NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA

Transcription

1 NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA ViS!T - Verwaltung integriert sichere Informationstechnologie, Wien, European Union Agency for Network and Information Security

2 Agenda EU Policy Context Europäische sicherheitsrelevante Projekte Zukünftige Herausforderungen European Union Agency for Network and Information Security 2

3 ENISA activities Recommendations Mobilising Communities Policy Implementation Hands on European Union Agency for Network and Information Security 3

4 EU Policy Context European Union Agency for Network and Information Security 4

5 EU Policy context (1) EU Digital Agenda COM(2010)245 EU Cyber Security Strategy JOIN(2013)1 European Union Agency for Network and Information Security 5

6 EU Policy context (2) Regulation (EU) No 910/2014 of the European Parliament and of the Council of23 July 2014 on Electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC Proposal for a Network & Information Security Directive - COM(2013)48 Proposal for a reform of the data protection Regulation COM(2012)11 Proposal for an EU Connected Continent Regulation - COM(2013) 627 European Union Agency for Network and Information Security 6

7 EU Policy context (3): The NIS Platform The NIS Platform provides a collaboration framework for supporting the public and private sectors on NIS; it powered by EC, supported by ENISA ENISA is supporting this initiative by ensuring the exchange of expertise on policy and operational aspects the provision of good practice guides facilitating collaboration and awareness on NIS issues 3 working groups WG1 on risk management, information assurance, risks metrics and awareness raising WG2 on information exchange and incident coordination, incident reporting and risks metrics for information exchange WG3 on secure ICT research and innovation European Union Agency for Network and Information Security 8

8 Europäische sicherheitsrelevante Projekte 9

9 Cybersecurity Exercises by ENISA Cyber Europe 2010 Europe s first multinational cybersecurity exercise between public sector agencies Joint EU-US Cybersecurity Exercise 2011 First transatlantic cooperation exercise Table-top exercise - what-if scenarios Cyber Europe 2012 Large scale realistic cyber-crisis exercise Public and private sectors involved Cyber Europe 2014 In planning phase Joint EU-US Cybersecurity Exercise 2014/ In planning phase European Union Agency for Network and Information Security 10

10 Cybersecurity Exercises European Union Agency for Network and Information Security 11

11 Training for CERTs -- Tier 1: Good Practice Guides European Union Agency for Network and Information Security 12

12 Training for CERTs -- Tier 2: Training material European Union Agency for Network and Information Security 13

13 Training for CERTs -- Tier 3: Training for national / governmental CERTs ENISA starts to rollout its own training! First: May 2013 in Bucharest, Romania 3 scenarios presented by ENISA trainers Honeypots Incident handling during an attack on Critical Information Infrastructure Mobile threats incident handling Since then: more than 15 events on request by the EU MS European Union Agency for Network and Information Security 14

14 ENISA approach to standards Aim: to promote best practices through SDOs ENISA role: interface between private sector, public sector, SDOs Short- and mid-term goals Formal cooperation with SDOs and specific WGs Working collaboration with SDOs Long-term goal Review of and participation in NIS standardisation activities Proposal of standards, via means of proposals for standardisation mandates European Union Agency for Network and Information Security 15

15 ENISA and SDOs Established collaboration agreements with: ISO SC27 (Liaison) ETSI (MoU) Exchange of information of mutual interest Organisation of joint meetings and workshops ENISA to channel standardisation activities to ETSI, if appropriate Exchange of working documents, within well defined frames ENISA to nominate observers for ETSI Technical Bodies CEN CENELEC (MoU) ITU SG17 (MoU started) ENISA aligns key activities with the work of SDOs ETSI TISPAN on CIIP, ESI on eid, CLOUD on cloud certification CEN CENELEC on smart grids ISO SC 27 in the area of privacy European Union Agency for Network and Information Security 16

16 ECSM: NIS certifications The European Cyber Security Month campaign provides a database with a list of available courses and certification programs linked to Network and Information Security, privacy and data protection 17

17 Zukünftige Herausforderungen 18

18 Smart Meter 19

19 Telecom Service Providors 20

20 Cloud Vendors

21 OS 22

22 TelCo Equipment The world's five largest telecommunications equipment vendors measured by applicable 2013 revenues The world's five largest router and switch vendors measured by applicable revenues in the second quarter of

23 SDN Software Definded Network today s router infrastructure tomorrow > who controls what? 24

24 Nokia > Microsoft Nokia 6101 Nokia Communicator Nokia Lumia 520 Lumia is now a brand of Microsoft

25 TPM on board 26

26 OBD On Board Unit > read/write 27

27 US vs China where is Europe? 28

28 Apple s esim will change the game today: mobile network operator tomorrow: the manufacturer subscription data in Europe data in the US

29 CONCLUSIONS European Union Agency for Network and Information Security 30

30 Thank you for your attention For more information visit: Follow ENISA: European Union Agency for Network and Information Security