CYSPA launch event - Turkey

Transcription

1 CYSPA launch event - Turkey Rome, 09 June 2014 Ankara 17th February, 2015 Luigi REBUFFI CEO EOS CYSPA Coordination

2 CYSPA launch events 6 June UK: London 9 June 2014 IT: Rome 30 June 2014 NL: The Hague 23 September 2014 GE: Berlin 4 December FR: Paris

3 The cybersecurity landscape presents many challenges Fast paced nature of cyberspace every organisation should focus on cybersecurity in order to protect their assets. CYSPA is a significant milestone to support the implementation of the EU cybersecurity strategy. TECH TRENDS STATS MAJOR EVENTS COSTS Internet of things Over 63% of Europeans use the internet, with a growth rate of 393% from Heartbleed bug creates confusion on internet In 2012, only 26% of EU enterprises had formally defined an ICT security policy Mobile technologies 1,807m mobiles sold in 2013 ebay makes users change their passwords after hack 38% EU internet users concerned about online payment safety were less likely to buy goods online or use online banking as a result Cloud-based platforms 422m Europeans have a 3G or 4G mobile connection NatWest online services hit by cyber attack Victims of cyber crime lose an estimated 290bn every year globally BYOD Over 195.4m tablets sold in 2013 Global Internet slows after biggest attack in history Estimated annual cost of cyber crime in the UK alone is 27bn The costs incurred by the private sector and the government to protect themselves are high: Gartner4 quantifies them at $55 billion in 2011, $60 billion in 2012 and an expected $86 billion in 2016

4 The cybersecurity landscape presents many challenges Fast paced nature of cyberspace every organisation should focus on cybersecurity in order to protect their assets. CYSPA isa significant milestone to support the implementation of the EU cybersecurity strategy. TECH TRENDS STATS MAJOR EVENTS COSTS Internet of things Over 63% of Europeans use the internet, with a growth rate of 393% from Heartbleed bug creates confusion on internet In 2012, only 26% of EU enterprises had formally defined an ICT security policy 38% EU internet users Mobile ebay makes users concerned about online 1,807m mobiles sold in 2013 technologies NEED to evaluate impact of cyber-attacks change their passwords payment safety were less after hack likely to buy goods online or use online banking as a result Cloud-based platforms at the specific level that is relevant to individual organisations 422m Europeans have a 3G or 4G mobile connection NatWest online services hit by cyber attack Victims of cyber crime lose an estimated 290bn every year globally BYOD Over 195.4m tablets sold in 2013 Global Internet slows after biggest attack in history Estimated annual cost of cyber crime in the UK alone is 27bn The costs incurred by the private sector and the government to protect themselves are high: Gartner4 quantifies them at $55 billion in 2011, $60 billion in 2012 and an expected $86 billion in 2016

5 What are YOUR cybersecurity needs? Do you KNOW: How exposed your organisation is to cyber threats? What your responsibilities are to your employees, partners, customers and wider society? What your most valuable assets are? Where you need to invest? The policies and legislations in the making, applicable to your sector?

6 CYSPA project CYSPA is the European Cyber Security Protection Alliance. Started in October 2012 As a European (EC)collaborative project By 17 organisations from industry and research Who value the importance of being able to protect their assets in cyberspace Moving to a self sustained Alliance by 2015 Open to users, providers and public authorities 6

7 CYSPA: 17 founding members EHusmann Solutions & Services Providers Users Research organisations 7

8 Project results: Public availability ( ) Impact reports (per sector)

9 Project results: Public availability ( ) Understanding and managing cyber-risks

10 Project results: Public availability ( ) Technology & solutions gap analysis

11 From the Project to the Alliance: the CYSPA Roadmap PROJECT SELF SUSTAINED ALLIANCE March 2015

12 From the EC Project to the Alliance Creation of a CYSPA Core Alliance (global approach) to better tackle cyber risks in critical infrastructures, gathering demand and supply, consolidating sectoral and national needs Improve awareness of decision makers, use common risk management methodologies, share best practices, build a common trust platform in each main sector (vertical approach) Define national positions /needs in National Chapters (transversal approach) and bring them at EU /international level Use as a tool for implementation of EU and national cybersecurity policies and platform for public /private cooperation (leveraging on the NIS Platform public - private dialogue) Use as a tool for implementation of R&D and capacity building in the suggested Cybersecurity Flagship approach

13 What is the CYSPA Alliance? Vision statement: An Alliance of stakeholders working together to articulate, embody and deliver concrete actions needed to reduce cyber disruption. 13

14 CYSPA Alliance: What do we aim to achieve? Target benefits of Alliance activity include Increased level of awareness of cyber risk and benefits of good cybersecurity practices within companies Increased availability of solutions to manage cyber risk which meet the needs of companies Contribute to a culture and environmental framework within the EU to promote good cybersecurity practices Contribute to an improved EU legislative framework to promote good cybersecurity practices Leading to Reduced risk of cyber disruptions within companies

15 CYSPA Scope Improving the security of companies as opposed to individual citizens or Member States as a whole Complement - and not duplicate - ongoing activities at European level, for example the NIS platform Build on pre-existing standards and technologies wherever possible Targeted stakeholder community including: cybersecurity users with an initial focus on the energy, finance, transport and e-government sectors cybersecurity providers including commercial organisations, research establishments and academia public authorities with roles related to cybersecurity (for example policy development) 15

16 CYSPA is open to providers, users and public authorities Providers Cybersecurity industry: - SMEs, large scale suppliers - Research bodies Benefits Understand market requirements Reduce time to market Understand key assets Test the latest innovations and solutions - pre-production Increase corporate social responsibility Users Target sectors' operators: transport, finance, energy, e- government, Benefits Understand sector-specific cyber risk Learn how to address cyber risk (solutions) Learn how to be a role model and gain a competitive advantage with cyber Expand the sectors you operate in Increase corporate social responsibility Public authorities - European cyber security bodies: ENISA, DG CONNECT, Europol etc - National cyber security authorities: OCSIA, CERTs Benefits Understand how to increase awareness to sectors (input) Influence policy Get trusted partners for implementation Confidence that policies are applicable to all Member States Understand research needs across Member States

17 What are the initial steps to get there? Three initial "campaigns" of activity: 1) Help companies understand cyber risks 2) Shape EU policy and legislative environment to the needs of companies 3) Promote cybersecurity as a corporate social responsibility (awareness of CEO/ CIO on need for cybersecurity)

18 CYSPA Alliance: How to reach objectives? Deliver value-adding supporting services to members to promote CYSPA goals, support collaboration and incentivise membership Execute campaigns of activity to deliver CYSPA benefits in partnership with strategic sponsors (at national or international level) Build and maintain a scalable (possibility to tackle new infrastructure sectors), sector-based and national based structure for the CYSPA community and partner, with like-minded organisations, to support EUwide collaboration Create a culture of open and committed participation, encouraging members to actively contribute to campaigns, collaborate with fellow members, take up proposed risk approaches and cybersecurity protection policies Coordinate activities with broader EU initiatives and organisations to deliver maximum benefit to members and pursue common goals where appropriate 18

19 Policy Services based approach Collaboration with national initiatives and organisations Policy information relevant to sectors Follow up of EP and Council discussions Link to CERTs

20 Services based approach Capacity building Risk Assessment (CRISK tool) Personalised to an organisation Building on expert knowledge Evolving / dynamic Sector specific capability Online information (newsfeeds, recommendations, etc.) Matchmaking Conferences, workshops, and trainings

21 Services based approach Intelligence & communication Newsletter Policy briefs Market analysis (sector specific) Marketing of CYSPA activities (and of its members) Facilitating participation to events

22 Structure of the Alliance CYSPA ALLIANCE Secretariat (EOS) Board External advisors CYSPA services Strategic roadmap Alliance Management EU comms. Member approval Sector Sector Sector groups groups transport, groups e-government, finance, energy Sector Sector Task groups groups forces results oriented Members EOS is cybersecurity policy and research to market CYSPA Alliance is cybersecurity 22 awareness to market

23 Develop National Chapters! Easier development of national /local needs, build up trust, information and best practices sharing mechanisms; National leaders to coordinate national views; Better linked to national deployment of cybersecurity policies and investments; Implementation at national level of services developed at common (Core Alliance) level (e.g. CRISK tool); Added value of National Chapters: broker of innovation at MS level, bring its challenges, recommendations, needs and innovative solutions at EU level; Support for coordination of activities envisaged in the proposed Cybersecurity Flagship (from research to capacity building);

24 CYSPA National Chapters (tentative) SECTOR COUNTRY National chapter for national coordination & transposition of activities UK ITALY GERMANY SPAIN FRANCE NETHERLAND SMALL/MEDIUM COUNTRY A SMALL/MEDIUM COUNTRY B SMALL/MEDIUM COUNTRY C TURKEY egov Transport Energy Finance Telecom (to be created) Other SECTOR COORDINATION Coord by CYSPA member or National Chapter Coord by CYSPA member or National Chapter Coord by CYSPA member or National Chapter Coord by CYSPA member or National Chapter Coord by CYSPA Coord by CYSPA member or member or National Chapter National Chapter CORE ALLIANCE Consolidation (common positions) of the different sectors / support to their coordination Coordination & development common services / campaigns / experiments Consolidation of positions of National Chapters Link and coordination with EOS, EU Institutions and KICs

25 What can you do today? Join us through the CYSPA community portal ( "Who s who" service: check out the initiatives to understand how different organisations are working on cyber in Europe Develop National Chapters Come at the final Conference in Brussels on March 26 th

26 Map view of organisations and initiatives in Europe

27 Understanding risk campaign Enriching the four impact reports Creating the CYSPA risk self-assessment online tool -> 2015 Developing the tools & solutions observatory -> 2015

28 CYSPA Final Conference CYSPA Final Conference: The Opening of the CYSPA Alliance 26th March 2015, 10:00-18:30 MCE Conference Centre Rue de l'aqueduc 118, 1050 Ixelles Room B CYSPA is organising its Final conference on March 26th in Brussels to celebrate both the end of the project and the official opening of the Alliance to all stakeholders. This event will aim to gather high level experts and various EU stakeholders such as policy makers, industry representatives, research centres, universities, national and European associations to discuss the outcomes of the CYSPA Project and present the value added services of the Alliance to all participants. You can register at:

29 Join us! Full membership is open to stakeholders who wish to actively work with one or more of the CYSPA bodies (cyber security providers, users or public authorities concerned with cyber security). Associate membership is available to stakeholders who wish to participate in the CYSPA sector groups and kept up to date about CYSPA operations. Note: Full membership is free until at least March 2015.

30 Follow Join us! cyspa.eng.it Visit us!