The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

Similar documents
The Network and Information Security Directive - ENISA's contribution

The NIS Directive and Cybersecurity in

Discussion on MS contribution to the WP2018

NIS Directive development The Incident Notification Framework

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

Network and Information Security Directive

ENISA Cooperation in the EU / NIS Directive

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

Securing Europe s IoT Devices and Services

NIS Standardisation ENISA view

Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

IoT and Smart Infrastructure efforts in ENISA

Cyber Security Beyond 2020

Directive on Security of Network and Information Systems

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

Directive on security of network and information systems (NIS): State of Play

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

ENISA s Position on the NIS Directive

Technical guidelines implementing eidas

Security frameworks for Gov Clouds: A Technical Analysis

Security Aspects of Trust Services Providers

European Union Agency for Network and Information Security

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

Securing Europe's Information Society

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS. ENISA Article 19 Team

Call for Expressions of Interest

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

Regulating Cyber: the UK s plans for the NIS Directive

Cyber Security in Europe

ENISA EU Threat Landscape

The Digitalisation of Finance

Package of initiatives on Cybersecurity

Cybersecurity Strategy of the Republic of Cyprus

Enhancing the cyber security &

NIS-Directive and Smart Grids

Cybersecurity & Digital Privacy in the Energy sector

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

ENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June

Creating NIS Compliant Country in a Non-Regulated Environment. Jurica Čular

Valérie Andrianavaly European Commission DG INFSO-A3

Critical Infrastructure Protection in the European Union

Legislative Framework

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

CSIRT capacity building Andrea Dufkova CSIRT-relations, COD1 NLO meeting Athens June 8. European Union Agency for Network and Information Security

EISAS Enhanced Roadmap 2012

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Οnline privacy tools for the general public. European Union Agency for Network and Information Security 1

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

Cyber Security. Activities of an national insurance association based on the example of VVO

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Cyber Security in Europe and CEER s new PEER initiative

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

Cyber Security Strategic Level Landscape in Poland. Krzysztof Silicki NASK Institute, Poland ENISA MB, EB

Security and resilience in Information Society: the European approach

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

European Union Agency for Network and Information Security

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

1.What are critical infrastructures in Switzerland? CIP concept in Switzerland

Achieving Global Cyber Security Through Collaboration

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

International Legal Regulation of Cybersecurity U.S.-German Standards Panel 2018

Shaping the Cyber Security R&D Agenda in Europe, Horizon 2020

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Cyber Security and Protecting Critical Information Infrastructures

NIS Country Reports Overview Document

H2020 WP Cybersecurity PPP topics

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

National CIRT - Montenegro. Ministry for Information Society and Telecommunications

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

CTI Capability Maturity Model Marco Lourenco

Information Sharing and Cooperation

EU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017

13967/16 MK/mj 1 DG D 2B

Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Working with the EU Directive High common level of network and information security. Martin Apel, SANS ICS Summit, Munich und

IST FP6 Co-ordination Action Project: CI 2 RCO

GENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

Promoting Global Cybersecurity

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Panel 1 National CSIRT Experience

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

Stock taking of information security training needs in critical sectors DECEMBER European Union Agency For Network and Information Security

Global cybersecurity and international standards

EUROPEAN ORGANISATION FOR SECURITY SUPPLY CHAIN SECURITY WHITE PAPER

ENISA today and in the future

E-Signature Law of Iraq no. ( 78) of 2012

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015

Transcription:

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017 European Union Agency for Network and Information Security

Positioning ENISA activities CAPACITY Hands on activities POLICY Support MS & COM in Policy implementation Harmonisation across EU EXPERTISE Recommendations Independent Advice 2

The Network and Information Security Directive 3

Co-operation Group & ENISA EC Cooperation Group Identification Criteria Expert group - DE Security Measures Expert group - FR Incident reporting Expert group NL Cross-border Interdependencies Expert group - EE Study on Identification Criteria for OES Study on Security Measures for OES ENISA Study on Incident Reporting for OES Study on Cross border Interdependencies 4

National Cyber Security Strategies All 28 MS have a NCSS Challenges: Effective cooperation between public stakeholders Establish trust between public and private stakeholders Lack of resources Lack of common approach and awareness for privacy The implementation of vulnerability and risk analysis MS are considering reviewing their NCSS in the light of the NISD 5

ENISA Supports the Member States ENISA NCSS EU map ENISA REPORTS E-Learning & Workshops ENISA NCSS Expert Group 6

Identification criteria for OES Main steps for MS to create and list OES: Identify the essential services that are critical for societal and economic activities. Identify operators of essential services: define specific criteria and thresholds. Identify critical business processes and assets that support the provision of essential services. Create a list of OES. Review and update the list of OES every two years. 7

Key findings For most MS, the identification process of essential services and OES is in an initial phase. Selected MS have different registration approaches for operators of essential services. Identified lists of essential services are characterised by significantly different levels of description. Most MS have developed methodologies to identify Critical Infrastructures, not services. The number of identified operators depend on the size of the country. The state-driven approach where the leading role is assumed by one or more governmental agencies/ministries that have the mandate to identify the Essential Services and OES - in most of the cases the responsible ministries. The operator-driven approach where operators self-assess if specific criteria are met and then register to the list of OES. This approach does not require the national authorities to identify individual operators of critical infrastructures it is the operators duty to notify the authorities when they fall under the predefined criteria. 8

Challenges Adaptation of existing methodologies to NIS Directive requirements. Difficulty in matching the criteria of the NIS directive to the criteria that have already been developed. Challenges in threshold definition. Sometimes they are not at all necessary for small countries where only one operator exists in a given sector. Cooperation with the private sector Challenges regarding NIS Directive definitions. 9

Security Measures for OES Cross sector Energy Health Care Water Transport Financial market Infrastructures Banking 33 1 1 1 8 8 22 38 Desktop Research on: Security standards & good practices per NISD sector Country specific standards, good practices, laws & regulations Risk assessment & Risk Management methodologies 112 International standards & Good practices Digital Infrastucture 10

Cooperation group work stream on Security Measures for OES 1. Information Security Governance & Risk Management 2. IT Reference Security Architecture & Management of third parties 3. Security Operations 4. Continuity of Operations 5. Logical and Physical Security 6. Computer Security Incident Management 7. Compliance and Reporting Framework 8. Systems Development and Acquisition 11

Incident Reporting for OES 12

Thank you PO Box 1309, 710 01 Heraklion, Greece Tel: +30 28 14 40 9710 info@enisa.europa.eu www.enisa.europa.eu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback