EU policy on Network and Information Security & Critical Information Infrastructures Protection

Similar documents
The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Valérie Andrianavaly European Commission DG INFSO-A3

Securing Europe's Information Society

ENISA EU Threat Landscape

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Security and resilience in Information Society: the European approach

Cybersecurity & Digital Privacy in the Energy sector

EISAS Enhanced Roadmap 2012

ENISA s Position on the NIS Directive

Cyber Security in Europe

Package of initiatives on Cybersecurity

European Union Agency for Network and Information Security

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

13967/16 MK/mj 1 DG D 2B

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

Directive on security of network and information systems (NIS): State of Play

European Directives and reglements for Information security

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

The NIS Directive and Cybersecurity in

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

IT EC. Challenges & Experiences. Francisco García Morán. Director General DG Informatics European Commission

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

Call for Expressions of Interest

Commonwealth Cyber Declaration

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Cyber Security in Europe and CEER s new PEER initiative

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

Cybersecurity Strategy of the Republic of Cyprus

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Cybersecurity Package

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

RESOLUTION 130 (REV. BUSAN, 2014)

ENISA Cooperation in the EU / NIS Directive

Directive on Security of Network and Information Systems

Bradford J. Willke. 19 September 2007

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

NIS Standardisation ENISA view

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Cyber Security Beyond 2020

ENISA today and in the future

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Between 1981 and 1983, I worked as a research assistant and for the following two years, I ran a Software Development Department.

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

Horizon 2020 Security

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Discussion on MS contribution to the WP2018

Network and Information Security Directive

IT Security in the European Digital Agenda

RESOLUTION 45 (Rev. Hyderabad, 2010)

Achieving Global Cyber Security Through Collaboration

H2020 WP Cybersecurity PPP topics

Security Aspects of Trust Services Providers

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

The Network and Information Security Directive - ENISA's contribution

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Towards a European Cloud Computing Strategy

ENISA S WORK ON ICS AND SMART GRID SECURITY

Promoting Global Cybersecurity

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

Position Paper of the ASD Civil Aviation Cybersecurity Taskforce

Securing Europe s IoT Devices and Services

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

Summary. Strategy at EU Level: Digital Agenda for Europe (DAE) What; Why; How ehealth and Digital Agenda. What s next. Key actions

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

GENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION

National Policy and Guiding Principles

Systemic Analyser in Network Threats

Draft ENISA Work programme 2017 STATUS: DRAFT VERSION: JANUARY, European Union Agency For Network And Information Security

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Protecting Critical Information Infrastructure in times of increasing cyber conflict

From Hyogo to Sendai. Anoja Seneviratne Disaster Management Centre

The commission communication "towards a general policy on the fight against cyber crime"

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Cyber security: a building block of the Digital Single Market

Cybersecurity for ALL

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

21ST OSCE ECONOMIC AND ENVIRONMENTAL FORUM

10025/16 MP/mj 1 DG D 2B

Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

Enhancing the cyber security &

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

MOTION FOR A RESOLUTION

GLOBAL AGENDA FOR CYBER CAPACITY BUILDING

Transcription:

EU policy on Network and Information Security & Critical Information Infrastructures Protection Köln, 10 March 2011 Valérie ANDRIANAVALY European Commission Directorate General Information Society and Media - DG INFSO Unit A3 Internet Governance; Network and Information Security valerie.andrianavaly@ec.europa.eu

EU Policy on NIS and CIIP Agenda 1. Digital Agenda for Europe 2. CIIP Action Plan 3. The European Public-Private Private Partnership for Resilience EP3R

A Digital Agenda for Europe - COM(2010)245 The Seven Priority areas for action - Every European Digital N. Kroes May 2010 1. Creating a Digital Single Market 2. Improving the framework conditions for interoperability between ICT products and services 3. Boosting Internet trust and security 4. Guaranteeing the provision of much faster internet access 5. Encouraging investment in research and development 6. Enhancing digital literacy, skills and inclusion 7. Applying ICT to address social challenges such as climate change, rising healthcare costs and the ageing population.

Three angles for actions on NIS Policy PREVENT PROSECUTE NETWORK & INFO SECURITY Hacking CYBERCRIME & TERRORISM ID theft Intrusion Data retention PROTECT PRIVACY AND DATA PROTECTION

Overview of Pillar 3 Trust and Security KA 6 (28) Cybersecurity preparedness Cybercrime Safety and privacy of online content and services 1 ENISA Regulation for mandate and duration 32 Cooperation on cybersecurity 31 Create European Cybercrime center 40 Harmful content hotlines and awareness campaigns 2 ToolBox ENISA EFMS. EP3R.. Observer in Cyberstorm. EPCIP.. CIIP Conference 33 EU cybersecurity preparedness 39 MS Simulation exercises as of 2010 30 EU platform by 2012 41 National alert platforms by 2012 36 Support for reporting of illegal content 37 Dialogue and selfregulation minors 3 EU institutions CERT Expert Group 38 Network of CERTs by 2012 KA 7 (29) Measures on cyberattacks 35 Implementation of privacy and personal data protection INFSO CdF HOME CdF Others COM CdF Commission action Member States action KA 6 (28) NIS Policy 34 Explore extension of personal data breach notification

Most recent policy developments 30 September 2010: Adoption by the Commission of two complementary proposals: Proposal for a Regulation concerning ENISA (COM(2010)521) Proposal for a Directive on attacks against information systems and repealing Council Framework Decision 2005/222/JHA - COM(2010)517 20 November 2010: Establishment of the EU-U.S. Working Group on Cybersecurity and Cybercrime EU-U.S. Summit Lisbon 22 November 2010: Adoption of EU Internal Security Strategy Forthcoming: Policy statement on CIIP achievements and next steps

The proposal to modernise ENISA COM(2010) 521 final 30 September 2010: Adoption by the Commission of its proposal for a Regulation concerning ENISA Main objectives of the proposal: To reinforce and modernise the mandate of ENISA To extend it with five years Option 3 is the preferred policy option among the five options considered in the impact assessment => Expansion of functions currently defined for ENISA and adding law enforcement and privacy protection agencies as fully fledged stakeholders Proposal based on Art. 114 TFUE

The proposal to modernise ENISA COM(2010) 521 final Role of the Agency ENISA has two main roles Give support, advice and expertise to the EU institutions and the Member States on all relevant aspects of the NIS policy Facilitate the exchange of best practices and the cooperation between the actors of the sector (EU institutions, Member States, public bodies, private actors) in addressing NIS issues Proposed tasks attributed to ENISA will help the Agency fulfilling its role

Cybercrime Proposal for Directive on attacks against IS (29) (41) National alert platforms set-up or adapted (41) National/ European platforms interlinked Sept.2010 Jan.2011 Jan.2012 Directive on attacks against IS adopted (29) Most MS platforms integrated in Europol platform (30) Development of European cybercrime platform (Europol) (31) Exploratory work on Cybercrime Centre (29) Discussions on draft Directive on attacks against Information Systems Main responsibilities: HOME, Europol

The EU Internal Security Strategy in Action: Five steps towards a more secure Europe COM(2010) 673 22 November 2010 Objective 3: Raise levels of security for citizens and businesses in cyberspace Action 2 - Work with industry to empower and protect citizens: Cooperation bw public and private sector must be strengthened on a European level through EP3R EP3R should also engage with international partners to strengthen the global risk management of IT networks Action 3 - Improve capability for dealing with cyber attacks: Every MS, and the EU institutions should have a wellfunctioning CERT by 2012 MS should network together their nat/gov CERTs by 2012 Develop, with the support of EC and ENISA, EISAS, by 2013 MS to develop national contingency plans MS to undertake regular national and European exercises

EU Policy on NIS and CIIP Agenda 1. Digital Agenda for Europe 2. CIIP Action Plan 3. The European Public-Private Private Partnership for Resilience EP3R

Communication on CIIP - COM(2009)149 Objectives and scope High level objectives Protect Europe from large scale cyber attacks and disruptions Promote security and resilience culture (first line of defence) & strategy Tackle cyber attacks & disruptions from a systemic perspective Means Enhance the CIIP preparedness and response capability in EU Promote the adoption of adequate and consistent levels of preventive, detection, emergency and recovery measures Foster International cooperation, in particular on Internet stability and resilience Approach Build on national and private sector initiatives Engage public and private sectors Adopt an all-hazards approach Be multilateral, open and all inclusive

Communication on CIIP COM(2009)149 Five specific objectives 1. Foster cooperation and exchange between MS 2. Develop a European public-private partnership 3. Enhance incident response capability 4. Promote the organisation of national and European exercises 5. Reinforce international cooperation

CIIP Policy - COM(2009)149 The Five Pillars of the CIIP Action Plan 1. Preparedness and prevention European Forum for MS to share information & policy practices - EFMS European Public Private Partnership for Resilience EP3R Baseline of capabilities and services for National/Governmental CERTs 2. Detection and response Development of a European Information Sharing and Alert System EISAS dedicated to EU citizens and SMEs 3. Mitigation and recovery National contingency planning and exercises Pan-European exercises on large-scale network security incidents Reinforced cooperation between National/Governmental CERTs 4. International Cooperation Define European priorities, principles and guidelines for the long term resilience and stability of the Internet Promote the principles and guidelines at global level Global cooperation on exercises on large-scale Internet incidents 5. Definition of criteria for the identification of European Critical Infrastructures in the ICT sector

The CIIP Action plan State of Play of the Implementation EFMS: European principles for the long term resilience and stability of the Internet Criteria to identify ECIs in ICT sector Long term strategy on pan-european exercises EP3R Objectives, principles, structure and 3 WGs in Nov 2010: 1. Key assets/ resources/ functions for e-communications 2. Baseline requirements for security and resilience 3. Cooperation to prevent and respond to large scale disruptions 1st Pan-European exercises on large-scale network security incidents organised on 4 th of November 2010 Cooperation between National/Governmental CERTs Baseline of capabilities and services - ENISA Dec 2010 EISAS: Prototyping projects FISHA and NEISAS -> Q1 2011 International Cooperation EU-U.S. Working Group & G8

EU Policy on NIS and CIIP Agenda 1. Digital Agenda for Europe 2. CIIP Action Plan 3. The European Public-Private Private Partnership for Resilience EP3R

European Public-Private Private Partnership for Resilience EP3R Objectives and scope Objectives: Information sharing and stock taking of good policy and industrial practices Foster a common understanding on the economic and market dimensions of security and resilience Discuss public policy priorities, objectives and measures to improve the coherence and coordination of policies for security and resilience in Europe. Identify and promote the adoption of good baseline practices and coordinated risk assessment approaches. Scope: Focuses on prevention and preparedness With European dimension and in view of global outreach

European Public Private Partnership for Resilience (EP3R) Key principles Complementarity: EP3R should build upon and complement existing national initiatives, benefit from ENISA s work and fully respect national responsibility, without duplicating efforts. Trust: EP3R should provide the structure, processes and environment for "trusted collaboration", including the protection of sensitive information. Value: set emphasis on bi-directional exchanges between public and private participants. EP3R should aim to deliver concrete results. Competition: Activities have to ensure that market mechanisms will not be distorted and no elements or perception of cartel behaviour would emerge. On the other hand, participation of competitors in EP3R should not hinder the exchange of information and good practices. Openness: EP3R should be open to all stakeholders which bear a part of the shared responsibility for resilience of CIIs. Flexibility: EP3R should be capable to consider and adapt to evolving challenges and policy developments.

EP3R Working Groups Areas of action WG 1: Key assets/ resources/ functions for the continuous and secure provisioning of electronic communications across countries WG 2: Baseline requirements for security and resilience of electronic communications WG 3: Coordination and cooperation needs and mechanisms to prevent and respond to large scale disruptions affecting electronic communications Foster cooperation between relevant publicprivate partners towards the development of European collaboration to fight botnets.

EU Policy on NIS and CIIP Thanks!

Web Sites A Digital Agenda for Europe http://ec.europa.eu/information_society/digitalagenda/index_en.htm Commission to boost Europe's defences against cyberattacks http://ec.europa.eu/information_society/newsroom/cf/it emlongdetail.cfm?item_id=6190 EU policy on promoting a secure Information Society http://ec.europa.eu/information_society/policy/nis/index _en.htm EU policy on Critical Information Infrastructure Protection CIIP http://ec.europa.eu/information_society/policy/nis/strat egy/activities/ciip/index_en.htm The reformed Telecom Regulatory Framework - November 2009 http://ec.europa.eu/information_society/policy/ecomm/t omorrow/index_en.htm

Links to policy documents Digital Agenda for Europe - COM(2010)245 of 19 May 2010 http://eurlex.europa.eu/lexuriserv/lexuriserv.do?uri=com:2010:0 245:FIN:EN:PDF Proposal on ENISA - COM(2010)521 of 30 September 2010 http://eurlex.europa.eu/lexuriserv/lexuriserv.do?uri=com:2010:0 521:FIN:EN:PDF Proposal for a Directive on attacks against information systems and repealing Council Framework Decision 2005/222/JHA - COM(2010)517 of 30 September 2010 http://eurlex.europa.eu/lexuriserv/lexuriserv.do?uri=com:2010:0 517:FIN:EN:PDF The EU Internal Security Strategy in Action - COM(2010)673 of 22 November 2010 http://ec.europa.eu/commission_2010-2014/malmstrom/archive/internal_security_strategy_in_ action_en.pdf

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback