Cyber security: a building block of the Digital Single Market

Transcription

1 Cyber security: a building block of the Digital Single Market Dr. Andreas Mitrakas Workshop Building blocks of the Ubiquitous Digital Single Market, European Parliament, 13/11/2014 European Union Agency for Network and Information Security

2 An overview of the activities of ENISA Recommendations Mobilising Communities Policy Implementation Hands on European Union Agency for Network and Information Security 2

3 Network and information security: policy & Law EU Digital Agenda COM(2010)245 EU Cyber Security Strategy JOIN(2013)1 Regulation (EU) No 910/2014 of the European Parliament and of the Council of23 July 2014 on Electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC Proposal for a Network & Information Security Directive - COM(2013)48 Proposal for a reform of the data protection Regulation COM(2012)11 Proposal for an EU Connected Continent Regulation - COM(2013) 627 European Union Agency for Network and Information Security 3

4 EU cyber security strategy Dimitris Avramopoulos, Migration and Home Affairs Federica Mogherini, High Representative of the Union for Foreign Affairs & Security Policy, Commission VP Günther Oettinger, Digital Economy & Society Andrus Ansip Digital Single Market, Commission VP Strategy is joint communication by DG CNECT, DG HOME, EEAS Strategy contains different actions (under way) and a proposal for an EU directive on network and information security (NIS) European Union Agency for Network and Information Security 4

5 Key cyber security actors in the EU ENISA Europol, EC3 EDA EDPS European Commission Various policy initiatives, EU-CERT The European Parliament European Union Agency for Network and Information Security 5

6 Evolution of threat landscape Threat landscape timeline Phishing 1. Drive-by-exploits 2. Worms /Trojans 3. Code Injection 4. Exploit Kits 5. Botnets Targeted attacks (e.g. Stuxnet) Spying Future trend: Threats going... Mobile, Cloud, Wireless Stable Computer virus 1995 Time European Union Agency for Network and Information Security 6

7 Threat landscape trends European Union Agency for Network and Information Security 7

8 Sampling network alerts (*) (*) Source: Ref. period 1/01/13-31/12/13 European Union Agency for Network and Information Security 8

9 Ranking by malicious activity European Union Agency for Network and Information Security 9

10 What can cyber security do for DSM? Cyber security transcends: fundamental liberties, civil rights, transactions and compliance In the EU, a balanced approach prevails, seeking to invoke: An agenda driven by fundamental liberties and civil rights Cooperation among key actors (Institutions, Bodies, MS) Cooperation among state and non-state actors (PPP) Cooperation at various levels to counter threats Pro-activity towards developments at the international level European Union Agency for Network and Information Security 10

11 Adjusting focus in industrial policy The EU could adjust its industrial policy to strengthen a competitive, EU based ICT industry: Pro-actively promote cooperation of EU SMEs to join forces when tendering in global or in third country markets Leverage on public procurement to foster EU based ICT industry by e.g. enforcing European standards Further strengthen the leading EU position in areas like business software, smart cards, cryptography, telecoms equipment European Union Agency for Network and Information Security 11

12 Reclaiming a role for the EU at a global scale Demand and control Shift value chain from a model based on building and pushing to a pulled by demand driven one Promulgate industry based standards, based on EU-centric requirements to drive demand Industry lead by defining own needs in standards Seek balancing risk-based opportunities with risk mitigation measures Focus on opportunities in global/third country markets Explore and promote security measures tailored to the needs of SMEs Ease the grip of solutions tailored to a bigger size European Union Agency for Network and Information Security 12

13 Support measures to foster DSM Shorten the time from legislation to implementation Leverage on R&D funding and the role of research to accelerate the uptake of EU-centric approaches Leverage on the Cyber Security Coordination Group to coordinate the promulgation of standards Reserve a clear role for awareness raising at the MS and EU levels with a view to fostering a culture of cyber security European Union Agency for Network and Information Security 13

14 Reflexions on policy and Law Rules on data storage Store within a single jurisdiction? Rules on breach notifications Notifications of all breaches to all beneficiaries? Data access Serving subpoenas in a third country jurisdiction? Should subpoenas remain secret? What is the impact of the potential infringement of fundamental rights? European Union Agency for Network and Information Security 14

15 In lieu of conclusions Cyber security cuts across the fabric of EU values, rights and requirements Cyber security has a clear role to play in the DSM There are good prospects for cyber security in the EU if it is given a central role A shift in focus driven by policy and supported by industry can lead to better results Further coordination within the EU can lead to better results Further cooperation at the international level is needed to ease up the enforcement of the protection of rights European Union Agency for Network and Information Security 15

16 Thank you For more information visit: Follow ENISA: European Union Agency for Network and Information Security