Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Similar documents
ENISA Cooperation in the EU / NIS Directive

European Union Agency for Network and Information Security

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cyber Security in Europe

Discussion on MS contribution to the WP2018

HEALTH IN ECSO (European Cyber Security Organisation) 18 October 2017

Enhancing the cyber security &

ENISA EU Threat Landscape

Securing Europe s IoT Devices and Services

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Call for Expressions of Interest

European Cybersecurity cppp and ECSO. org.eu

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

European Cybersecurity PPP European Cyber Security Organisation - ECSO November 2016

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European

ENISA s Position on the NIS Directive

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

Securing Europe's Information Society

Bradford J. Willke. 19 September 2007

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Valérie Andrianavaly European Commission DG INFSO-A3

The NIS Directive and Cybersecurity in

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

Cyber Security in Europe and CEER s new PEER initiative

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Information Sharing and Cooperation

European Cybersecurity PPP European Cyber Security Organisation - ECSO

Cybersecurity Strategy of the Republic of Cyprus

ENISA S WORK ON ICS AND SMART GRID SECURITY

EU policy on Network and Information Security & Critical Information Infrastructures Protection

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Directive on security of network and information systems (NIS): State of Play

Critical Infrastructure Protection & Resilience Europe / Asia. Conference Discussion Reviews

METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

EISAS Enhanced Roadmap 2012

Achieving Global Cyber Security Through Collaboration

The Federal Council s Basic Strategy. for Critical Infrastructure Protection

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

FINNISH APPROACH TO CRITICAL INFRASTRUCTURE PROTECTION

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

Directive on Security of Network and Information Systems

Minutes of National Laison Officer s Meeting,

H2020 Opportunities in the Area of Security and Critical Infrastructure Protection

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

1.What are critical infrastructures in Switzerland? CIP concept in Switzerland

Package of initiatives on Cybersecurity

Security and resilience in Information Society: the European approach

The Australian Government s Approach to Critical Infrastructure Resilience

Promoting Global Cybersecurity

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Cyber Security Strategic Level Landscape in Poland. Krzysztof Silicki NASK Institute, Poland ENISA MB, EB

Network and Information Security Directive

NIS Standardisation ENISA view

H2020 & THE FRENCH SECURITY RESEARCH

WORK PROGRAMME 2015 INCLUDING MULTI-ANNUAL PLANNING

13967/16 MK/mj 1 DG D 2B

NIS-Directive and Smart Grids

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

CYBER SECURITY OF SMART GRID - CHALLENGES AND POTENTIAL SOLUTIONS FOR TRANSMISSION SYSTEM OPERATORS

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

G8 Lyon-Roma Group High Tech Crime Subgroup

NATIONAL BROADBAND STRATEGY IN THE REGION OF CENTRAL AND SOUTH EAST EUROPE (overview, market structure, challenges, recommendations)

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Cybersecurity & Digital Privacy in the Energy sector

H2020 WP Cybersecurity PPP topics

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

Committed to connecting the world

R&D to shape the networks and services of the future

National Policy and Guiding Principles

IST FP6 Co-ordination Action Project: CI 2 RCO

Secure Societies Work Programme Call

Creating NIS Compliant Country in a Non-Regulated Environment. Jurica Čular

CERT.LV activities, role in Latvia and globally. Baiba Kaskina, CERT.LV , Sofia, Bulgaria

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

Legislative Framework

UNLOCKING THE POTENTIAL OF egovernment IN EUROPE

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

Security frameworks for Gov Clouds: A Technical Analysis

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

Úvod do tém: Budúce a vznikajúce technológie Informačné a komunikačné technológie Martin Klimo národný delegát v ICT Committee

Protecting Critical Information Infrastructure in times of increasing cyber conflict

ENCS The European Network for Cyber Security

The Digitalisation of Finance

PIPELINE SECURITY An Overview of TSA Programs

Energy Assurance Plans

The Network and Information Security Directive - ENISA's contribution

STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?

Transcription:

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert European Union Agency For Network And Information Security

Securing Europe s Information Society Operational Office in Athens

Positioning ENISA activities

National Cyber Security Strategies in EU 4

Critical Information Infrastructure (CII) ICT systems that are critical infrastructures for themselves or that are essential for the operation of critical infrastructures (telecommunications, computers/software, Internet, satellites, etc.)

Critical Sectors in EU MS Sectors Energy ICT Water Food Health Financial Public Legal Order & Civil Admin. Transport Chemical & Nuclear Industry AU BE CZ DK EE FI FR DE EL HU IT MT NL PL SK ES UK CH Space & Research

Critical Information Infrastructure Protection in Europe: ENISA efforts Communication networks: Critical information Infrastructure and Internet Infrastructure ICS SCADA Smart grids ehealth Finance Transport

2015 studies on CIIs Stock Taking, Analysis and Recommendations on the protection of CIIs Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors Communication networks dependencies in smart grids Security and resilience for E-health infrastructure Security and resilience for cloud computing in the Finance sector 8

Key Findings Protection of CII in EU Member States Paul Weissmann; Pascal Pillokeit

Key Findings National Authorities 18 16 14 Most countries have assigned responsibility to Information security agencies, Emergency or CIP agencies, or National regulatory agencies 12 10 8 6 4 2 7 5 4 2 2 2 Reason: Historical development or indicator for how the problem is perceived Only four countries have assigned CIIP to Information security forums or Intelligence security agencies 0 ISA EMR NRA ISF INT MIN In two cases, responsibility is shared between a Ministry and a public agency

Key Findings Task and Responsibilities Most tasks are on the operational level (10-12 / out of 12 examined countries) (darkblue) 7 to 8 countries have been assigned responsibilities on the politico-strategic level (lightblue) 4 countries have been tasked with the supervision of institutions other than CERT. These include mainly regulatory tasks (red) Point of contact for incident reporting Organise and conduct CIIP-related exercises and training Advisory to operators of CII (private and public sector) Incident response Development of strategy or policy papers Monitoring the security of national CII Issuing guidelines or proposing legislations Supervision of national CERT Monitoring the implementation of security measures Supervision of other institutions 4 7 7 7 8 8 10 11 11 12 0 2 4 6 8 10 12

Key Findings Public-private Cooperation Risk Assessment Cooperation between private and public stakeholders 2 6 10 PPP Working groups (or similar) Informal Ten out of 18 examined countries have developed partnerships with private actors Trend towards more institutionalised forms of cooperation with the private stakeholders Risk Assessment The majority of the 16 examined countries has conducted RA on a 5 4 national level or a planning to do so This can be seen as an indicator for 3 how a government perceives the 4 problem National National (under dev) Sectorial Operators

Key Findings Obligations and Requirements 16 12 8 4 0 5 All sectors Security Incident Reporting 10 Limited to specific sectors 2 None Only five of 17 examined countries have established mandatory incident reporting across all sectors All Member States have implemented mandatory incident reporting in the telecommunications sector Other important sectors: Finance, Energy, Public Administration 16 Security Audits 12 8 4 0 5 All sectors 6 6 Limited to specific sectors None Six countries have implemented no mandatory security audits in any sector Security Audits are either of less priority for countries or hard to implement

Governance of CIIP Protection of CII in EU Member States Paul Weissmann; Pascal Pillokeit

Governance of CIIP Three profiles of CIIP-governance have been examined Centralised approach Decentralised approach Co-regulation with private sector The different profiles illustrate specific forms of CIIP governance, which are defined by their shared characteristics. The profiles are not exclusive types, but are rather points on a spectrum These profiles can help to understand how CIIP is organised in the individual Member States Can help to understand and what CIIP-measures and -actions can possibly be transferred from one Member State to another

Governance of CIIP The centralised approach The centralised approach is characterised by Central authority across sectors Comprehensive legislation Examples France Public Agency Public Agency Public Agency Sector Sector Sector

Governance of CIIP The decentralised approach The decentralised approach is characterised by Principle of subsidiarity Strong cooperation between public agencies Sector-specific legislation Examples Sweden Public Agency Council Public Agency Sector Sector

Governance of CIIP The co-regulation approach The co-regulation approach is characterised by Institutionalised cooperation with the private sector Horizontal relationship between public and private parties Examples Netherlands Public Agency PPP Private Actors Sector

Goals 01 Raise the level of awareness on CIIP in Europe 02 Support Private and Public Sector with focused studies and tools 03 Facilitate information exchange and collaboration 04 Foster the growth of communication networks and industry 05 Enable higher level of security for Europe s Critical Infrastructures

Thank you Dimitra Liveri resilience@enisa.europa.eu www.enisa.europa.eu/internetcii https://www.enisa.europa.eu/scada

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback