The European Platform in Network and Information Security (NIS) Fabio Martinelli

Similar documents
Towards defining priorities for cybersecurity research in Horizon 2020's work programme Contributions from the Working Group on Secure ICT

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final}

CYSPA - EC projects supporting NIS

How To Write An Article On The European Cyberspace Policy And Security Strategy

EU policy on Network and Information Security and Critical Information Infrastructure Protection

How To Understand And Understand The European Priorities In Information Security

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

Cyber security in education in Greece

BIC a multi-lateral international cooperation strategy based on in-country Extended Working Groups (EWGs)

Usage Control in Cloud Systems

Overview TECHIS Manage information security business resilience activities

ESCoRTS A European network for the Security of Control & Real Time Systems

Helmut Wacket Head of Oversight Division. Cybersecurity: regulatory framework and central bank initiatives in the EU

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

EFFECTS+ Clustering of Trust and Security Research Projects, Identifying Results, Impact and Future Research Roadmap Topics

EU Cybersecurity: Ensuring Trust in the European Digital Economy

Cyber Security Strategy

Cyber Security in Austria

CYSPA launch event - Turkey

OUTCOME OF PROCEEDINGS

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Committees Date: Subject: Public Report of: For Information Summary

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

Council of the European Union Brussels, 5 March 2015 (OR. en)

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

Building International Cooperation for Trustworthy ICT (BIC) Presented by: Michel Riguidel, Telecom Paris-Tech

Parametric Attack Graph Construction and Analysis

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA

Towards new mission-oriented RTI policy and new rationales for programming and priority-setting

National Initiative for Cyber Security Education

Bradford J. Willke, CISSP

Lessons from Defending Cyberspace

Dr. Vangelis OUZOUNIS Senior Expert Security Policies ENISA.

Infocomm Security Masterplan 2

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

NICE and Framework Overview

ETIP Wind Steering Committee meeting Monday 7th March :00 16:45 EWEA office, Rue d Arlon 80 6th floor Bruxelles AGENDA

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis

The internet and digital technologies play an integral part

Project Resilience and Public Private Partnerships

April 28, Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC

GRUAN Station Report for Potenza

Future cybersecurity threats and research needs.

Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity

aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA

The Growth of the European Cybersecurity Market and of a EU Cybersecurity Industry

Achieving Global Cyber Security Through Collaboration

National Cyber Security Strategy

Jyväskylä Cyber Security Ecosystem

Cybersecurity Awareness for Executives

Cyber Security in EU: ENISA approach

NIST Cybersecurity Framework What It Means for Energy Companies

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Public consultation on the contractual public-private partnership on cybersecurity and possible accompanying measures

Working Party on Information Security and Privacy

Harrow Business Consultative Panel. Business Continuity Management. Responsible Officer: Myfanwy Barrett Director of Finance and Business Strategy

The Corporate Select Committee is asked to note the attached report.

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010

Il Ruolo delle Università nelle politiche di sicurezza cibernetica e di protezione delle infrastrutture critiche per il Paese

CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE PERIOD

City Technology Platform Technical Architecture Context

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

The EBF would like to take the opportunity to note few general remarks on key issues as follows:

D 6.4 and D7.4 Draft topics of EEGI Implementation Plan Revision: Definitive

Internet Governance and Cybersecurity Patrick Curry MACCSA

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

Cyber Security in EU: ENISA approach

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order Improving Critical Infrastructure Cybersecurity

Cyber security Indian perspective & Collaboration With EU

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Digital performance of Italy

WHAT S ABOUT CYBERSECURITY, WP

Cybersecurity Strategy of the Republic of Cyprus

Horizon ICT Call 2016 Topic Preview 5 th May 2015

TDL Recommendations to NIS (WG3/SRA)

Information Governance Strategy

Finnish Cyber Security Strategy. Permanent Secretary, LTG Arto Räty Chairman of the Security Committee , Geneva

Federal Reserve System Secure Payments Task Force

idata Improving Defences Against Targeted Attack

Presidency of the Council of Ministers THE NATIONAL PLAN FOR CYBERSPACE PROTECTION AND ICT SECURITY

Cloud Security Standardisation & Certification. Arjan de Jong Policy Advisor Information Security

Actions and Recommendations (A/R) Summary

Accenture Cyber Security Transformation. October 2015

ICT Internal Audit Strategy to Report by the Head of Finance

Track 14. Networking and Coordination Cluster of CSAs / NoEs in Trust and Security

Cybersecurity and the Romanian business environment in the regional and European context

Cooperation in Securing National Critical Infrastructure

Standards for Cyber Security

APPENDIX 2 Economic Development Strategy Project Schedule

Cybersecurity Framework. Executive Order Improving Critical Infrastructure Cybersecurity

Gold Sponsor of the study: Incident Response Management

TRANSPORT FOR LONDON SAFETY, HEALTH AND ENVIRONMENT ASSURANCE COMMITTEE

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015

Achieving Global Cyber Security Through Collaboration

CYBER SECURITY SERVICES PWNED

TERMS OF REFERENCE CONSULTANCY TO DEVELOP A MODEL NATIONAL RECOVERY FRAMEWORK

SESAR Studies & Demonstration Projects on RPAS & Cyber-Security

Business Continuity for Cyber Threat

ICT Strategy

Transcription:

The European Platform in Network and Information Security (NIS) Fabio Martinelli Istituto di Informatica e Telematica Consiglio Nazionale delle Ricerche IIT-CNR, Pisa, Italy

Cyber security directive - (Network and Information Security NIS) A new initiative launched by the Commission for member states and companies in order to support the adoption of the new Cyber Security Directive (launched on Jan 2013 revised this Jan.) The aim of the proposed Directive is to ensure a high common level of network and information security (NIS). This means improving the security of the Internet and the private networks and information systems underpinning the functioning of our societies and economies. This will be achieved by requiring the Member States to increase their preparedness and improve their cooperation with each other, and by requiring operators of critical infrastructures, such as energy, transport, and key providers of information society services, as well as public administrations to adopt appropriate steps to manage security risks and report serious incidents to the national competent authorities. 2

Cyber security directive (NIS) -2 The directive mainly addresses the necessity to increase the cyber security level of all the member states In particular, consolidation and cooperation of national CERTs able to share incidents information creation of national preparedness plans for cyber security (including authorities etc) including risk management plans 3

Cyber security directive (NIS) -3 At the national level it recommends: (a) The definition of the objectives and priorities of the strategy based on an up-todate risk and incident analysis; (b) A governance framework to achieve the strategy objectives and priorities, including a clear definition of the roles and responsibilities of the government bodies and the other relevant actors; (c) The identification of the general measures on preparedness, response and recovery, including cooperation mechanisms between the public and private sectors; (d) An indication of the education, awareness raising and training programmes; (e) Research and development plans and a description of how these plans reflect the identified priorities. 4

Cyber security directive (NIS) -4 Among the requirements: Member States shall ensure that public administrations and market operators take appropriate technical and organisational measures to manage the risks posed to the security of the networks and information systems which they control and use in their operations. Having regard to the state of the art, these measures shall guarantee a level of security appropriate to the risk presented. In particular, measures shall be taken to prevent and minimise the impact of incidents affecting their network and information system on the core services they provide and thus ensure the continuity of the services underpinned by those networks and information systems. 5

The NIS platform To support the EU cyber security directive EU decided to create a public/private/cooperation in the form of a EU platform on Network and Information Security (NIS) Unique opportunity to better understand NIS Challenges, Threats and Risks A platform for bringing together policy and technical experts to debate about the current and future challenges A platform for influencing future R&D in NIS issues

Topics of the NIS platform 1. Organisational measures: practices to define, guide or evaluate an organisation s cybersecurity, specifically its capability to identify, assess and mitigate cybersecurity risks, and to deter and handle incidents; (Risk management for cyber security) 2. Secure products and services: practices to demonstrate the ability of products or services to provide a good level of cybersecurity performance as part of the ICT value chain; (Assurance) 3. Metrics, measurement and language / taxonomy for cyber risk: practices for measuring, describing and evaluating cyber risks, impacts, threats, controls, etc. (Metrics and measurements for cybersecurity) 4. Information exchange: practices for the exchange of cyber incident information, to allow cyber incident reports to be understood and acted upon in the framework of complex cooperation schemes; to facilitate a high level view of all cyber incidents which facilitates spotting trends and directing resources; (Information exchange) 5. Cybersecurity resources: practices to manage and develop cybersecurity knowledge, skills and resources within an organisation or a sector. (Cybersecurity best practices) 7

WGs structure Eventually 3 WGs have best established (two mainly operational and one mainly research&innovation oriented): WG1 on Risk Management aims to identify best practice in cybersecurity risk management activities, provide guidance to enhance levels of information security and facilitate the voluntary take-up of the practices; WG2 on Information Sharing aims to promote the sharing of cyber threat information and incidents and allowing coordination in both the public and private segments of the EU; WG3 on Secure ICT R&I WG3 will address issues related to Cyber Security research and innovation in the context of the EU Strategy for Cyber Security.

WG3 deliverables WG3 Main deliverables

WG3 initial activities WG3 met in Sept. 27 / Dec. 12: Get participants to know each other; Contribute to the terms of reference (TOR); Share knowledge and content related to the Strategic Research Agenda (SRA); Draft a structure that facilitates this work.

WG3 Steps achieved Strategic Research Agenda ToC (draft): Executive Summary Introduction Background Description of Area of Interest Description of the AoI s vision Description of the issues and challenges Identification of Technology, Policy and Regulation Enablers Inhibitors SRA ToC Gap analysis (tech., policy, regulation, and competences) for achieving the vision

ToC (draft): (cont.) Cross-analysis of all areas of interest s enablers and inhibitors Finding commonalities (e.g., two enablers shared by AoIs) Finding conflicts (e.g., one enabler becomes and inhibitor) Giving research priorities Roadmap Timelines Identification of R&D&I instruments Key performance indicators Other aspects as Economic and Social benefits (using results from the business and educations deliverables) Biblio Appendix SRA ToC (II)

Deliverable: Strategic Areas Research of Interest Agenda (SRA)

Thanks!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information