of the European Parliament'

More information

Cybersecurity cooperation

Cybersecurity cooperation European Union Agency for Network and Information Security www.enisa.europa.eu Page ii About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre of network and information

More information

OUTCOME OF PROCEEDINGS

OUTCOME OF PROCEEDINGS Council of the European Union Brussels, 18 November 2014 15585/14 COPS 303 POLMIL 103 CYBER 61 RELEX 934 JAI 880 TELECOM 210 CSC 249 CIS 13 COSI 114 OUTCOME OF PROCEEDINGS From: Council On: 17 18 November

More information

D 6.4 and D7.4 Draft topics of EEGI Implementation Plan 2016-2018 Revision: Definitive

D 6.4 and D7.4 Draft topics of EEGI Implementation Plan 2016-2018 Revision: Definitive Project no.: 282794 Project acronym GRID+ Project title: Supporting the Development of the European Electricity Grids Initiative (EEGI) Instrument: Coordination and support action Thematic priority: ENERGY.2011.7.3-1:

More information

ENISA s contribution to the development of Network and Information Security within the Community

ENISA s contribution to the development of Network and Information Security within the Community ENISA s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA WSIS Implementation Mechanism: Action Line C5. 15 May 2006 1

More information

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc. Cyber Security :: Insights & Recommendations for Secure Operations N-Dimension Solutions, Inc. Cyber Security Protection for Critical Infrastructure Assets Agenda: Cyber Landscape Cyber Threats to Your

More information

Technical Guideline on Security Measures

Technical Guideline on Security Measures Technical Guideline on Security Measures DRAFT, Version 1.93, April 2013 TLP GREEN (community wide) ii Technical Guideline on Security Measures About ENISA The European Network and Information Security

More information

The EBF would like to take the opportunity to note few general remarks on key issues as follows:

The EBF would like to take the opportunity to note few general remarks on key issues as follows: Ref.:EBF_001314 Brussels, 17 June 2013 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.

More information

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until

More information

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security

More information

EU CIP Project DENSEK. Joining forces against cyber threats on European level

EU CIP Project DENSEK. Joining forces against cyber threats on European level EU CIP Project DENSEK Joining forces against cyber threats on European level DENSEK EU CIP Objectives Improving the resilience of the energy infrastructure i.e. improving the security of the Smart Energy

More information

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,

More information

Internet Governance and Cybersecurity Patrick Curry MACCSA patrick.curry@maccsa.net

Internet Governance and Cybersecurity Patrick Curry MACCSA patrick.curry@maccsa.net Internet Governance and Cybersecurity Patrick Curry MACCSA patrick.curry@maccsa.net This project has received funding from the European Union s Seventh Framework Programme for research, technological development

More information

Memorandum Cybersecurity - how should the legislation meet the new challenges?

Memorandum Cybersecurity - how should the legislation meet the new challenges? ! Moderator: Carlo Schüpp! Non-Executive Director and cofounder of LSEC! In his opening comments, the moderator Mr Schüpp suggested that many of the issues surrounding cybersecurity are linked to the fact

More information

Annual Incident Reports 2011

Annual Incident Reports 2011 Annual Incident Reports 2011 October 2012 ii Annual Incident Reports 2011 About ENISA The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise

More information

NIST Cybersecurity Framework Overview

NIST Cybersecurity Framework Overview NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order

More information

CYBERSECURITY INDEX OF INDICES

CYBERSECURITY INDEX OF INDICES Published July 2, 2015 CYBERSECURITY INDEX OF INDICES Cybersecurity development is a complex matter. Whether at the nation state level, or in an enterprise, various factors need to be taken into consideration

More information

ENCS/NEC RESEARCH MEETING

ENCS/NEC RESEARCH MEETING ENCS/NEC RESEARCH MEETING Benessa Defend ベネッサ ディフェンド Benessa.Defend@encs.eu April 21, 2014 NEC, Kawasaki 1 PARTNERING FOR CYBER RESILIENCE We create and bring together knowledge and resources to secure

More information

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document

More information

ANALYSIS OF CYBER SECURITY ASPECTS IN THE MARITIME SECTOR

ANALYSIS OF CYBER SECURITY ASPECTS IN THE MARITIME SECTOR ANALYSIS OF CYBER SECURITY ASPECTS IN THE MARITIME SECTOR November 2011 Analysis of cyber security aspects in the maritime sector I Contributors to this report ENISA would like to express its gratitude

More information

The Critical Infrastructure: To be or not to be Secure. European Network for Cyber Security. Fred Streefland Director Education & Training

The Critical Infrastructure: To be or not to be Secure. European Network for Cyber Security. Fred Streefland Director Education & Training The Critical Infrastructure: To be or not to be Secure European Network for Cyber Security Fred Streefland Director Education & Training Utilinet Securing IP/Ethernet Networks CBS video Aurora Content

More information

BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES

BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES Organizer: BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES Session 6 : Securing Your Fortress Best practices, standards, techniques and technologies secure your organization from cyber criminals.

More information

Cybersecurity in the maritime and offshore industry

Cybersecurity in the maritime and offshore industry Cybersecurity in the maritime and offshore industry Where do we stand today - and what is the pathway going forward? Tor E. Svensen, CEO Maritime 24 March 2015 1 DNV GL 24 March 2015 SAFER, SMARTER, GREENER

More information

Cyber security in an organization-transcending way

Cyber security in an organization-transcending way Cyber security in an organization-transcending way EASEE-gas meeting March 19, 2015 Paul Bloemen ICT Security Manager Gasunie Chair Dutch Energy ISAC March 19, 2015 2 What to talk about Why is cyber security

More information

OPEN CALL FOR TENDERS. Supporting Critical Information Infrastructures Protection and ICS-SCADA security activities

OPEN CALL FOR TENDERS. Supporting Critical Information Infrastructures Protection and ICS-SCADA security activities OPEN CALL FOR TENDERS Concluding with: Multiple Framework contracts with re-opening of competition Supporting Critical Information Infrastructures Protection and ICS-SCADA security activities ENISA F-COD-15-T01

More information

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32 A call for views and evidence 22 nd May 2013 Contents Contents... 2 Overview: The EU Directive on Network and Information Security...

More information

U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO

U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW November 12, 2012 NASEO ISER Response: from site focused to system focused Emergency Preparedness, Response, and Restoration Analysis and

More information

Cyber Security Review

Cyber Security Review ISSN 2055-6950 (Print) ISSN 2055-6969 (Online) Cyber Security Review Winter 2014/15 CYBERCRIME AS A NATIONAL SECURITY ISSUE CECSP: TOWARDS EFFECTIVE COLLABORATION ON CYBER SECURITY IN CENTRAL EUROPE TECHNICAL

More information

Cyber Security key emerging risk Q3 2015

Cyber Security key emerging risk Q3 2015 Cyber Security key emerging risk Q3 2015 The study is based on interviews with CIO:s, CISO:s and Head of Security in August and September 2015. November 2015 www.pwc.se Companies falling behind are more

More information

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL EUROPEAN COMMISSION Brussels, XXX [ ](2012) XXX draft Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning measures to ensure a high common level of network and information

More information

Next Steps for the European Electricity Market Infrastructure and Market Design

Next Steps for the European Electricity Market Infrastructure and Market Design Next Steps for the European Electricity Market Infrastructure and Market Design John Sinner European Investment Bank 05/05/2015 Outline of the Presentation The Internal Energy Market and EU Policy Energy

More information

Network and Information Security Legislation in the EU

Network and Information Security Legislation in the EU Network and Information Security Legislation in the EU Dr. Marnix Dekker Security expert, Information security officer ENISA @RSA Europe, SPER-R07 Security perspectives Amsterdam, October 31, 2013 www.enisa.europa.eu

More information

Maturation of a Cyber Security Incident Prevention and Compliance Program

Maturation of a Cyber Security Incident Prevention and Compliance Program Maturation of a Cyber Security Incident Prevention and Compliance Program Utilities & Energy Compliance & Ethics Conference February 25, 2013 Houston, Texas Anna Wang Principal Consultant Imminent Cyber

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Making our Cyber Space Safe

Making our Cyber Space Safe Making our Cyber Space Safe Ghana s Emerging Cyber Security Policy & Strategy William Tevie Director General 5/28/2014 1 Agenda Cyber Security Issues Background to Policy Target Audience for Framework

More information

Helmut Wacket Head of Oversight Division. Cybersecurity: regulatory framework and central bank initiatives in the EU

Helmut Wacket Head of Oversight Division. Cybersecurity: regulatory framework and central bank initiatives in the EU Helmut Wacket Head of Oversight Division Cybersecurity: regulatory framework and central bank initiatives in the EU Cybersecurity in the EU Securing network and information systems in the EU is essential

More information

Smart Grid America: Securing your network and customer data. Michael Assante Vice President and Chief Security Officer March 9, 2010

Smart Grid America: Securing your network and customer data. Michael Assante Vice President and Chief Security Officer March 9, 2010 Smart Grid America: Securing your network and customer data Michael Assante Vice President and Chief Security Officer March 9, 2010 About NERC The electric industry s self-regulatory organization for reliability

More information

State Governments at Risk: The Data Breach Reality

State Governments at Risk: The Data Breach Reality State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO

More information

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES By Wolfgang Röhrig, Programme Manager Cyber Defence at EDA and Wg Cdr Rob Smeaton, Cyber Defence Staff Officer

More information

Thresholds for annual reporting

Thresholds for annual reporting Thresholds for annual reporting 1h-2h 2h-4h 4h-6h 6h-8h >8h 1% - 2% 2% - 5% 5% - 10% 10% - 15% > 15% 1 Annual reporting 2012 for the first time in the EU, national authorities report about cyber security

More information

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw Safety by trust: British model of cyber security David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw Strategy Structure Campaign Partnerships Strategy The UK

More information

ALL ALL. rsecurity. Cybersec. for ITU s Work for a Safer World. International Telecommunication Union

ALL ALL. rsecurity. Cybersec. for ITU s Work for a Safer World. International Telecommunication Union ALL ALL Cybersec rsecurity for ITU s Work for a Safer World International Telecommunication Union ITU as a Forum for International Cooperation in Cybersecurity ITU Secretary-General has identified Cybersecurity

More information

Managing Cyber Risks to Transportation Systems. Mike Slawski Cyber Security Awareness & Outreach

Managing Cyber Risks to Transportation Systems. Mike Slawski Cyber Security Awareness & Outreach Managing Cyber Risks to Transportation Systems Mike Slawski Cyber Security Awareness & Outreach The CIA Triad 2 SABSA Model 3 TSA Mission in Cyber Space Mission - Facilitate the measured improvement of

More information

Smart Grids development in Europe

Smart Grids development in Europe Smart Grids development in Europe EU Science Global Challenges Global Collaboration European Parliament 5 March 2013, Brussels Per-Olof Granström, Secretary General, EDSO for Smart Grids EDSO for Smart

More information