Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

Size: px
Start display at page:

Download "Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know"

Transcription

1 Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know Aristotelis Tzafalias Programme Officer, Trust and Security DG Communications Networks, Content and Technology

2 Proposal for a Directive on NIS A general overview What should every CISO know? Articles 14, 15 and 16 State of play What should ever CISO really know? What happens next? What can I do in the meantime? What else is going on? What do I gain from the NIS Directive?

3 Capabilities: Common NIS requirements at national level NIS strategy and cooperation plan NIS competent authority Computer Emergency Response Team (CERT) Proposal for a Directive on NIS Key elements (1/3)

4 Proposal for a Directive on Network and Information Security (NIS) Article 114 TFEU Key elements (2/3) Cooperation: NIS competent authorities to cooperate within a network at EU level Early warnings and coordinated response Capacity building NIS exercises at EU level ENISA to assist

5 Proposal for a Directive on Network and Information Security (NIS) Article 114 TFEU Key elements (3/3) Risk management and incident reporting for: Energy electricity, gas and oil Credit institutions and stock exchanges Transport air, maritime, rail Healthcare Internet enablers Public administrations

6 Proposal for a Directive on Network and Information Security (NIS) Article 114 TFEU What should every CISO know? Article 14 Security requirements and incident notification Article 15 Implementation and enforcement Article 16 Standardisation

7 Article 14 Security requirements and incident notification Paragraph 1 Member States shall ensure that public administrations and market operators take appropriate technical and organisational measures to manage the risks posed to the security of the networks and information systems which they control and use in their operations. Having regard to the state of the art, these measures shall guarantee a level of security appropriate to the risk presented. In particular, measures shall be taken to prevent and minimise the impact of incidents affecting their network and information system on the core services they provide and thus ensure the continuity of the services underpinned by those networks and information systems.

8 Article 14 Security requirements and incident notification Paragraph 3 Member States shall ensure that public administrations and market operators notify to the competent authority incidents having a significant impact on the security of the core services they provide. Paragraph 4 The requirements under paragraphs 1 and 2 apply to all market operators providing services within the European Union.

9 Article 14 Security requirements and incident notification Paragraph 4 The competent authority may inform the public, or require the public administrations and market operators to do so, where it determines that disclosure of the incident is in the public interest. Once a year, the competent authority shall submit a summary report to the cooperation network on the notifications received and the action taken in accordance with this paragraph.

10 Article 15 Implementation and Enforcement Paragraph 1 Member States shall ensure that the competent authorities have all the powers necessary to investigate cases of noncompliance of public administrations or market operators with their obligations under Article 14 (1) and the effects thereof on the security of networks and information systems.

11 Article 15 Implementation and Enforcement Paragraph 2 Member States shall ensure that the competent authorities have the power to require market operators and public administrations to: a) provide information needed to assess the security of their networks and information systems, including documented security policies; b) undergo a security audit carried out by a qualified independent body or national authority and make the results thereof available to the competent authority

12 Article 15 Implementation and Enforcement Paragraph 3 Member States shall ensure that competent authorities have the power to issue binding instructions to market operators and public administrations. Paragraph 4 The competent authorities shall notify incidents of a suspected serious criminal nature to law enforcement authorities. Paragraph 5 The competent authorities shall work in close cooperation with personal data protection authorities when addressing incidents resulting in personal data breaches.

13 Article 16 Standardisation Paragraph 1 To ensure convergent implementation of Article 14(1), Member States shall encourage the use of standards and/or specifications relevant to networks and information security. Paragraph 2 The Commission shall draw up, by means of implementing acts a list of the standards referred to in paragraph 1. The list shall be published in the Official Journal of the European Union.

14 Proposal for NIS Directive State of play, legislative process 1/2 Council European Council Oct 2013: NIS essential for completion of Digital Single Market by 2015 Progress Report was adopted at Telecom Council December 5, 2013; Telecom Council June 6, 2014 European Parliament Lead committee IMCO (ITRE and LIBE associated) voted on draft legislative resolution in January 2014 Plenary vote took place in March 2014

15 Proposal for NIS Directive State of play, legislative process 2/2 On-going trilogues between Council, EP, Commission (Operational) Cooperation between Member States Scope (internet enablers) Goal: political agreement by end 2015 Goal: adoption Q (under NL presidency)

16 Proposal for a Directive on Network and Information Security (NIS) Article 114 TFEU What should every CISO really know? What happens next? New standards? What else is going on?

17 Proposal for a Directive on Network and Information Security (NIS) What happens next?

18 Proposal for a Directive on Network and Information Security (NIS) Standards

19 Proposal for a Directive on Network and Information Security (NIS) What else is going on? DG FISMA: European Financial Stability and Integration Review, April SWD(2015) 98 final Prepared by the Directorate-General for Financial Stability, Financial Services, and Capital Markets Union (DG FISMA) Chapter 6. Special Focus on Cyber Security Risks in the Financial Sector ENISA: Network and Information Security in the Finance Sector, December 2014 Regulatory landscape and Industry priorities Other: Responsible Disclosure, "cyber" stress-tests,

20 Proposal for a Directive on Network and Information Security (NIS) What do I gain? Business Environment: Improved national and EU-wide awareness and preparedness for cyber security threats. Government: improved government/regulatory institutional support. Supply chain: Better cyber security risk management across supply chain. Harmonization

21 Questions? Draft H2020 SC7 Digital Security : raft-work-programmes

ENISA s Position on the NIS Directive

ENISA s Position on the NIS Directive ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides

More information

Directive on Security of Network and Information Systems

Directive on Security of Network and Information Systems European Commission - Fact Sheet Directive on Security of Network and Information Systems Brussels, 6 July 2016 Questions and Answers The European Parliament's plenary adopted today the Directive on Security

More information

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD) COUNCIL OF THE EUROPEAN UNION Brussels, 24 May 2013 Interinstitutional File: 2013/0027 (COD) 9745/13 TELECOM 125 DATAPROTECT 64 CYBER 10 MI 419 CODEC 1130 NOTE from: Presidency to: Delegations No. Cion

More information

Directive on security of network and information systems (NIS): State of Play

Directive on security of network and information systems (NIS): State of Play Directive on security of network and information systems (NIS): State of Play Svetlana Schuster Unit H1 Cybersecurity and Digital Privacy DG Communications Networks, Content and Technology, European Commission

More information

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud Cybersecurity Policy in the EU: The Network and Information Security Directive - Security for the data in the cloud Microsoft Commitment to Cybersecurity Security at the heart of our products and services

More information

NIS-Directive and Smart Grids

NIS-Directive and Smart Grids NIS-Directive and Smart Grids Workshop on European Smart Grid Cybersecurity: Emerging Threats and Countermeasures Marie Holzleitner Table of Content Aims & Objectives Affected Parties Selected Requirements

More information

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018 The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018 European Union Agency for Network and Information Security Outline 1. Cybersecurity

More information

Network and Information Security Directive

Network and Information Security Directive Network and Information Security Directive Provisions + ENISA s activities Dr Evangelos Ouzounis Head of Secure Infrastructure and Services Unit, ENISA European Union Agency for Network and Information

More information

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER COUNCIL OF THE EUROPEAN UNION Brussels, 19 May 2011 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66 NOTE From : COREPER To: COUNCIL No Cion. prop.: 8548/11 TELECOM 40 DATAPROTECT 27 JAI 213 PROCIV38

More information

Cybersecurity & Digital Privacy in the Energy sector

Cybersecurity & Digital Privacy in the Energy sector ENERGY INFO DAYS Brussels, 25 October 2017 Cybersecurity & Digital Privacy in the Energy sector CNECT.H1 Cybersecurity & Digital Privacy, DG CNECT ENER.B3 - Retail markets; coal & oil, DG ENER European

More information

European Union Agency for Network and Information Security

European Union Agency for Network and Information Security Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency

More information

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3 Information sharing in the EU policy on NIS & CIIP Andrea Servida European Commission DG INFSO-A3 Andrea.Servida@ec.europa.eu COM(2006) 251 - Towards a secure Information Society DIALOGUE structured and

More information

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document EUROPEAN COMMISSION Strasbourg, 7.2.2013 SWD(2013) 31 final COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT Accompanying the document Proposal for a Directive of the European

More information

Cybersecurity Strategy of the Republic of Cyprus

Cybersecurity Strategy of the Republic of Cyprus Cybersecurity Strategy of the Republic of Cyprus George Michaelides Commissioner of Electronic Communications and Postal Regulation http://www.ocecpr.org.cy 12 th February 2016 Cybersecurity Strategy of

More information

CEF Telecom Calls: CEF-TC : Cyber Security TZAFALIAS ARISTOTELIS POLICY OFFICER DG CONNECT

CEF Telecom Calls: CEF-TC : Cyber Security TZAFALIAS ARISTOTELIS POLICY OFFICER DG CONNECT 2017-2 CEF Telecom Calls: CEF-TC-2017-2: Cyber Security TZAFALIAS ARISTOTELIS POLICY OFFICER DG CONNECT CEF-TC-2017-2: Cyber Security Funding under this call will allow the Member States to limit the economic

More information

International Legal Regulation of Cybersecurity U.S.-German Standards Panel 2018

International Legal Regulation of Cybersecurity U.S.-German Standards Panel 2018 International Legal Regulation of Cybersecurity U.S.-German Standards Panel 2018 Dr. Dennis-Kenji Kipker University of Bremen Washington DC, 10.04.2018 Gefördert vom FKZ: 16KIS0213 bis 16KIS0216 Slide

More information

The Role of the Data Protection Officer

The Role of the Data Protection Officer The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services

More information

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements The GDPR and NIS Directive: Risk-based security measures and incident notification requirements Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 4 May 2017 Introduction Adrian Ross GRC consultant

More information

ENISA EU Threat Landscape

ENISA EU Threat Landscape ENISA EU Threat Landscape 24 th February 2015 Dr Steve Purser ENISA Head of Department European Union Agency for Network and Information Security www.enisa.europa.eu Agenda ENISA Areas of Activity Key

More information

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises EUROPEAN COMMISSION Brussels, 13.9.2017 C(2017) 6100 final COMMISSION RECOMMENDATION of 13.9.2017 on Coordinated Response to Large Scale Cybersecurity Incidents and Crises EN EN COMMISSION RECOMMENDATION

More information

Securing Europe's Information Society

Securing Europe's Information Society Securing Europe's Information Society Dr. Udo Helmbrecht Executive Director European Network and Information Security Agency 16 June 2010 FIRST AGM Miami 16/6/2010 1 Agenda ENISA overview Challenges EU

More information

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016 Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016 Pēteris Zilgalvis, J.D., Head of Unit for Health and Well-Being, DG CONNECT Table of Contents 1. Context

More information

Package of initiatives on Cybersecurity

Package of initiatives on Cybersecurity Package of initiatives on Cybersecurity Presentation to Members of the IMCO Committee Claire Bury Deputy Director-General, DG CONNECT Brussels, 12 October 2017 Building EU Resilience to cyber attacks Creating

More information

Cyber Security in Europe

Cyber Security in Europe Cyber Security in Europe ENISA supporting the National Cyber Security Strategies An evaluation framework Liveri Dimitra Security and Resilience of Communication Networks Officer www.enisa.europa.eu Securing

More information

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2

More information

The NIS Directive and Cybersecurity in

The NIS Directive and Cybersecurity in The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security

More information

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3 The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3 Andrea.Servida@ec.europa.eu What is at stake with CIIs The World Economic Forum

More information

ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 18 May 2018

ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 18 May 2018 EN ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK of 18 May 2018 on the establishment of a framework for the security of network and information systems of general interest (CON/2018/27) Introduction

More information

EU policy on Network and Information Security & Critical Information Infrastructures Protection

EU policy on Network and Information Security & Critical Information Infrastructures Protection EU policy on Network and Information Security & Critical Information Infrastructures Protection Köln, 10 March 2011 Valérie ANDRIANAVALY European Commission Directorate General Information Society and

More information

European Directives and reglements for Information security

European Directives and reglements for Information security Е а а И ац а *** European Directives and reglements for Information security Krassi BOGDANOVA LISO for the Secretariat-General, the Cabinets of Commissioners and the European Political Strategy Centre,

More information

Regulating Cyber: the UK s plans for the NIS Directive

Regulating Cyber: the UK s plans for the NIS Directive Regulating Cyber: the UK s plans for the NIS Directive September 2017 If you are a digital service provider or operate an essential service then new security and breach notification obligations may soon

More information

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity EUROPEAN COMMISSION JOINT RESEARCH CENTRE Information Note JRC activities in the field of Cybersecurity Date: 28 January, 2016 JRC activities in the field of Cybersecurity 1. Societal and political context

More information

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA Executive summary of the public audit report THE CYBER SECURITY ENVIRONMENT IN LITHUANIA 9 December 2015, No. VA-P-90-4-16 Full audit report in Lithuanian is available on the website of the National Audit

More information

ENFORCEMENT POWERS. The EU Perspective. Olivier Proust. Associate Hunton & Williams LLP

ENFORCEMENT POWERS. The EU Perspective. Olivier Proust. Associate Hunton & Williams LLP ENFORCEMENT POWERS The EU Perspective Olivier Proust Associate Hunton & Williams LLP What is enforcement within the EU? Broad sense: Any action leading to better compliance Awareness raising activities

More information

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

A Strategy for a secure Information Society Dialogue, Partnership and empowerment A Strategy for a secure Information Society Dialogue, Partnership and empowerment Gerard.Galler@ec.europa.eu European Commission DG Information Society & Media Unit INFSO/A3: Internet; Network & Information

More information

Committee on Civil Liberties, Justice and Home Affairs

Committee on Civil Liberties, Justice and Home Affairs EUROPEAN PARLIAMT 2009-2014 Committee on Civil Liberties, Justice and Home Affairs 2013/0027(COD) 7.1.2014 AMDMTS 20-147 Draft opinion Carl Schlyter (PE514.755v01-00) on the proposal for a directive of

More information

Discussion on MS contribution to the WP2018

Discussion on MS contribution to the WP2018 Discussion on MS contribution to the WP2018, 30 January 2018 European Union Agency for Network and Information Security Possibilities for MS contribution to the WP2018 Expert Groups ENISA coordinates several

More information

Call for Expressions of Interest

Call for Expressions of Interest Call for Expressions of Interest ENISA M/CEI/17/T01 Experts for assisting in the implementation of the annual ENISA Work Programme TECHNICAL DESCRIPTION CONTENTS TECHNICAL DESCRIPTION... 3 1. INTRODUCTION...

More information

2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS. ENISA Article 19 Team

2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS. ENISA Article 19 Team 2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS ENISA Article 19 Team 23 10 2018 GENERAL MODEL SECURITY SUPERVISION Market operators/providers assess security risks, take appropriate measures, and

More information

NIS Standardisation ENISA view

NIS Standardisation ENISA view NIS Standardisation ENISA view Dr. Steve Purser Brussels, 19 th September 2017 European Union Agency for Network and Information Security Instruments For Improving Cybersecurity Policy makers have a number

More information

Security and resilience in Information Society: the European approach

Security and resilience in Information Society: the European approach Security and resilience in Information Society: the European approach Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Andrea.servida@ec.europa.eu What s s ahead: mobile ubiquitous environments

More information

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus Cybersecurity governance in Europe Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus ska@unipi.gr Elements of a national cybersecurity strategy Set the vision,

More information

Critical Infrastructure Protection & Resilience Europe / Asia. Conference Discussion Reviews

Critical Infrastructure Protection & Resilience Europe / Asia. Conference Discussion Reviews Critical Infrastructure Protection & Resilience Europe / Asia Conference Discussion Reviews Torch Marketing / KNM Media Delivering strategic routes to critical markets Why Critical Infrastructure Protection

More information

Data Processing Agreement

Data Processing Agreement In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal

More information

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know The General Data Protection Regulation (GDPR) The eprivacy Regulation (epr) The Network and Information Security Directive

More information

Creating NIS Compliant Country in a Non-Regulated Environment. Jurica Čular

Creating NIS Compliant Country in a Non-Regulated Environment. Jurica Čular Creating NIS Compliant Country in a Non-Regulated Environment Jurica Čular (jcular@zsis.hr) What NIS actually is? NIS Directive NIS Network Information Security Directive EU Cyber Security Policy Mandatory

More information

ENISA Cooperation in the EU / NIS Directive

ENISA Cooperation in the EU / NIS Directive ENISA Cooperation in the EU / NIS Directive Paulo Empadinhas Head of Administration & Stakeholders Relations IT STAR Milan, Italy 28 th October 2016 European Union Agency for Network and Information Security

More information

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers Data Protection Code of Conduct for Cloud Infrastructure Service Providers 27 JANUARY 2017 Introduction... 3 1 Structure of the Code... 5 2 Purpose... 6 3 Scope... 7 4 Data Protection Requirements... 9

More information

QUESTION / CLARIFICATION

QUESTION / CLARIFICATION QUESTION / CLARIFICATION CO-ORDINATION BETWEEN NOTIFIED BODIES DIRECTIVE 2008/57/EC AND SUBSEQUENT AMENDMENTS ON THE INTEROPERABILITY OF THE RAIL SYSTEM WITHIN THE UNION QC-INF-015 Issue 01 Date: 25/02/2015

More information

A comprehensive approach on personal data protection in the European Union

A comprehensive approach on personal data protection in the European Union A comprehensive approach on personal data protection in the Justice Date 1 Main legal instruments on EU level Data Protection Directive 95/46/EC Directive 2002/58/EC on privacy and electronic communications

More information

6056/17 MK/ec 1 DG D 2B

6056/17 MK/ec 1 DG D 2B Council of the European Union Brussels, 8 February 2017 (OR. en) 6056/17 OUTCOME OF PROCEEDINGS From: On: 20 January 2017 To: Subject: General Secretariat of the Council Horizontal Working Party on Cyber

More information

Valérie Andrianavaly European Commission DG INFSO-A3

Valérie Andrianavaly European Commission DG INFSO-A3 Security and resilience in the Information Society: towards a CIIP policy in the EU Valérie Andrianavaly European Commission DG INFSO-A3 valerie.andrianavaly@ec.europa.eu Network and information security:

More information

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 - NATIONAL CYBER SECURITY STRATEGY - Version 2.0 - CONTENTS SUMMARY... 3 1 INTRODUCTION... 4 2 GENERAL PRINCIPLES AND OBJECTIVES... 5 3 ACTION FRAMEWORK STRATEGIC OBJECTIVES... 6 3.1 Determining the stakeholders

More information

MOTION FOR A RESOLUTION

MOTION FOR A RESOLUTION European Parliament 2014-2019 Plenary sitting B8-0155/2019 6.3.2019 MOTION FOR A RESOLUTION to wind up the debate on the statements by the Council and the Commission pursuant to Rule 123(2) of the Rules

More information

Cyber Security in Europe and CEER s new PEER initiative

Cyber Security in Europe and CEER s new PEER initiative NARUC-CEER International Forum, 27 April 2017, Arlington, Virginia Cyber Security in Europe and CEER s new PEER initiative Lord Mogg, CEER President Outline New EU legislativedevelopments: NIS Directive

More information

Go West! Political, legal and operational aspects of cooperation between Europol and the United States

Go West! Political, legal and operational aspects of cooperation between Europol and the United States Go West! Political, legal and operational aspects of cooperation between Europol and the United States Alexandra De Moor IRCP - Ghent University, Belgium 1 Introduction PhD in Law Europol, quo vadis? Critical

More information

10007/16 MP/mj 1 DG D 2B

10007/16 MP/mj 1 DG D 2B Council of the European Union Brussels, 9 June 2016 (OR. en) 10007/16 OUTCOME OF PROCEEDINGS From: On: 9 June 2016 To: General Secretariat of the Council Delegations No. prev. doc.: 9579/16 + COR 1 Subject:

More information

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 26 September 2008 (30.09) (OR. fr) 13567/08 LIMITE ENFOPOL 170 CRIMORG 150

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 26 September 2008 (30.09) (OR. fr) 13567/08 LIMITE ENFOPOL 170 CRIMORG 150 COUNCIL OF THE EUROPEAN UNION Brussels, 26 September 2008 (30.09) (OR. fr) 13567/08 LIMITE ENFOPOL 170 CRIMORG 150 NOTE from : Presidency to : Working Party on Police Cooperation No. prev. doc.: 11784/08

More information

10025/16 MP/mj 1 DG D 2B

10025/16 MP/mj 1 DG D 2B Council of the European Union Brussels, 9 June 2016 (OR. en) 10025/16 OUTCOME OF PROCEEDINGS From: On: 9 June 2016 To: General Secretariat of the Council Delegations No. prev. doc.: 9579/16 + COR 1 Subject:

More information

Sector Vision for the Future of Reference Standards

Sector Vision for the Future of Reference Standards The Group of Representative Bodies (GRB) The Sector Forum Rail (SFR) Sector Vision for the Future of s Brussels, 13 th July 2018 Sector Vision for Future of s 13 th July 2018 Page 1 of 6 Scope of position

More information

Committee on the Internal Market and Consumer Protection

Committee on the Internal Market and Consumer Protection European Parliament 2014-2019 AMDMTS: 12 Regulation on ISA, the "EU Cybersecurity Agency", and repealing Regulation (EU) s created with Go to http://www.at4am.ep.parl.union.eu \000000.doc United in diversity

More information

Data Processing Clauses

Data Processing Clauses Data Processing Clauses The examples of processing clauses below are proposed pending the adoption of standard contractual clauses within the meaning of Article 28.8 of general data protection regulation.

More information

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy Andrea Glorioso European Commission DG INFSO-A3 Andrea.Glorioso@ec.europa.eu Network and

More information

Breach Notification Form

Breach Notification Form Breach Notification Form Report a breach of personal data to the Data Protection Commission Use this form if you are a Data Controller that wishes to contact us to report a personal data breach that has

More information

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17 GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER EBA/GL/2017/17 12/01/2018 Guidelines on the security measures for operational and security risks of payment services under Directive

More information

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert European Union Agency For Network And Information Security Securing Europe s Information

More information

Cybersecurity. Quality. security LED-Modul. basis. Comments by the electrical industry on the EU Cybersecurity Act. manufacturer s declaration

Cybersecurity. Quality. security LED-Modul. basis. Comments by the electrical industry on the EU Cybersecurity Act. manufacturer s declaration Statement Comments by the electrical industry on the EU Cybersecurity Act manufacturer s declaration industrial security Cybersecurity Quality basis security LED-Modul Statement P January 2018 German Electrical

More information

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive) ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive) July 2013 Executive Summary ETNO supports the European Commission s global approach to cyber-security

More information

13303/17 CB/ek 1 DGE 2B

13303/17 CB/ek 1 DGE 2B Council of the European Union Brussels, 19 October 2017 (OR. en) 13303/17 NOTE From: Permanent Representatives Committee (Part 1) To: Council TELECOM 238 ENER 406 COMPET 675 DATAPROTECT 159 AUDIO 112 CYBER

More information

Data Leak Protection legal framework and managing the challenges of a security breach

Data Leak Protection legal framework and managing the challenges of a security breach Data Leak Protection legal framework and managing the challenges of a security breach ACC Europe's Annual Conference 2009 June 7-9, 2009 Geneva Alexander Duisberg Partner, Bird & Bird LLP About Bird &

More information

Requirements on new data protection regulations and current changing needs from the view of the EDPS

Requirements on new data protection regulations and current changing needs from the view of the EDPS Requirements on new data protection regulations and current changing needs from the view of the EDPS 10/11/2015, Berlin Wojciech Wiewiórowski ISSE 2015. Making Europe a safer place to do business M. Narojek

More information

European Cybersecurity PPP European Cyber Security Organisation - ECSO

European Cybersecurity PPP European Cyber Security Organisation - ECSO European Cybersecurity PPP European Cyber Security Organisation - ECSO Luigi Rebuffi CEO, EOS Secretary General, ECSO European Cyber Security Organisation Objectives of the cppp Gather industrial and public

More information

Shaping the Cyber Security R&D Agenda in Europe, Horizon 2020

Shaping the Cyber Security R&D Agenda in Europe, Horizon 2020 Shaping the Cyber Security R&D Agenda in Europe, Horizon 2020 Aristotelis Tzafalias Trust and Security unit DG Communica4ons Networks, Content and Technology European Commission Shaping the Cyber Security

More information

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT 2018 18-19 APRIL, SKOPJE CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT 2018 At the Trieste Western Balkans Summit, we stressed the importance of the

More information

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Plan a Pragmatic Approach to the new EU Data Privacy Regulation AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General

More information

This Webcast Will Begin Shortly

This Webcast Will Begin Shortly This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via email at: webcast@acc.com Thank You! 1 Cybersecurity Changing Landscape

More information

COMMENTARY. The New EU Cybersecurity Directive: What Impact on Digital Service Providers? Relevant Terms

COMMENTARY. The New EU Cybersecurity Directive: What Impact on Digital Service Providers? Relevant Terms August 2016 COMMENTARY The New EU Cybersecurity Directive: What Impact on Digital Service Providers? On August 8, 2016, the Directive on Security of Network and Information Systems ( NIS Directive ) entered

More information

Harmonisation of Digital Markets in the EaP. Vassilis Kopanas European Commission, DG CONNECT

Harmonisation of Digital Markets in the EaP. Vassilis Kopanas European Commission, DG CONNECT Harmonisation of Digital Markets in the EaP Vassilis Kopanas European Commission, DG CONNECT vassilis.kopanas@ec.europa.eu The cost of non-europe European Parliament Research Study, March 2014 Fully realising

More information

Cybersecurity Package

Cybersecurity Package Cybersecurity Package Highlights of key initiatives Domenico Ferrara Policy officer @ DG CONNECT Brussels, 12 December 2017 1 2013-2017: Evolving threat landscape Proliferation of (poorly secured) IoT

More information

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response CYBER INCIDENT REPORTING GUIDANCE Industry Reporting Arrangements for Incident Response DfT Cyber Security Team CYBER@DFT.GSI.GOV.UK Introduction The Department for Transport (DfT) has produced this cyber

More information

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security UN General Assembly Resolution 68/243 GEORGIA General appreciation of the issues of information security Widely publicized cyber attacks and, to some expert opinions, cyber war - conducted against Georgia

More information

DECISION OF THE EUROPEAN CENTRAL BANK

DECISION OF THE EUROPEAN CENTRAL BANK L 74/30 Official Journal of the European Union 16.3.2013 DECISIONS DECISION OF THE EUROPEAN CENTRAL BANK of 11 January 2013 laying down the framework for a public key infrastructure for the European System

More information

Cyber Security Strategic Level Landscape in Poland. Krzysztof Silicki NASK Institute, Poland ENISA MB, EB

Cyber Security Strategic Level Landscape in Poland. Krzysztof Silicki NASK Institute, Poland ENISA MB, EB Cyber Security Strategic Level Landscape in Poland Krzysztof Silicki NASK Institute, Poland ENISA MB, EB Big picture January 2015 2013 June 2013 CSIRTs in Poland CERT.GOV.PL - Governmental CERT est. 2008

More information

TECHLAW AUSTRALIA. Update on cyber security and data protection. Thursday, 22 June Thursday, 22 June

TECHLAW AUSTRALIA. Update on cyber security and data protection. Thursday, 22 June Thursday, 22 June TECHLAW AUSTRALIA Update on cyber security and data protection Thursday, 22 June 2017 www.dlapiper.com Thursday, 22 June 2017 0 Overview Current threat environment why now? What is required/expected? Scenarios:

More information

SAT for eid [EIRA extension]

SAT for eid [EIRA extension] SAT for eid [EIRA extension] eid Solution Architecture Template (SAT) v1.0.0 ISA² Action 2.1 - European Interoperability Architecture Page 1 of 1 Change control Modification Details Version 1.0.0 Migration

More information

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017 in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017 European Union Agency for Network and Information Security Positioning ENISA activities CAPACITY Hands on activities POLICY Support MS & COM

More information

Data Breach Notification: what EU law means for your information security strategy

Data Breach Notification: what EU law means for your information security strategy Data Breach Notification: what EU law means for your information security strategy Olivier Proust December 8, 2011 Hunton & Williams LLP Key points 1. Introduction 2. Overview of data breach requirements

More information

CNPD Course: Data Protection Basics

CNPD Course: Data Protection Basics CNPD Course: Data Protection Basics Presentation of Luxembourg s data protection authority Esch-sur-Alzette Dani Jeitz 7-8 February 2018 Service juridique Programme 1. Introduction 2. Basic knowledge 3.

More information

Critical Infrastructure Protection in the European Union

Critical Infrastructure Protection in the European Union 20 January, 2015 The European GNSS Programmes 1 ICG9, Prague 9-14 November 2014 Critical Infrastructure Protection in the European Union 20 January, 2015 The European GNSS Programmes 2 Each EU Member State

More information

Resolution: Advancing the National Preparedness for Cyber Security

Resolution: Advancing the National Preparedness for Cyber Security Government Resolution No. 2444 of February 15, 2015 33 rd Government of Israel Benjamin Netanyahu Resolution: Advancing the National Preparedness for Cyber Security It is hereby resolved: Further to Government

More information

National Communications Authority

National Communications Authority National Communications Authority - Press Release The International Workshop on Criminal Justice Statistics on Cybercrime and Electronic Evidence Opens in Accra A three-day International Workshop on Criminal

More information

Achieving Global Cyber Security Through Collaboration

Achieving Global Cyber Security Through Collaboration Achieving Global Cyber Security Through Collaboration Steve Purser Head of Core Operations Department December 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Agenda

More information

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2

More information

Italian government CERT: INITIAL RESULTS

Italian government CERT: INITIAL RESULTS Italian government CERT: INITIAL RESULTS ISCOM Conference on Network and Information Security: Political and Technical Challenges Gianluigi Moxedano GovCERT.it National Center for Informatics in Public

More information

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU Resilience, Deterrence and Defence: Building strong cybersecurity for the EU 1 Building strong cybersecurity for the EU: Resilience, Deterrence and Defence From reactive to pro-active and cross-policy

More information

NEWSFLASH GDPR N 8 - New Data Protection Obligations

NEWSFLASH GDPR N 8 - New Data Protection Obligations GDPR N 8 May 2017 NEWSFLASH GDPR N 8 - New Data Protection Obligations Following the adoption of the new EU General Data Protection Regulation (GDPR) on 27 April 2016, most organisations began to re-examine

More information

European Transport Policy: ITS in action ITS Action Plan Directive 2010/40/EU

European Transport Policy: ITS in action ITS Action Plan Directive 2010/40/EU European Transport Policy: ITS in action ITS Action Plan Directive 2010/40/EU Hermann Meyer, CEO ERTICO IMPACTS, Barcelona, 31 March 2011 This presentation is mainly based on charts which were already

More information

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)] United Nations A/RES/64/211 General Assembly Distr.: General 17 March 2010 Sixty-fourth session Agenda item 55 (c) Resolution adopted by the General Assembly on 21 December 2009 [on the report of the Second

More information

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection

More information

COMMISSION IMPLEMENTING DECISION (EU)

COMMISSION IMPLEMENTING DECISION (EU) L 127/32 18.5.2016 COMMISSION IMPLEMTING DECISION (EU) 2016/770 of 14 April 2016 establishing a common format for the submission of information concerning the operation of the procedures pursuant to Regulation

More information