Security and resilience in Information Society: the European approach

Similar documents
A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Valérie Andrianavaly European Commission DG INFSO-A3

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

EU policy on Network and Information Security & Critical Information Infrastructures Protection

13967/16 MK/mj 1 DG D 2B

ENISA EU Threat Landscape

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Cyber Security in Europe

Cybersecurity & Digital Privacy in the Energy sector

Commonwealth Cyber Declaration

EISAS Enhanced Roadmap 2012

Call for Expressions of Interest

Securing Europe's Information Society

IPv6 Task Force - Phase II. Welcome

H2020 Opportunities in the Area of Security and Critical Infrastructure Protection

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

RESOLUTION 45 (Rev. Hyderabad, 2010)

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

H2020 WP Cybersecurity PPP topics

The NIS Directive and Cybersecurity in

Bradford J. Willke. 19 September 2007

Directive on security of network and information systems (NIS): State of Play

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

ENISA s Position on the NIS Directive

European Union Agency for Network and Information Security

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

Towards a European Cloud Computing Strategy

Package of initiatives on Cybersecurity

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

Promoting Global Cybersecurity

H2020 & THE FRENCH SECURITY RESEARCH

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

European Cybersecurity PPP European Cyber Security Organisation - ECSO November 2016

HEALTH IN ECSO (European Cyber Security Organisation) 18 October 2017

Directive on Security of Network and Information Systems

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

Cyber Security Beyond 2020

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Critical Infrastructure Protection in the European Union

UPU UNIVERSAL POSTAL UNION. CA C 4 SDPG AHG DRM Doc 3. Original: English COUNCIL OF ADMINISTRATION. Committee 4 Development Cooperation

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

GENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

NIS Standardisation ENISA view

Plenipotentiary Conference (PP- 14) Busan, 20 October 7 November 2014

Summary. Strategy at EU Level: Digital Agenda for Europe (DAE) What; Why; How ehealth and Digital Agenda. What s next. Key actions

Horizon 2020 Security

Discussion on MS contribution to the WP2018

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Joint Declaration by G7 ICT Ministers

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

NIS-Directive and Smart Grids

Enhancing the cyber security &

RESOLUTION 130 (Rev. Antalya, 2006)

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

DIGITIZING INDUSTRY, ICT STANDARDS TO

Fostering Competitiveness, Growth and Jobs. Wrocław, Poland, 15 October 2014

Resolution adopted by the General Assembly. [on the report of the Second Committee (A/64/417)]

European Cybersecurity PPP European Cyber Security Organisation - ECSO

ENISA S WORK ON ICS AND SMART GRID SECURITY

Cybersecurity & Spam after WSIS: How MAAWG can help

Research Infrastructures and Horizon 2020

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Big Data Value cppp Big Data Value Association Big Data Value ecosystem

Europe (DAE) for Telehealth

Secure Societies Work Programme Call

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

The Network and Information Security Directive - ENISA's contribution

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Trustworthy ICT. FP7-ICT Objective 1.5 WP 2013

DG GROW meeting with Member States in preparation of Space Strategy 8 th July Working document#1: Vision and Goals

Resolution adopted by the General Assembly. [on the report of the Second Committee (A/56/561/Add.2)]

First Science-Policy- Industry meeting on CBRN-E Introductory words. Philippe Quevauviller. Security Research and Industry. DG Enterprise and Industry

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

MOTION FOR A RESOLUTION

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Cyber security: a building block of the Digital Single Market

World Telecommunication Development Conference (WTDC- 14) Dubai, 30 March 10 April 2014

Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment

Digital Security. Rafael Tesoro Carretero DG CNECT, Unit H1 - Cybersecurity & Digital Privacy

CEF Telecom Calls: CEF-TC : Cyber Security TZAFALIAS ARISTOTELIS POLICY OFFICER DG CONNECT

ehealth in Europe: at the convergence of technology, medicine, law and society

Between 1981 and 1983, I worked as a research assistant and for the following two years, I ran a Software Development Department.

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

Advanced Grid Technologies, Services & Systems: Research Priorities and Objectives of WP

ehealth Ministerial Conference 2013 Dublin May 2013 Irish Presidency Declaration

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

Research Infrastructures and Horizon 2020

2017 Company Profile

The MovingLife Project

Implementation of WTDC-14 Regional Initiatives for Europe

IPv6 deployment, European Commission involvement. RIPE 60 Prague 4May Per Blixt

Cybersecurity for ALL

Transcription:

Security and resilience in Information Society: the European approach Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Andrea.servida@ec.europa.eu

What s s ahead: mobile ubiquitous environments Broaden communication parties, networking, and business opportunities Mobile World (Real World) B3G Radio Access Ubiquitous World Networks with low performance devices (e.g. RF tags and sensors) B3G Mobile Network Networks with high performance devices (e.g. home appliances) Mobile NW Ubiquitous Local NW Mobile Edge Mobile-Ubiquitous NW

The key objectives of the strategy to revitalise the EC strategy set out in 2001 By reviewing the NIS situation and challenges posed by convergence of technologies, media and markets By building better coordination between the various EC policy initiatives (e.g. spam, 2006 Review, CIIP, cyber crime, RFID, etc) By mobilising all stakeholders to strengthen the cooperation in the EU to adapt the EU approach to future challenges By strengthening the role of ENISA By emphasising the value and benefits of measuring and learning By launching few actions to stimulate the exchange of good policy practice across the EU

NIS in the Information Society TECHNICAL dimension SOCIAL dimension TRUSTWORTHY, SECURE & RELIABLE ICT ECONOMIC dimension LEGAL dimension

Depending on ICT Today issues Pervasiveness, interdependencies and and intrusiveness Influencing factors incompatibility between technology and and human human systems technology-push with with no no thinking in in terms terms of of societal impact (DRM, (DRM, TC, TC, biometrics, IPv6, IPv6, etc.) etc.) emergence of of new new social social and and governance models models little little understanding of of human factor factor excessive technical control control may may put put at at risk risk rights (DRM, (DRM, biometrics, TC, TC, etc.) etc.) there there are are no no safeguards for for users users no no attention to to economic and and societal costs costs of of faulty faulty software Future objective Develop Develop a a respectful, productive, innovative and and secure secure IS IS How How to to go go about about it it develop a new new ethics ethics of of digital digital behaviour and and commercial conduct enforce everywhere the the principle of of user s user s choice choice promote the the respect of of the the personal sphere also also by by ensuring resiliency and and accountability of of systems investigate interdependencies between technology & societal systems develop a vision vision on on how how to to depend on on technology (including international governance) in in societal societal systems education and and awareness

The key principles to improve and develop a culture of NIS Technical Promote diversity, usability openness and interoperability as integral components of security Economic Present NIS as a virtue and an opportunity Social Individual users need to understand that their home systems are critical for the overall security chain Legal Privacy and security are a prerequisite for guaranteeing fundamental rights on-line

The challenges for stakeholders to take responsibility for their respective roles Public Administrations to address the security of their own networks and serve as an example of best practice for other players Private sector enterprises to address NIS as an asset and an element of competitive advantage an not as a negative cost Individual users to understand that their home systems are critical for the overall security chain

Towards a secure Information Society DIALOGUE structured and multi-stakeholder PARTNERSHIP greater awareness & better understanding of the challenges Open & inclusive multi-stakeholder debate EMPOWERMENT commitment to responsibilities of all actors involved

Dialogue Benchmarking national NIS-related policies Comparing to learn and to transfer best practices to improve awareness among SMEs & individual users to public administrations shall act as intelligent users and serve as an example for best practice drivers (-> eid) Structured multi-stakeholder dialogue where to strike the balance between security and the protection of fundamental rights (-> PET, TC) develop a sector-specific policy for the ICT sector to enhance the security and the resilience of information and communication networks (-> CIIP) Business Summit & User Seminar stimulate industry commitment to adopt effective approaches to implement a culture of security in industry raise security awareness and strengthen the trust of endusers

Partnership Improve knowledge of the problem ENISA is asked to develop a trusted partnership with Member States and stakeholders to create a data collection framework to collect EU-wide data on security incidents and consumer confidence Understand the ICT security sector and market in the EU fostering a strategic relationship between governments, businesses and research community to deliver data on trends in ICT security Support response capability ENISA is asked to examine the feasibility of a European information sharing and alert system (including a multi-lingual security portal)

Empowerment: invite Member States Proactively participate in the proposed benchmarking exercise of national NIS policies; Promote, in close cooperation with ENISA, awareness campaigns on the virtues, benefits and rewards of adopting effective security technologies, practices and behaviour; Leverage the roll-out of e-government services to communicate and promote good security practices that could then be extended to other sectors; Stimulate the development of network and information security programmes as part of higher education curricula.

Empowerment: invite private sector Develop an appropriate definition of responsibilities for software producers and Internet service providers in relation to the provision of adequate and auditable levels of security. Here, support for standardised processes that would meet commonly agreed security standards and best practice rules is needed. Promote diversity, openness, interoperability, usability and competition as key drivers for security as well as stimulate the deployment of security-enhancing products, processes and services to prevent and fight ID theft and other privacy-intrusive attacks. Disseminate good security practices for network operators, service providers and SMEs as baseline levels for security and business continuity. Promote training programmes in the business sector, in particular for SMEs, to provide employees with the knowledge and skills necessary to effectively implement security practices. Work towards affordable security certification schemes for products, processes and services that will address EU-specific needs (in particular with respect to privacy). Involve the insurance sector in developing appropriate risk management tools and methods to tackle ICT-related risks and foster a culture of risk management in organisations and business (in particular in SMEs).

The multi-stakeholder Dialogue on CIIP

Plans on CIIP In June 2004, the European Council asked for an overall strategy to protect critical infrastructures On 17 November 2005, the Commission adopted a Green Paper on the policy options for a European Programme on Critical Infrastructure Protection (COM(2005)576) Contributions were received from 22 Member States and over 100 private companies and industry associations Contributions confirm the need for action at the European level to enhance the protection and resilience of critical infrastructures Because of their horizontal nature with inter-linkages into many other critical infrastructures, the protection of communication and information infrastructure is a priority We are planning a Europe-wide dialogue on CIIP with public and private stakeholders in the fall A major policy initiative on CIIP will be launched in 2008

Challenges of the CIIP dialogue Organisational: to build trusted relationships and motivate the stakeholders (in particular the private sector) Policy orientations: to achieve a better understanding and clarity on the guiding policy principles Issues: National vs. European Infrastructures; long-term Internet stability & resilience; preventive, detection/early warning & responsive measures; recovery and continuity strategies; sharing knowledge and good practices; cross-sectors proactive information assurance methods; risk management culture and tools; inter-dependencies, in particular across heterogeneous infrastructures; etc.

CIIP - Preparatory study in 2006 Availability and Robustness of Electronic Communications Infrastructures Aimed at identifying the threats and vulnerabilities in next generation 3G mobile and Internet core networks developed 10 recommendations to MS, EU institutions and private sector to avoid or reduce their potential impact on the European Critical Infrastructure; Ended February 2007 - the contractor is Alcatel Lucent; validation Workshop held in January 2007 Comments invited until mid May 2007 Final report available http://ec.europa.eu/information_society/newsroom/cf/itemdeta il.cfm?item_id=3334

CIIP Initial discussions Informal meeting of National experts on CIIP Brussels, 19 January 2007 Aimed informally discuss the outcomes Alcatel- Lucent study as well as exchange views on the CIIP component of EPCIP; The Focus was on the needs, challenges and opportunities for an EU dialogue on CIIP; How a EU dialogue could add value to the National initiatives; Who should be part of such a dialogue; How to engage the public and the private sector; What are the main issues to address

CIIP Initial discussions (2) Joint Member States and private sector meeting Brussels, 18 June 2007 To debate the policy options for the EU; Exchange views on how resilience and robustness are approached and tackled in the EU; Focus on identifying: The policy options for an EU dialogue on CIIP; The roadmap for an EU initiative; The role of stakeholders; The mechanisms for an EU multi-stakeholder dialogue

CIIP - Preparatory study in 2007 Study on critical dependencies of energy, finance and transport infrastructures on ICT infrastructures Examine what are the critical ICT based dependencies in the sectors under consideration; Identify and assess existing (cross-sector) early warning systems and protection strategies; Identify existing (cross-sector) best practices where available to counter or mitigate cyber vulnerabilities and threats. Call for tender 165210-2007/S 135/2007 deadline for submission 5 October 2007

CIIP - Preparatory study in 2008 We are planning activity to: Identify the rationale and propose the criteria for the identification of European Critical Information Infrastructures; Improve the emergency preparedness in the field of fixed and mobile telecommunication and Internet; Proof of concept for a European Information Sharing and Alert System; Identify the rationale and propose the criteria for the identification of European Critical Information Infrastructures in the sub-sector instrumentation automation and control systems;

Web Sites A Strategy for a secure Information Society Dialogue, Partnership and empowerment COM(2006) 251 http://ec.europa.eu/governance/impact/docs/ia_2006/com_2006_0251_en.pdf Commission Staff Working Document Impact Assessment SEC(2006) 656 http://ec.europa.eu/governance/impact/docs/ia_2006/sec_2006_0656_en.pdf Background information (including the COM in all languages) http://europa.eu.int/information_society/newsroom/cf/itemlongdetail.cfm?item_id=2766 http://eur-lex.europa.eu/lexuriserv/lexuriserv.do?uri=celex:52006dc0251:en:not

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback