Achieving Global Cyber Security Through Collaboration



Similar documents
Achieving Global Cyber Security Through Collaboration

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt

Cooperation in Securing National Critical Infrastructure

How To Write An Article On The European Cyberspace Policy And Security Strategy

How To Understand And Understand The European Priorities In Information Security

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

Cyber Security in Europe

National Cyber Security Strategies

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015

Prof. Udo Helmbrecht

Towards defining priorities for cybersecurity research in Horizon 2020's work programme Contributions from the Working Group on Secure ICT

Interna'onal Standards Ac'vi'es on Cloud Security EVA KUIPER, CISA CISSP HP ENTERPRISE SECURITY SERVICES

Cyber Defense and Cyber Security Policies in the UK and Germany

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final}

Cyber Security for Railway Signalling

Main Research Gaps in Cyber Security

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework

Cyber Security in EU: ENISA approach

Session 4: Programmes: the Core of the 10YFP

EU policy on Network and Information Security and Critical Information Infrastructure Protection

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

Cyber Security in EU: ENISA approach

An evaluation Framework for National Cyber Security Strategies. European Union Agency for Network and Information Security.

OUTCOME OF PROCEEDINGS

Volker Jacumeit, DIN e. V. ILNAS Workshop CSCG Presentation June 4, 2015

Founda'onal IT Governance A Founda'onal Framework for Governing Enterprise IT Adapted from the ISACA COBIT 5 Framework

Analysis on European landscape & Match making tool for Photonics Industry & Research

Unifying Incident Response Teams Via Multi Lateral Cyber Exercise for Mitigating Cros Border Incidents: Malaysia CERT Case Study

MAXIMIZING THE SUCCESS OF YOUR E-PROCUREMENT TECHNOLOGY INVESTMENT. How to Drive Adop.on, Efficiency, and ROI for the Long Term

WSECU Cyber Security Journey. David Luchtel VP IT Infrastructure & Opera:ons

Disrup've Innova'ons Track

NEW PASSENGER CAR REGISTRATIONS BY ALTERNATIVE FUEL TYPE IN THE EUROPEAN UNION 1 Quarter

1. Perception of the Bancruptcy System Perception of In-court Reorganisation... 4

EIOPA Stress Test Press Briefing Frankfurt am Main, 4 July 2011

Fostering Entrepreneurship among young people through education: a EU perspective. Simone Baldassarri Unit Entrepreneurship

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

187/ December EU28, euro area and United States GDP growth rates % change over the previous quarter

99/ June EU28, euro area and United States GDP growth rates % change over the previous quarter

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

Labour Force Survey 2014 Almost 10 million part-time workers in the EU would have preferred to work more Two-thirds were women

Cybersecurity Strategy of the Republic of Cyprus

INTERNATIONAL TRACKED POSTAGE SERVICE

168/ November At risk of poverty or social exclusion 2 rate in the EU28, (% of total population)

Equity Release Schemes in the European Union

ERASMUS+ MASTER LOANS

Program Model: Muskingum University offers a unique graduate program integra6ng BUSINESS and TECHNOLOGY to develop the 21 st century professional.

National Cyber Security Strategies. Practical Guide on Development and Execution

Business Analysis Standardization A Strategic Mandate. John E. Parker CVO, Enfocus Solu7ons Inc.

Computing our Future Computer programming and coding in schools in Europe. Anja Balanskat, Senior Manager European Schoolnet

ERMInE Database. Presentation by Nils Flatabø SINTEF Energy Research. ERMInE Workshop 2 - Northern Europe Oslo, 1. November 2006

IT Change Management Process Training

Energy prices in the EU Household electricity prices in the EU rose by 2.9% in 2014 Gas prices up by 2.0% in the EU

How To Prevent Cyber Crime

Graduate Systems Engineering Programs: Report on Outcomes and Objec:ves

Public consultation on the contractual public-private partnership on cybersecurity and possible accompanying measures

41 T Korea, Rep T Netherlands T Japan E Bulgaria T Argentina T Czech Republic T Greece 50.

CSER & emerge Consor.a EHR Working Group Collabora.on on Display and Storage of Gene.c Informa.on in Electronic Health Records

Size and Development of the Shadow Economy of 31 European and 5 other OECD Countries from 2003 to 2015: Different Developments

Alcohol Consumption in Ireland A Report for the Health Service Executive

ERASMUS+ MASTER LOANS

Planned Healthcare in Europe for Lothian residents

Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protec/ng Informa/on Assets Greg Senko

Implementing the cooperation mechanisms of the RES directive current status and open questions

Environmental Liability Directive; Implementation, Enforcement,

European Union Agency for Network and Information Security ENISA ANNUAL REPORT

ERASMUS FOR YOUNG ENTREPRENEURS : A NEW EXCHANGE PROGRAMME

Privileged Administra0on Best Prac0ces :: September 1, 2015

Electricity and natural gas price statistics 1

Cyber Threat Intelligence Sharing: Lessons Learned, ObservaMons, RecommendaMons

Problem analysis: why the EU Battlegroups have not been used so far. Four factors hampering the deployability of the Battlegroups can be identified:

Pan European Fire Strategy 2020 A safer Europe for all

MAPPING THE IMPLEMENTATION OF POLICY FOR INCLUSIVE EDUCATION

Cybersecurity and the Romanian business environment in the regional and European context

EUF STATISTICS. 31 December 2013

How To Understand Factoring

The innovation value chain:

EUROPE 2020 TARGETS: RESEARCH AND DEVELOPMENT

Keeping European Consumers safe Rapid Alert System for dangerous non-food products 2014

EU Lesson Plan. Name of Teacher: Sharon Goralewski School: Oakland Schools Title of Lesson Plan: The European Union: United in Diversity

FUSIONS Food waste data set for EU-28. New Estimates and Environmental Impact

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

ENISA Work programme

Transcription:

Achieving Global Cyber Security Through Collaboration Steve Purser Head of Core Operations Department November 2013 European Union Agency for Network and Information Security www.enisa.europa.eu

Agenda About ENISA The EU Cyber Security Strategy Protec7ng Cri7cal Informa7on Infrastructure Input to EU & MS Cyber Security Strategies Assis7ng Opera7onal Communi7es Security & Data Breach No7fica7on European Union Agency for Network and Information Security www.enisa.europa.eu 2 2

ENISA The European Network & Informa7on Security Agency (ENISA) was formed in 2004. The Agency is a Centre of Exper7se that supports the Commission and the EU Member States in the area of informa7on security. We facilitate the exchange of informa7on between EU ins7tu7ons, the public sector and the private sector. European Union Agency for Network and Information Security www.enisa.europa.eu 3

Ac-vi-es The Agency s principal ac7vi7es are as follows: Advising and assis7ng the Commission and the Member States on informa7on security. Collec7ng and analysing data on security prac7ces in Europe and emerging risks. Promo7ng risk assessment and risk management methods. Awareness- raising and co- opera7on between different actors in the informa7on security field. European Union Agency for Network and Information Security www.enisa.europa.eu 4

Agenda About ENISA The EU Cyber Security Strategy Protec7ng Cri7cal Informa7on Infrastructure Input to EU & MS Cyber Security Strategies Assis7ng Opera7onal Communi7es Security & Data Breach No7fica7on European Union Agency for Network and Information Security www.enisa.europa.eu 5 5

EU Cyber Security Strategy The Five strategic objec7ves of the strategy: Achieving cyber resilience Dras7cally reducing cybercrime Developing cyberdefence policy and capabili7es related to the Common Security and Defence Policy (CSDP) Developing the industrial and technological resources for cybersecurity Establishing a coherent interna7onal cyberspace policy for the European Union and promote core EU values. ENISA explicitly called upon. European Union Agency for Network and Information Security www.enisa.europa.eu 6

EU Cybersecurity Strategy The Commission asks ENISA to: Assist the Member States in developing strong na7onal cyber resilience capabili7es. Examine in 2013 the feasibility of Computer Security Incident Response Team(s) for Industrial Control Systems (ICS- CSIRTs) for the EU. Con7nue suppor7ng the Member States and the EU ins7tu7ons in carrying out regular pan- European cyber incident exercises. Propose in 2013 a roadmap for a "Network and Informa7on Security driving licence". Support a cybersecurity championship in 2014, where university students will compete in proposing NIS solu7ons. European Union Agency for Network and Information Security www.enisa.europa.eu 7

EU Cybersecurity Strategy The Commission asks ENISA to: Support the organisa7on of a yearly cybersecurity month. Develop, in coopera7on with relevant stakeholders, technical guidelines and recommenda7ons for the adop7on of NIS standards and good prac7ces in the public and private sectors. Collaborate with Europol to iden7fy emerging trends and needs in view of evolving cybercrime and cybersecurity pa[erns so as to develop adequate digital forensic tools and technologies. European Union Agency for Network and Information Security www.enisa.europa.eu 8

Agenda About ENISA The EU Cyber Security Strategy Protec7ng Cri7cal Informa7on Infrastructure Input to EU & MS Cyber Security Strategies Assis7ng Opera7onal Communi7es Security & Data Breach No7fica7on European Union Agency for Network and Information Security www.enisa.europa.eu 9 9

The ENISA Threat Landscape The ENISA Threat Landscape provides an overview of threats and current and emerging trends. It is based on publicly available data and provides an independent view on observed threats, threat agents and threat trends. Over 120 recent reports from a variety of resources have been analysed. European Union Agency for Network and Information Security www.enisa.europa.eu 10

Developed overview European Union Agency for Network and Information Security www.enisa.europa.eu 11

Cyber Exercises Cyber Europe 2010. Europe s first ever interna7onal cyber security exercise EU- US exercise, 2011. Also a first : work with COM & MS to build transatlan7c coopera7on Cyber Europe 2012. Developed from 2010 & 2011 exercises. Involves MS, private sector and EU ins7tu7ons. Highly realis7c exercise, Oct 2012 European Union Agency for Network and Information Security www.enisa.europa.eu 12

Securing New Technologies European Union Agency for Network and Information Security www.enisa.europa.eu 13

Agenda About ENISA The EU Cyber Security Strategy Protec7ng Cri7cal Informa7on Infrastructure Input to EU & MS Cyber Security Strategies Assis7ng Opera7onal Communi7es Security & Data Breach No7fica7on European Union Agency for Network and Information Security www.enisa.europa.eu 14 14

Austria Czech Republic Estonia Finland France Germany Hungary Lithuania Luxemburg Netherlands Poland Romania Slovakia United Kingdom Member States with NCSS European Union Agency for Network and Information Security www.enisa.europa.eu 15

Good Prac-ce Guide ENISA deliverable of 2012 Describes: Known good prac7ces, standards and policies The elements of a good Cyber Security Strategy Ins7tu7ons and roles iden7fied in a Strategy Par7es involved in the development lifecycle Challenges in developing and maintaining a Strategy European Union Agency for Network and Information Security www.enisa.europa.eu 16 16

Agenda About ENISA The EU Cyber Security Strategy Protec7ng Cri7cal Informa7on Infrastructure Input to EU & MS Cyber Security Strategies Assis7ng Opera7onal Communi7es Security & Data Breach No7fica7on European Union Agency for Network and Information Security www.enisa.europa.eu 17 17

Suppor-ng Opera-onal Communi-es - Overview European Union Agency for Network and Information Security www.enisa.europa.eu 18 18

in 2005 Na-onal/governmental CERTs the situa-on has changed ESTABLISHED IN 2005: Finland France Germany Hungary The Netherlands Norway Sweden UK Baseline capabilities of n/g CERTs Initially defined in 2009 (operational aspects) In 2010 Policy recommendations drafted In 2012 ENISA continues to work on a harmonisation together with MS Status Report 2012 National/governmental CERT capabilities updated recommendations 2012 European Union Agency for Network and Information Security www.enisa.europa.eu 19

CERT Exercises and training material ENISA CERT training/exercise material, used since 2009, was extended to host 23 different topics and training exercises including: Technical aspects Organisa7onal aspects Opera7onal aspects Addi7onally a Roadmap was created to answer the ques7on How could ENISA provide more proac7ve and efficient CERT training? European Union Agency for Network and Information Security www.enisa.europa.eu 20

Fostering CERT- LEA Collabora-on Main goals: Define key concepts Describe the technical and legal/regulatory aspects of the fight against cybercrime Compile an inventory of opera7onal, legal/regulatory and procedural barriers and challenges and possible ways to overcome these challenges Collect exis7ng good and best prac7ces Develop recommenda7ons Focus on CERT- LEA coopera7on European Union Agency for Network and Information Security www.enisa.europa.eu 21 21

Agenda About ENISA The EU Cyber Security Strategy Protec7ng Cri7cal Informa7on Infrastructure Input to EU & MS Cyber Security Strategies Assis7ng Opera7onal Communi7es Security & Data Breach No7fica7on European Union Agency for Network and Information Security www.enisa.europa.eu 22 22

Security & Data Breach No-fica-on Suppor7ng MS in implemen7ng Ar7cle 13a of the Telecommunica7ons Framework Direc7ve Supported NRA s in implemen7ng the provisions under ar7cle 13a Developed and implemented the process for collec7ng annual na7onal reports of security breaches Developed minimum security requirements and propose associated metrics and thresholds Suppor7ng COM and MS in defining technical implementa7on measures for Ar7cle 4 of the eprivacy Direc7ve. Recommenda7ons for the implementa7on of Ar7cle 4. Collabora7on with Art.29 TS in producing a severity methodology for the assessment of breaches by DPAs European Union Agency for Network and Information Security www.enisa.europa.eu 23 23

Ar-cle 13a - Incidents 2011 51 incidents from 11 countries, 9 countries without significant incidents, 9 countries with incomplete implementa7on Most incidents Affect mobile comms (60%) Are caused by hardware/sokware failures (47%) third party failures (33%), natural disasters (12%) Many involve power cuts (20%) Natural disasters (storm, floods, et cetera) oken cause power cuts, which cause outages European Union Agency for Network and Information Security www.enisa.europa.eu 24

Ar-cle 13a - Incidents 2012 79 incidents from 18 countries, 9 countries without significant incidents, 1 country with incomplete implementa7on Most incidents Are caused by System failures (76%), third party failures (13%), Malicious ac7ons (8%) natural disasters (6%) European Union Agency for Network and Information Security www.enisa.europa.eu 25

Ques-ons? Follow ENISA: European Union Agency for Network and Information Security www.enisa.europa.eu

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information