ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

Transcription

1 ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe CENTR General Assembly, Brussels October 4, 2012 christoffer.karsberg@enisa.europa.eu 1

2 Who we are ENISA was set up in 2004 and is placed outside Heraklion on Crete Around 30 security experts and 20 staff ENISA has an advisory role (not operational) and the focus is on prevention and preparedness. The target group is EU institutions, member states, national authorities, businesses and citizens 2

3 What we do Support Member States: ex support for setting up and training CERTs. Think tank: reports analysing data on security practices in Europe and on emerging risks. Ex cloud computing. Facilitate cross border cooperation Ex supporting cyber security exercises. Act as a Forum for sharing good practices in NIS. Ex models for public private partnerships Ensure a coherent pan-european approach. Ex supporting the implementation of article 13a in the Telecom Package 3

4 Botnets Focus on botnets ENISA has consulted top experts from all areas of the fight against botnets, including Internet Service Providers, security researchers, law enforcement, Computer Emergency Response Teams and anti-virus vendors Current estimates of the extent of infected machines and botnet activities vary widely by up to a factor of seven Report on: How to assess botnet threats and how to neutralize them Survey and analysis of methods for measuring botnet size How best to assess the threat posed by botnets to different stakeholders

5 Cloud Computing Objectives for Cloud Computing at ENISA Help governments and businesses to leverage the cost benefits of cloud computing, with due consideration of security requirements and new risks Improve transparency on security practices to allow informed decisions Create trust and trustworthiness by promoting best practice and assurance standards Report defines minimum baselines for: Comparing cloud offers Assessing the risk to go Cloud Reducing audit burden and security risks

6 Article 13 of the Telecom reform 6

7 Art 13a in the telecom package o Appropriate security measures o to minimize impact of security incidents on users and interconnected networks o to guarantee network integrity, thus ensuring continuous supply of service over the networks o Incident reporting o Providers report significant incidents with impact on operation of services to their Regulator (NRA) o NRA s inform other NRA s abroad and ENISA when cross border incidents o NRA s can inform or require the provider to inform the public when this is in the public interest o NRA s provide an annual summary report to ENISA and the EC 7

8 ENISA Technical guidelines o Two Non-binding technical guidelines for NRAs with consensus among the NRAs: o Minimum Security Measures o 7 domains of measures o ISO27K1 (subset) + BS25599 (for BCM and disaster recovery) o Incident reporting o Thresholds for reporting o Root cause classification o Reporting template 8

9 Annual reporting o Incidents with a significant impact on the continuity of supply of electronic communications networks or services o Services o Fixed and Mobile Telephony o Fixed and Mobile Internet o Agreed set of incident parameters and thresholds 9

10 Annual reporting o Understand incident trends o Analyze best practices o Provide information about the above o Exchange experience and lessons learnt and support knowledge transfer between NRA:s o Issue recommendations and guidance to stakeholders o Develop incident scenarios for pan-european exercises 10

11 Annual analysis by ENISA o Statistical analysis of incidents o Overall view of resilience and security of electronic communication networks and services o No comparison or information about individual providers or member states 11

12 This year premiere for annual EU reporting o 11 countries reported 51 significant incidents that occurred 2011 o Many countries adopted the legislation in July last year o Next year we expect the number of reports to be 10 times as many In mid October we will publish the aggregated analysis of the reported incidents 12

13 Cyber exercises the Big Three Europe s first ever international cyber security exercise, 2010 First ever EU-US exercise, Work with Comm. & MS to build transatlantic cooperation Cyber Europe Developed from learning in 2010 & 2011 exercises. Involves MS, private sector and EU institutions. Highly realistic exercise, Oct 2012 Results and learning are shared with MS and Commission and published on ENISA web site

14 Smart Grid Security ENISA recommendations include: Establishing of clear regulatory and policy framework on smart grid cyber security at national and EU level currently missing. The EC, with ENISA, MS, and private sector, should develop minimum set of security measures based on existing standards and guidelines EC and MS authorities should promote security certification schemes for the entire value chain of smart grids components, including organisational security /activities/resilience-and-ciip/critical-infrastructure-and-services/smart-grids-and-smart-metering/enisa-smart-grid-security-recommendations

15 To discuss o What do you see that we should do next coming year? o Do you see any possible subjects for collaboration? o How should we collaborate? 15

16 Contact details European Network and Information Security Agency 16