Securing Europe's Information Society

Similar documents
Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

EU policy on Network and Information Security & Critical Information Infrastructures Protection

ENISA EU Threat Landscape

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Between 1981 and 1983, I worked as a research assistant and for the following two years, I ran a Software Development Department.

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Cyber Security in Europe

EISAS Enhanced Roadmap 2012

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Valérie Andrianavaly European Commission DG INFSO-A3

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

Cyber Security Beyond 2020

Discussion on MS contribution to the WP2018

NIS Standardisation ENISA view

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

The NIS Directive and Cybersecurity in

Network and Information Security Directive

Security and resilience in Information Society: the European approach

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

Directive on security of network and information systems (NIS): State of Play

ENISA s Position on the NIS Directive

ENISA Cooperation in the EU / NIS Directive

13967/16 MK/mj 1 DG D 2B

Securing Europe s IoT Devices and Services

Package of initiatives on Cybersecurity

European Union Agency for Network and Information Security

ENISA today and in the future

Cybersecurity Strategy of the Republic of Cyprus

Shaping the Cyber Security R&D Agenda in Europe, Horizon 2020

Cybersecurity & Digital Privacy in the Energy sector

Directive on Security of Network and Information Systems

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Call for Expressions of Interest

ehealth Ministerial Conference 2013 Dublin May 2013 Irish Presidency Declaration

Security Aspects of Trust Services Providers

NIS-Directive and Smart Grids

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

Achieving Global Cyber Security Through Collaboration

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

ENISA today and in the future

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

Cyber Security in Europe and CEER s new PEER initiative

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Bradford J. Willke. 19 September 2007

Cyber Security Strategic Level Landscape in Poland. Krzysztof Silicki NASK Institute, Poland ENISA MB, EB

Technologies with the potential to enhance resilience - An overview on the activities of ENISA

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

ehealth in Europe: at the convergence of technology, medicine, law and society

Cybersecurity Package

RESOLUTION 130 (REV. BUSAN, 2014)

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

The Digitalisation of Finance

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

10025/16 MP/mj 1 DG D 2B

***I DRAFT REPORT. EN United in diversity EN. European Parliament 2018/0328(COD)

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

DG GROW meeting with Member States in preparation of Space Strategy 8 th July Working document#1: Vision and Goals

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

Transport and ICT Global Practice Smart Connections for All Sandra Sargent, Senior Operations Officer, Transport & ICT GP, The World Bank

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Position Paper of the ASD Civil Aviation Cybersecurity Taskforce

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

H2020 WP Cybersecurity PPP topics

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

European Directives and reglements for Information security

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

The Network and Information Security Directive - ENISA's contribution

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

ehealth action in the EU

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Internet of Things, A European Outlook Antonis Tzortzakakis, Treasurer ECTA

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

NIS Country Reports Overview Document

Strategic Transport Research and Innovation Agenda - STRIA

WORK PROGRAMME 2015 INCLUDING MULTI-ANNUAL PLANNING

Trustworthy ICT. FP7-ICT Objective 1.5 WP 2013

ENISA S WORK ON ICS AND SMART GRID SECURITY

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Policy drivers and regulatory framework to roll out the Smart Grid deployment. Dr. Manuel Sánchez European Commission, DG ENERGY

ENISA GENErAl report 2012

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Business Model for Global Platform for Big Data for Official Statistics in support of the 2030 Agenda for Sustainable Development

SECURING EUROPE S INFORMATION SOCIETY General Report 2011

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

EGM, 9-10 December A World that Counts: Mobilising the Data Revolution for Sustainable Development. 9 December 2014 BACKGROUND

Transcription:

Securing Europe's Information Society Dr. Udo Helmbrecht Executive Director European Network and Information Security Agency 16 June 2010 FIRST AGM Miami 16/6/2010 1

Agenda ENISA overview Challenges EU policy on NIS Overview of current activities Examples for current activities Outlook Conclusions 16/6/2010 2

ENISA overview Created in 2004 Located in Heraklion / Greece Around 30 Experts Supports EU institutions and Member States Facilitator of information exchange between EU institutions, public sector & private sector ENISA assists Member States and the Commission in global issues that affect the European Community as a whole This is an advisory role and the focus is on prevention and preparedness 16/6/2010 3

Agenda ENISA overview Challenges EU policy on NIS Overview of current activities Examples for current activities Outlook Conclusions 16/6/2010 4

NIS Challenges Complexity of global networks is increasing Number of security breaches is growing, leading to financial damage and undermining user confidence The economy of Europe is at stake if we do not manage security properly ICT systems are essential for economic and societal development We need to achieve a collaborative approach on increasing NIS to enable and enhance economic and societal development in priority areas, such as: Improving Europe s critical information infrastructure protection (CIIP) Enhancing Europe s early warning and incident response capabilities Increasing user trust and confidence 16/6/2010 5

NIS Challenges cont. We need to achieve a collaborative approach on increasing NIS to enable and enhance economic and societal development in priority areas, such as: Improving Europe s critical information infrastructure protection (CIIP) Enhancing Europe s early warning and incident response capabilities Increasing user trust and confidence because Europeans will not embrace technology they do not trust - the digital age is neither "big brother" nor "cyber wild west (Digital Agenda for Europe, COM(2010) 245, 19.05.2010) 16/6/2010 6

Agenda ENISA overview Challenges EU policy on NIS Overview of current activities Examples for current activities Outlook Conclusions 16/6/2010 7

Network and Information Security (NIS) The EU Policy Framework 2004: Establishment of the European Network and Information Security Agency - ENISA 2006: European Commission Strategy for a Secure Information Society - COM(2006)251 2007: Council Resolution on a Strategy for a Secure Information Society in Europe [2007/C 68/01] 2008: Extension of ENISA s mandate and launch of a debate on increased NIS 03/2009: European Commission s proposal for an Action Plan on Critical Information Infrastructure Protection - CIIP - 11/2009: Adoption of the revised telecoms regulatory package integrating provisions on security 12/2009: Council resolution on a collaborative European approach to NIS [2009/C 321/01] 05/2010: Commission s proposal for a modernized NIS Policy in the EU The Digital Agenda http://ec.europa.eu/information_society/digital-agenda/index_en.htm 16/6/2010 8

DIGITAL AGENDA NIS masterplan for the next 10 years Proposes action areas for a European information society (like interoperability, standards, research, access and...)... Trust and security! High level goals: Modernise and enhance ENISA Enhance cooperation of CERTs on national and European level Provide CERT services for European institutions Support EU-wide cyber security preparedness exercises Enhance prevention and combating cybercrime 16/6/2010 9

Agenda ENISA overview Challenges EU policy on NIS Overview of current activities Examples for current activities Outlook Conclusions 16/6/2010 10

ENISA s Role in Europe Centre of Expertise Supports EU institutions and Member States Facilitator of information exchange between EU institutions, public sector & private sector Activities: Advising and assisting Collecting and analysing Promoting methods Raising awareness 16/6/201011

ENISA s Mission Securing Europe s Information Society by acting as a pacemaker for NIS Producers Member States ISPs CITIZENS European Parliament European Commission NGOs Associations 16/6/2010 12

ENISA s Current Activities ENISA s work plan is based around a number of Multi- Annual Thematic Programs (MTPs) The current set of MTPs was launched in 2008. They cover the following areas: Improving resilience in European networks Developing and maintaining cooperation models Identifying emerging risks These MTPs are scheduled to finish in 2010 16/6/2010 13

Improving resilience in European networks Goal : To improve Resilience in European ecommunications Networks & Services This work consists of three phases: Stock-taking of regulatory/policy environments and provider measures Identification of good practices and gap analysis Support for deployment The scope of the work covers: Policy issues Deployment issues Technical issues (e.g. DNSSEC) 16/6/2010 14

Cross-border cooperation Goal : To increase cooperation between Member States to reduce differences in capability between Member States in the area of NIS ENISA develops and supports cooperation models in pre-defined areas Currently, these areas are: Awareness Raising Reinforcing national / gov. CERTs European NIS good practice brokerage 16/6/2010 15

Emerging Risks Goal: To enable stakeholders to better identify and understand Emerging and Future Risks in the area of NIS Scenarios submitted by public sector and private sector stakeholders Expert groups are used to validate and analyse submitted scenarios from a risk standpoint Will be supplemented by the creation of a Knowledge Base 16/6/2010 16

Agenda ENISA overview Challenges EU policy on NIS Overview of current activities Examples for current activities Outlook Conclusions 16/6/2010 17

The objectives are: Activity example: Reinforcing national/governmental CERTs Definition and further development of a set of baseline capabilities for national / governmental CERTs in the Member States Establish national / governmental CERTs in every Member State Offer or support activities to help teams to reach (and go beyond) the baseline Enhance cooperation on national and European level 16/6/2010 18

Activity example: Reinforcing national/governmental CERTs Means Support setting up Training Exercises Support in Reaching out to (new) constituencies (EISAS) Enhancing existing services Extension of services Information sharing and cooperation Etc. 16/6/201019

Activity example: Reinforcing national/governmental CERTs 2005: Stocktaking 2006: Setting up & Cooperation 2007: Support Operation Quality Assurance 2008: CERT Exercises 2009: CERT Exercises Pilots 2010: CERT Baseline Capabilities [ ] 16/6/2010 20

The objectives are: Activity example: National and pan-european exercises First pan-european exercise in 2010 Collaborate with EuroCybex towards preparing an advanced exercise in 2011 Support the implementation of the Good Practice Guide on National Preparedness Exercises by Member States Develop a robust framework for running Pan European (and multinational in general) exercises with long term strategic objectives 16/6/201021

Activity example: Awareness Raising Enhance information exchange on awareness raising among national / governmental level organisations Establish a task force for information security awareness within the EU institutions and bodies. Continue to address the challenges of young generation and family online safety. Continue to build the AR Community Support the Commission and Member States in establishing a European Security week. 16/6/201022

Activity example: Cloud Computing for governments In 2009, ENISA published the cloud computing risk assessment and cloud assurance framework In 2010, ENISA is performing an analysis of Government Cloud initiatives from the security and resilience perspective In 2011 this will be followed up with an initiative which pilots the use of these criteria within EuropeanGovernment procurement criteria Conference on cloud assurance in Q2 2011 Pilot study with member states, by Q4 2011 16/6/201023

Agenda ENISA overview Challenges EU policy on NIS Overview of current activities Examples for current activities Outlook Conclusions 16/6/2010 24

Outlook 2011: Situation awareness for CERTs The objectives are: Stock taking of available situation awareness mechanisms to define the state of the art of early warning for NIS. Analysis of results - the benefits and shortcomings will be assessed and potential further developments identified. 16/6/201025

Outlook 2011: Cross-border CERT cooperation The objectives are: Examine barriers and incentives for cross-border collaboration and information sharing (i.e. legal issues, data protection, etc.) Examine operational gaps on European level Examine operational redundancies and synergies 16/6/201026

Agenda ENISA overview Challenges EU policy on NIS Overview of current activities Examples for current activities Outlook Conclusions 16/6/2010 27

Our Vision Everybody is involved. All actors understand the role they are expected to play and are sufficiently knowledgeable to perform this role. Actions performed by the different actors are mutually reinforcing. This is the principle of defence in depth. The approach is sufficiently scalable and flexible to cope with rapidly evolving constraints. Approaches that are too rigid and that cannot adapt to changes in the socio-economic environment will not survive. 16/6/2010 28

Conclusions We need to move towards a situation in which all actors recognise and proactively manage risks. Methods and tools should be flexible and scalable. They should be capable of delivering tangible results with reasonable investment. Infrastructure should offer true end-to-end security. By closely following emerging risks, aligning research with these risks, and deploying research results faster, we will be able to securely leverage new technologies earlier. New concepts need to be quickly understood and leveraged to improve current security models. Achieving coherence and consistency over time will be a major challenge. 16/6/2010 29

Contact European Network and Information Security Agency Science and Technology Park of Crete (ITE) P.O. Box 1309 71001 Heraklion - Crete Greece cert-relations@enisa.europa.eu http://www.enisa.europa.eu 16/6/2010 30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback