Cyber Security in EU: ENISA approach



Similar documents
Cyber Security in EU: ENISA approach

Cyber Security in Europe

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

Prof. Udo Helmbrecht

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA

How To Understand And Understand The European Priorities In Information Security

Achieving Global Cyber Security Through Collaboration

Cooperation in Securing National Critical Infrastructure

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final}

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt

How To Write An Article On The European Cyberspace Policy And Security Strategy

Towards defining priorities for cybersecurity research in Horizon 2020's work programme Contributions from the Working Group on Secure ICT

European Union Agency for Network and Information Security ENISA ANNUAL REPORT

EU policy on Network and Information Security and Critical Information Infrastructure Protection

European Distribution System Operators for Smart Grids

CYSPA launch event - Turkey

Achieving Global Cyber Security Through Collaboration

The Growth of the European Cybersecurity Market and of a EU Cybersecurity Industry

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

ENISA workshop on Security Certification of ICT products in Europe

WORK PROGRAMME NOVEMBER 2012

OUTCOME OF PROCEEDINGS

Cyber Security for Railway Signalling

CYSPA - EC projects supporting NIS

Smart grid security certification in Europe Challenges and recommendations

Cyber security initiatives in European Union and Greece The role of the Regulators

ENISA Work programme

National Cyber Security Strategy

EU Cybersecurity: Ensuring Trust in the European Digital Economy

ICS-SCADA testing and patching: Recommendations for Europe

National Cyber Security Strategies. Practical Guide on Development and Execution

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

ROADMAP. Proposal on a European Strategy for Internet Security

Cloud and Critical Information Infrastructures

Smart grid cyber security certification

Stocktaking, Analysis and Recommendations on the Protection of CIIs JANUARY European Union Agency For Network And Information Security

The State of Industrial Control Systems Security and National Critical Infrastructure Protection

D 6.4 and D7.4 Draft topics of EEGI Implementation Plan Revision: Definitive

Cyber Security in Austria

Cyber Security Review

Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors

National Cyber Security Strategies

Technical Guideline on Security Measures

How To Discuss Cybersecurity In European Parliament

ANALYSIS OF CYBER SECURITY ASPECTS IN THE MARITIME SECTOR

Cyber security in an organization-transcending way

Cyber Security and Cyber Warfare: The EU approach and experience Prof. Claudio CILLI CIA, CISA, CISSP, CISM, CSSLP, CRISC, CGEIT, M.Inst.

Partnership for Cyber Resilience

Good Practices on Reporting Security Incidents

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September Co-Chair s Summary Report

Standards for Cyber Security

Methodologies for the identification of Critical Information Infrastructure assets and services

Cyber Europe Key Findings and Recommendations

NIST Cybersecurity Framework What It Means for Energy Companies

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

ENCS/NEC RESEARCH MEETING

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Harmonisation of electricity generation transmission tariffs. A EURELECTRIC contribution to ACER s scoping exercise

Appropriate security measures for smart grids

Council of the European Union Brussels, 4 March 2015 (OR. en) Delegations No. prev. doc.: 9298/5/14 EU Cybersecurity Strategy: Road map development

Smart Grids development in Europe

Drafted by ENTSOE. NCs impact DSOs grid ooperation. Approved at EU level. Network Codes. Significant Costs for EU DSOs - billions

JOINT COMMUNICATION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

Internet Governance and Cybersecurity Patrick Curry MACCSA

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Cybersecurity for ALL

The Critical Infrastructure: To be or not to be Secure. European Network for Cyber Security. Fred Streefland Director Education & Training

Managing Cyber Risks to Transportation Systems. Mike Slawski Cyber Security Awareness & Outreach

Volker Jacumeit, DIN e. V. ILNAS Workshop CSCG Presentation June 4, 2015

G7 Opportunities for Collaboration

Good Practice Guide on National Exercises

How can the Future Internet enable Smart Energy?

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

Actions and Recommendations (A/R) Summary

CYBERSECURITY INDEX OF INDICES

Next Steps for the European Electricity Market Infrastructure and Market Design

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Cyber Security key emerging risk Q3 2015

Energy Union and 2030 Energy & Climate Governance. A EURELECTRIC position paper

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

Network Cyber Security. Presented by: Motty Anavi RFL Electronics

Transcription:

Cyber Security in EU: ENISA approach Konstantinos Moulinos, Security Expert European Union Network and Information Security Agency in Electricity Distribution Grids, Brussels European Union Agency for Network and Information Security Securing Europe s Information Society Operational Office in Athens 2 1

Positioning ENISA activities 3 Terms and interrelationships Critical Infrastructure Protection* Energy Energy sector (e.g. gas, nuclear) Security & safety Energy sector Smart grid cybersecurity National Strategies 4 2

EU Policy Context Energy and CIIP Directive 114/2008 Proposal for a NIS Directive EU s CIIP action plan EU Cyber Security Strategy (COM Digital Single Market strategy 5 Why cyber? ICS-CERT Year in Review 2014 HP Enterprise Security s 2014 Global Report on the Cost of Cyber Crime by the Ponemon Institute Many incidents but no major disruptions yet Everybody agrees that we have to do something but what? 6 3

Cyber security management Smart grid dependencies on telcos Smart grid threat landscape Risk assessment Information Security Intelligence Smart grid devices certification ICS SCADA security Governance and roles Appropriate security measures Cost of implementation Security measures Incident Reporting Cyber Security is not only technical but also operational and organisational? Root causes? Assets affected 7 ENISA effort in Smart Grids Challenging area, emerging technology Different types of stakeholders Various sizes of organizations Not a clear view of the market Setting baseline cyber security measures for Smart Grids Not an easy task Consensus is needed ENISA aims to reach better harmonisation across the EU this way contributing to the Digital Single Market Strategy Collaboration with the European Commission Smart Grids Task Force (SGTF) Adoption by the SGTF EG2 and CEN/CENELEC/ETSI Smart Grid Coordination Group Practical guide to deploy baseline security measures 8 4

like curling 9 An example of Incident Reporting: Telecoms Most major outages were caused by software bugs and hardware failures Detailed Causes and Affected Assets (Percentage of all incidents) Most major outages affected base stations and switches 10 5

Governance models report- Why? Low participation of public authorities in EG2 ad hoc group on Smart grid security measures Overlapping mandates amongst different national authorities TSOs do not consider smart grid security as their problem Energy regulators usually not empowered with cyber security mandate Smart grids an emerging area sometimes not covered by CIIs 11 Status of existing governance models Legend: Size: Roles and Responsibilities o Small: No roles and responsibilities defined o Medium: Definition ongoing o Large: Roles and responsibilities already defined Color: Smart Grid Framework o Red: Existing Smart Grid Framework o Blue: No existing Smart Grid Framework Sub-quadrants position: Smart Grids and Critical Infrastructure Protection o Right: Smart Grid part of National Cyber Security Strategy (NCSS) o Left: Smart Grid not part of NCSS o Up: Smart Grids part of National Critical Infrastructures (NCIs) o Down: Smart Grids not part of NCIs 12 6

Information Sharing ERNCIP European Reference Network for Critical Infrastructure Protection. TNCEIP Thematic Network on Critical Energy Infrastructure Protection DENSEK European Energy - ISAC NIS platform ENISA SISEC Smart Infrastructures Security Experts Community ENISA ICS Security Stakeholder Group Collaboration with: CEER ACER ENTSO-E Eurelectric 13 Trends Mandatory incident reporting (EU) Information sharing and analysis (EU) Baseline security measures (EU) National risk assessment (MS) Compliance Audits (MS) 14 7

Key recommendations Governance Model Foster R&D as a Requirement Identify and AnalyzeCost of Measures Common EU Energy Framework Trusted Information Sharing Initiatives Increase User Awareness National Risk Assessment National Energy Framework Incident Response Capabilities and Report Mechanisms Definition of Roles and Responsibilities Collaboration Platform Join International Forums and WG National Forum on Energy Support Dialogue Among Stakeholders Define Baseline Security Requirements 15 Open issues Next Steps Identification of good practices for ICS- SCADA/Smart Grids incident reporting Certification of smart grid components and systems Definition of EU baseline security requirements A roadmap for more harmonized national certification approaches Certification of smart grid cyber security skills Incident response capability for smart grids and relationships to existing national ICS-CERT/Gov CERTs Inject smart grids into NIS platform Bring competent authorities on board 16 8

Conclusions Cyber attacks on CIIs is now the norm than a future trend MS and private sector, with the assistance of ENISA, should co-operate to protect CIIs sharing experiences and information developing and deploying good practices co-operate with NRAs to achieve EU wide harmonization of EU regulations Collaboration is Everything 17 Konstantinos Moulinos resilience@enisa.europa.eu http://www.enisa.europa.eu/act/res 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information