CIIP : ENISA s Role in Assisting Member States

Similar documents
Cyber Security in Europe

How To Write An Article On The European Cyberspace Policy And Security Strategy

Prof. Udo Helmbrecht

Cyber Security in EU: ENISA approach

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

Achieving Global Cyber Security Through Collaboration

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015

Cyber Security in EU: ENISA approach

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

ENISA and Cloud Security

Cooperation in Securing National Critical Infrastructure

ENISA and Cloud Security

National-level Risk Assessments

How To Understand And Understand The European Priorities In Information Security

Cloud and Critical Information Infrastructures

Cyber Europe Key Findings and Recommendations

Cloud Computing - Cyber Security Challenges for the Finance Sector

ENISA Work programme

Achieving Global Cyber Security Through Collaboration

European Union Agency for Network and Information Security ENISA ANNUAL REPORT

ENISA and Cloud Security

Annual Incident Reports 2011

WORK PROGRAMME NOVEMBER 2012

National Cyber Security Strategies

Security and privacy standardization for the SME community

Cyber Security for Railway Signalling

Work programme

ENISA TRAINING. Tentative agenda for workshop. Supported and co- organised by: TLP WHITE JANUARY 2016

CYSPA - EC projects supporting NIS

Methodologies for the identification of Critical Information Infrastructure assets and services

EUROPEAN CYBERSECURITY FLAGSHIP SUMMARY

Dr. Vangelis OUZOUNIS Senior Expert Security Policies ENISA.

ICS-SCADA testing and patching: Recommendations for Europe

Cybersecurity in the Digital Economy Challenges and Threats to the Financial Services Sector

Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors

Appropriate security measures for smart grids

National Cyber Security Strategies. Practical Guide on Development and Execution

Thresholds for annual reporting

OPEN CALL FOR TENDERS. Supporting Critical Information Infrastructures Protection and ICS-SCADA security activities

European Distribution System Operators for Smart Grids

ROADMAP. Proposal on a European Strategy for Internet Security

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

Cyber security initiatives in European Union and Greece The role of the Regulators

Virtual Appliance Instructions for ENISA CERT Training TLP WHITE APRIL European Union Agency For Network And Information Security

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Council of the European Union Brussels, 5 March 2015 (OR. en)

Cybersecurity Strategy of the Republic of Cyprus

EU Cybersecurity: Ensuring Trust in the European Digital Economy

Cybersecurity cooperation

Energy Industry Cybersecurity Report. July 2015

Network and Information Security Legislation in the EU

EU policy on Network and Information Security and Critical Information Infrastructure Protection

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

CYBER SECURITY FOUNDATION - OUTLINE

The Transatlantic Trade and Investment Partnership (TTIP) State of Play

high level event 2015 Cyber 7 Seven messages to the Edge of Cyber-Space

Security issues in M2M envinronments when dealing with encrypted communication channels (such as SSH) Raoul Chiesa President, Security Brokers

ENISA s contribution to the development of Network and Information Security within the Community

5581/16 AD/NC/ra DGE 2

EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda?

National Cyber Security Strategy

(NW & IT) Security: A Global Provider s Perspective

COMMISSION STAFF WORKING DOCUMENT. Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe'

Council of the European Union Brussels, 4 July 2014 (OR. en) Mr Uwe CORSEPIUS, Secretary-General of the Council of the European Union

Annual Incident Reports 2013

Dealer Member Cyber-security

BOARD OF GOVERNORS MEETING JUNE 25, 2014

European Privacy Reporter

The State of Industrial Control Systems Security and National Critical Infrastructure Protection

Towards closer EU-ASEAN collaboration in cybersecurity

The Growth of the European Cybersecurity Market and of a EU Cybersecurity Industry

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Internet Governance and Cybersecurity Patrick Curry MACCSA

Good practice guide for CERTs in the area of Industrial Control Systems

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Stocktaking, Analysis and Recommendations on the Protection of CIIs JANUARY European Union Agency For Network And Information Security

DATA BREACH RESPONSE READINESS Is Your Organization Prepared?

IoT & SCADA Cyber Security Services

Cyber Security Solutions

All Eyes: A Security Breach Exercise. Disaster Recovery/Security and Business Continuity Readiness

Annual Incident Reports 2012

RIGA DECLARATION. ON REMOTELY PILOTED AIRCRAFT (drones) "FRAMING THE FUTURE OF AVIATION" Riga - 6 March 2015

State Governments at Risk: The Data Breach Reality

Standards for Cyber Security

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final}

3 rd Informal Cyber Security Experts Forum Round Table discussion on Cyber Security

Technical Guideline on Security Measures

EBA s regulatory work on payments. Geoffroy Goffinet PAYMENT SYSTEMS MARKET EXPERT GROUP 03/12/2015

Status Report Deployment of Baseline Capabilities of National/ Governmental CERTs

MALTA NATIONAL CYBER SECURITY STRATEGY GREEN PAPER

Securing Internet Payments across Europe. Guidelines for Detecting and Preventing Fraud

OUTCOME OF PROCEEDINGS

Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids

Network security policy issues. Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece

PwC s Advanced Threat and Vulnerability Management Services

DS : Trust eservices. The policy context: eidas Regulation

Transcription:

CIIP : ENISA s Role in Assisting Member States Steve Purser Head of Core Operations SEDE Committee Brussels 21 April 2016 European Union Agency for Network and Information Security

ENISA ENISA was formed in 2004. The original mandate was renewed and extended in 2013. The Agency is a Centre of Expertise that supports the Commission and the EU Member States in the area of information and network security. We facilitate the exchange of information between communities, with particular emphasis on the EU institutions, the public sector and the private sector. 2

Positioning ENISA activities 3

ENISA Threat Landscape Top threats 4

Critical Information Infrastructure Protection in Europe: ENISA efforts Communication networks: Critical information Infrastructure and Internet Infrastructure Smart grids ICS SCADA ehealth Finance Transport 5

National Cyber Security Strategies (NCSS) ENISA maintains an interactive map of NCSS on its website EU MS currently have different maturity levels CIIP is a key subject in NCSSs PPPs - limited success so far SMEs are, in general, not properly covered Overlaps in authorities and mandates Assessment of NCSS is an issue https://www.enisa.europa.eu/activities/resilience-and-ciip/national-cyber-security-strategies-ncsss 6

Incident Reporting for the Telecom Sector Article 13a of the Framework Directive (2009/140/EC), is introduced in the 2009 by the EU regulatory framework for electronic communications. Art. 13a addresses security and integrity of public electronic communications networks and services (availability of the service). Art. 13a of Telecom Package: Expert Group with all NRAs (EU and EFTA) & EC Non-binding technical guidelines (strong adoption among MS) 4 years of success annual reporting from Telecoms to NRAs and then to ENISA and EC Impact evaluation available March 2016. More incident reporting schemes: Article 4 on data breaches - Telecom Package Article 19 on breaches of trust services - eidas NIS Directive (affecting many sectors) 7

Incidents per root cause category (percentage) 80 76 70 60 61 66 50 47 40 30 20 10 12 12 6 6 5 8 14 19 20 6 5 9 0 2011 2012 2013 2014 Natural phenomena Human errors Malicious actions System failures 8

Cloud Computing Risk Assessment Updated Cloud Computing Risk Assessment. Identifies important security benefits as well as risks in moving to the Cloud. Explains and examines different cloud service models. 9

ICS SCADA EuroSCSIE ICS Security Stakeholder Group Protecting Industrial Control Systems. Recommendations for Europe and Member States Can we learn from SCADA security incidents? Window of exposure a real problem for SCADA systems? Good Practices for an EU ICS Testing Coordination Capability Certification of Cyber Security skills of ICS/SCADA professionals In 2015 ENISA developed a study on ICS SCADA maturity models 10

EU Cybersecurity exercises Joint EU-US Cybersecurity Exercise 2011 First transatlantic cooperation exercise. Table-top exercise - what-if scenarios. Cyber Europe 2010-2014 Large scale realistic cyber-crisis exercises. Public and private sector involved. Largest cyber exercise to date. Cyber Europe 2016 The exercise will take place in Q4. Cyber Exercise Platform (CEP) Will offer opportunities for continuous cyber exercising. More information on: http://www.enisa.europa.eu/c3e 11

The NIS Directive Scope: to achieve a high common level of security of NIS within the Union (first EU regulatory act at this level). Status: adoption pending. Key Provisions: Obligations for all Member States to adopt a National NIS strategy and designate National Authorities. Obliges Member States to designate national competent authorities and CSIRTS. Creates first EU cooperation group on NIS, from all Member States. Creates an EU national CSIRTs network. Establishes security and notification requirements for operators of Essential Services (ESP) and Digital Service Providers (DSP). 12

The NIS Directive National Cyber Security Strategies Cloud Computing Services Online Marketplaces Digital Service Providers Strategic Cooperation Network Incident Reporting Security Requirements Operators of Essential Services Transport Energy and Water Healthcare Search Engines Tactical/Operational CSIRT Network Banking and Financial market infrastructures Digital Infrastructure 13

Conclusions ENISA works together with operational communities to identify pragmatic solutions to current security issues. We issue concrete advice on how to improve system security and which implementations to favour. The solutions we propose are based on industry best practice and are therefore known to work. By working in this way, we put security to the service of EU industry and improve the competitiveness of our industries. 14

Thank you for your attention! PO Box 1309, 710 01 Heraklion, Greece Tel: +30 28 14 40 9710 info@enisa.europa.eu www.enisa.europa.eu

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information