ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

Transcription

1

2 Cybersecurity is a EU strategic priority DG CONNECT* > The Digital Single Market strategy aims to open up digital opportunities for people and business and enhance Europe's position as a world leader in the digital economy DG Growth** > industrial policy > digital transformation On 13 September 2017 the Commission adopted a cybersecurity package. The package builds upon existing instruments and presents new initiatives to further improve EU cyber resilience and response. *Directorate-General for Communications Networks, Content and Technology **Directorate-General for Internal Market, Industry, Entrepreneurship and SMEs

3 Cybersecurity and transports in the EU Extract from the MOTION FOR A EUROPEAN PARLIAMENT RESOLUTION on a European strategy on Cooperative Intelligent Transport Systems : 2 points on cybersecurity : 13. Points to the importance of high standards of security in preventing hacking and cyber-attacks, particularly in light of the critical nature of security of C-ITS communications; notes that cybersecurity is an essential challenge to be tackled as the transport system becomes more digitised and connected; urges the need to avoid any vulnerability or risk if a vehicle is hacked or subjected to a cyber-attack by means of the development of a common security and certificate policy for C-ITS deployment; 14. Underlines that equally high standards of security should be applied in all Member States and in any possible cooperation arrangements with third countries;

4 Cybersecurity is a global concern for many sectors Cybersecurity is a cross-cutting topic by nature. Any data processing is potentially affected. Initially supported by IT actors (IT security targeted at CISOs) progressively spilled over and covered all areas applications due to the increasing digitization of the industry and services : o Health, o Energy (smart grids,..), o Transportation o Smart cities, o Communication,... Proposal : we need to prepare together recommendations for ground transportation.

5 Existing initiatives on cybersecurity European level : Three ESOs (European standardization organization) are in charge of the CEN, CENELEC and ETSI standardization. They operate on mandate of the European Commission. o Example M530 mandate on privacy by design entrusted to JWG 8 of CEN / CENELEC with the support of ETSI o or CEN TC 391 "societal security and citizen protection o ETSI's Cybersecurity TC topics covered: the post quantum computing, security insurance by default, structured information sharing,... A light coordination structure the focus CSCG cyber Security Coordination group under CEN / CENELEC trusteeship with the participation of the DGs Connect and Grow as well as ENISA (European Security Agency).

6 ENISA activities

7 European cybersecurity act About this initiative : Proposal concerning all sectors Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on ENISA, the "EU Cybersecurity Agency", and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (''Cybersecurity Act'') Directorate-General for Communications Networks, Content and Technology Objectives : Creation & governance of a new certification scheme at EU level Enforcement of the new certification schemes at national level Introduction of new certification schemes for the industry

8 Existing initiatives on cybersecurity French level :

9 FIEEC-ZVEI proposals to the ECA A need for coordination at the European Level : Recognition of different players: (Platforms, Actors, ESOs*, Regulation) Better consistency (NIS, eids, GDPR, eprivacy) Coordinated action on standardization, certification and trust building CSPN light-weight label as European blueprint Promoting - the concept of industrial security and security-by-design - the role of SMEs the concept of information sharing tools across the EU - the international dimension of cybersecurity (global chain of trust ) - the need for more digital self-responsibility and liability in consumer markets Coordinate action on cloud assessement / certification at EU level ERNCIP** for certification schemes as an acceptable blueprint *ESO : European Security Organisation **ERNCIP : European Reference Network for Critical Infrastructure Protection

10 Normalisation is a key of global competitiveness Define mechanisms, protocols, processes, methods,... recognized largely at national, European or international level. Promote interoperability Protect intellectual property Avoid duplication of effort Leverage a broad and recognized network of experts A strategic issue: the qualification of products and services ISO/IEC :2009 gives guidelines for the application of security targets (ST) and provides a description of the organization of components throughout the model. General information about the evaluation methodology is given in ISO/IEC and the scope of evaluation scheme is provided.

11 Creation of a ERCI task force on cybersecurity Proposal : creation of a European task force on railway cybersecurity to help our members (especially SME with the help of universities and academia), to anticipate, innovate and develop new solutions based on European standards and national complementarities. Interested clusters : o i-trans - FR o Rail Alliance - UK o Ditecfer - IT o Railgrup - ES o CNA - DE o Berlin Partner - DE o BTS - DE o Inno-Pro DK Kick-off meeting : February 2018 in Brussels or Paris

12 Creation of a ERCI task force on cybersecurity TO SECURE EuropeanTRANSPORTATION Who s in?

13