Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Similar documents
Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Cyber Security in Europe

METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

EU policy on Network and Information Security & Critical Information Infrastructures Protection

ENISA EU Threat Landscape

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

Package of initiatives on Cybersecurity

Cyber Security Beyond 2020

Protecting Critical Information Infrastructure in times of increasing cyber conflict

Security and resilience in Information Society: the European approach

Network and Information Security Directive

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

ENISA s Position on the NIS Directive

Directive on security of network and information systems (NIS): State of Play

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Bradford J. Willke. 19 September 2007

13967/16 MK/mj 1 DG D 2B

Australian Government Cyber-security Activities in the Pacific

Securing Europe's Information Society

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Call for Expressions of Interest

NIS Standardisation ENISA view

Cyber Security in Europe and CEER s new PEER initiative

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

European Union Agency for Network and Information Security

Itu regional workshop

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

Cybersecurity & Digital Privacy in the Energy sector

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Strategic and operational threat analysis at Europol's EC3

PIPELINE SECURITY An Overview of TSA Programs

Discussion on MS contribution to the WP2018

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

About Issues in Building the National Strategy for Cybersecurity in Vietnam

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

ENISA Cooperation in the EU / NIS Directive

Directive on Security of Network and Information Systems

The Network and Information Security Directive - ENISA's contribution

Valérie Andrianavaly European Commission DG INFSO-A3

RFD. for ICERT ( ) RESULTS-FRAMEWORK DOCUMENT. Department of Information Technology. Results-Framework Document (RFD) for CERT-In ( )

Cybersecurity Package

HPH SCC CYBERSECURITY WORKING GROUP

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

RESOLUTION 45 (Rev. Hyderabad, 2010)

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

Cybersecurity Strategy of the Republic of Cyprus

National Cybersecurity preparation to deal with Cyber Attacks

G8 Lyon-Roma Group High Tech Crime Subgroup

Cyber Security Technologies

ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

Centre for cybersecurity Belgium : Role, Missions et future capacities

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 68/243),

10025/16 MP/mj 1 DG D 2B

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Cyber Security Strategy

AAPA Smart Ports. Cyber Management for Ports Panel. Small Port Cyber Security Workshops. March 6, 2018

RESOLUTION 130 (Rev. Antalya, 2006)

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

Position Paper of the ASD Civil Aviation Cybersecurity Taskforce

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

Promoting Global Cybersecurity

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Mozilla position paper on the legislative proposal for an EU Cybersecurity Act

H2020 WP Cybersecurity PPP topics

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Implementation Strategy for Cybersecurity Workshop ITU 2016

Information Technology Branch Organization of Cyber Security Technical Standard

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

The NIS Directive and Cybersecurity in

Member of the County or municipal emergency management organization

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European

Plenipotentiary Conference (PP- 14) Busan, 20 October 7 November 2014

Cyber Security Strategic Level Landscape in Poland. Krzysztof Silicki NASK Institute, Poland ENISA MB, EB

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

Todd Sander Vice President, Research e.republic Inc.

EISAS Enhanced Roadmap 2012

RFC 2350 YOROI-CSDC. Expectations for Computer Security Incident Response. Date 2018/03/26. Version 1.0

ENISA S WORK ON ICS AND SMART GRID SECURITY

Resolution: Advancing the National Preparedness for Cyber Security

WHO-ITU National ehealth Strategy Toolkit

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

Provisional Translation

Transcription:

Cybersecurity governance in Europe Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus ska@unipi.gr

Elements of a national cybersecurity strategy Set the vision, scope, objectives and priorities Follow a national risk assessment approach Take stock of existing policies, regulations and capabilities Develop a clear governance structure Identify and engage stakeholders Establish trusted informationsharing mechanisms Develop national cyber contingency plans Organise cyber security exercises Establish baseline security requirements Establish incident reporting mechanisms User awareness Foster R&D Strengthen training and educational programmes Establish an incident response capability Address cyber crime Engage in international cooperation Establish a public private partnership Balance security with privacy ENISA, National Cyber Security Strategies, December 2012

Elements of a governance structure A governance framework defines the roles, responsibilities and accountability of all relevant stakeholders. It provides a framework for dialogue and coordination of various activities undertaken in the lifecycle of the strategy. A public body or an interagency/interministerial working group should be defined as the coordinator of the strategy. This will be the entity that has the overall responsibility for the strategy lifecycle and the strategy documentation itself. The structure of the coordinating entity, its exact responsibilities and its relationships with the other stakeholders should be clearly defined.

Define Who has ultimate responsibility for managing and evaluating the strategy (cyber security coordinator) The management structure (i.e. the advisory body advising the coordinator) The mandate and tasks of this body The mandate and tasks of the entities responsible for initiating and developing cyber-security policy and regulation The mandate and tasks of the entities responsible for collecting threats and vulnerabilities, responding to cyber attacks, strengthening crisis management and others The role of existing,, national cyber security and incident response teams (CERT) in both public and private sectors.

EU MS good practices Ultimate responsibility lies with the national CIO/CISO, who is appointed by the Prime Minister/President National cyber security council with membership from both the public and the private sectors. National Cyber Security Council manages the national risk management, assesses and prioritises emerging threats, responds to critical situations, manages the progress of the strategy, engages relevant stakeholders, fosters international cooperation National Cyber Security Center CERTs Marios Apostolou, Comparative analysis of the state of cybersecurity among EU member states, MSc thesis, Systems Security Laboratory, Dept. of Digital Systems, University of Piraeus, March 2014

The case of Greece present situation No strategy (among 11 EU MS) commitment to define one by 29.07.2014 Legal framework exists Plethora of organizations and competent authorities overlaps Lack of coordination hence gaps

The case of Greece -proposals Imperative to define national strategy. Follow hierarchical German model (National security strategy national CIP strategy national Cyber Security strategy) Content: follow the Dutch model: Define context, define goals, define philosophy but also set responsibilities and timelines. Define governance structure. Follow the Austrian model. Establish national Cyber Security center. Follow UK and German model (part of CIP body) National CERT cannot be the intelligence services, as this inter alia- impedes participation of private sector. Transform current national CERT to government CERT and upgrade significantly.

Make sure to consider Need to balance security with privacy Need to involve ALL stakeholders Need for international cooperation Need to ensure democratic governance and oversight management Time is against us

Need to consider and decide upon Single point of management ultimate responsibility for ICT and Cyber Security Composition of National Cyber Security Council. Mix of representation of stakeholders military, intelligence services, law enforcement, private sector. Setting up National Cyber Security Center Upgrading national CERT and establish additional CERTs (e.g. for private sector)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback