Valérie Andrianavaly European Commission DG INFSO-A3

Similar documents
Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Security and resilience in Information Society: the European approach

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

EU policy on Network and Information Security & Critical Information Infrastructures Protection

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Securing Europe's Information Society

Cyber Security in Europe

Package of initiatives on Cybersecurity

EISAS Enhanced Roadmap 2012

Cybersecurity & Digital Privacy in the Energy sector

ENISA s Position on the NIS Directive

ENISA S WORK ON ICS AND SMART GRID SECURITY

ENISA Cooperation in the EU / NIS Directive

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

ENISA EU Threat Landscape

Promoting Global Cybersecurity

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

Discussion on MS contribution to the WP2018

Bradford J. Willke. 19 September 2007

Directive on security of network and information systems (NIS): State of Play

Directive on Security of Network and Information Systems

Enhancing the cyber security &

10025/16 MP/mj 1 DG D 2B

13967/16 MK/mj 1 DG D 2B

European Union Agency for Network and Information Security

The NIS Directive and Cybersecurity in

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Cyber Security Beyond 2020

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Network and Information Security Directive

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

Securing Europe s IoT Devices and Services

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

Critical Infrastructure Protection in the European Union

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Call for Expressions of Interest

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

Commonwealth Cyber Declaration

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Research Infrastructures and Horizon 2020

Australian Government Cyber-security Activities in the Pacific

Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Action Plan to enhance preparedness against CBRN security risks

EUROPEAN ORGANISATION FOR SECURITY SUPPLY CHAIN SECURITY WHITE PAPER

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

H2020 Opportunities in the Area of Security and Critical Infrastructure Protection

UPU UNIVERSAL POSTAL UNION. CA C 4 SDPG AHG DRM Doc 3. Original: English COUNCIL OF ADMINISTRATION. Committee 4 Development Cooperation

Towards a European Cloud Computing Strategy

H2020 WP Cybersecurity PPP topics

CENTER FOR SECURITY STUDIES

H2020 & THE FRENCH SECURITY RESEARCH

The commission communication "towards a general policy on the fight against cyber crime"

Background Note on Possible arrangements for a Technology Facilitation Mechanism and other science, technology and innovation issues

Cyber Security in Europe and CEER s new PEER initiative

Cybersecurity for ALL

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Trustworthy ICT. FP7-ICT Objective 1.5 WP 2013

Plan of action for Implementation of the Sendai Framework for Disaster Risk Reduction in Central Asia and South Caucasus Region

European Union Financing Mechanisms for ICT in Latin American context

Improving Resilience in European e-communication networks MTP 1

The Network and Information Security Directive - ENISA's contribution

Promoting Trade, Inclusiveness and Connectivity for Sustainable Development

RESOLUTION 45 (Rev. Hyderabad, 2010)

Resolution adopted by the General Assembly on 14 December [without reference to a Main Committee (A/61/L.44 and Add.1)]

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

Research Infrastructures and Horizon 2020

Cyber Security and Protecting Critical Information Infrastructures

The Digitalisation of Finance

Resolution adopted by the General Assembly. [on the report of the Second Committee (A/64/417)]

RESOLUTION 130 (Rev. Antalya, 2006)

Security Aspects of Trust Services Providers

Joint Declaration by G7 ICT Ministers

Resolution adopted by the General Assembly. [on the report of the Second Committee (A/60/488/Add.3)]

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

EU Civil Protection Mechanism

Harmonisation of Digital Markets in the EaP. Vassilis Kopanas European Commission, DG CONNECT

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

RESOLUTION 130 (REV. BUSAN, 2014)

NIS-Directive and Smart Grids

ICTPSP Call Theme 2 ICT for energy efficiency and sustainability in urban areas. Dr. Manuel SANCHEZ JIMENEZ

21ST OSCE ECONOMIC AND ENVIRONMENTAL FORUM

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Critical Infrastructure Protection & Resilience Europe / Asia. Conference Discussion Reviews

Implementation Strategy for Cybersecurity Workshop ITU 2016

Cybersecurity Strategy of the Republic of Cyprus

Resolution adopted by the General Assembly. [without reference to a Main Committee (A/62/L.30 and Add.1)]

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 26 September 2008 (30.09) (OR. fr) 13567/08 LIMITE ENFOPOL 170 CRIMORG 150

Transcription:

Security and resilience in the Information Society: towards a CIIP policy in the EU Valérie Andrianavaly European Commission DG INFSO-A3 valerie.andrianavaly@ec.europa.eu

Network and information security: The European Context Strategy for a Secure Information Society [COM(2006)251] Policy initiatives on: fighting against spam, spyware and malware [COM(2006)688] promoting data protection by PET [COM(2007)228] fighting against cyber crime [COM(2007)267] Proposed package to reform the Regulatory Framework for e- communications [COM(2007)697, COM(2007)698, COM(2007) 699] European Network and Information Security Agency, (ENISA) established in 2004 A policy initiative on CIIP to be adopted by early 2009 under the general framework of the European Programme on Critical Infrastructure Protection

Towards a secure Information Society DIALOGUE structured and multi-stakeholder PARTNERSHIP greater awareness & better understanding of the challenges Open & inclusive multi-stakeholder debate EMPOWERMENT commitment to responsibilities of all actors involved

Policy initiative on CIIP Q1 2009: The issues at stake / Rationale CII are the nervous system of the Information Society Liberalisation, deregulation and convergence complexity / multiplicity of players Infrastructures are privately owned and operated Ensuring the stability of society and economy is governments responsibility CII stretch out well beyond national borders The level of security in any country depends on the level of security put in place outside the national borders National governments face very similar issues and challenges The private sector is calling for harmonised rules A more integrated and co-ordinated approach to complement and add value to the national programmes Contribute to reinforce the EU wealth creation capabilities

Policy initiative on CIIP Q1 2009: Dialogue & Partnership Objectives Enhance the level of CIIP preparedness and response across the EU Ensure that adequate and consistent levels of preventive, detection, emergency and recovery measures are put in operation Policy orientations Achieve a better understanding and clarity on the guiding policy principles Approach Build on national and private sector initiatives Engage relevant public and private stakeholders Adopt All-hazards

Policy initiative on CIIP Q1 2009: Preparatory activities (1/2) 2006: Study on Availability and Robustness of Electronic Communications Infrastructures (ARECI) 2007 Informal meeting of National experts on CIIP Brussels, 19 January 2007 Public consultation on the final ARECI report drafted by Alcatel-Lucent - April 2007 Member States and private sector meeting on the outcomes of the public consultation Brussels, 18 June 2007 Workshop on cc TLD s Contingency practices, 19/09/2007 Workshop on challenges for awareness raising, 07/12/2007

2008 Policy initiative on CIIP Q1 2009: Preparatory activities (2/2) Workshop on Learning from large scale attacks on the Internet: policy implications, Brussels, 17 January 2008; 2 Meetings with MS on the criteria to identify European Critical Infrastructures in the ICT sector, Brussels, 5 February & 29 May 2008; Workshop on The role of the private sector for Critical Information Infrastructure Protection, Brussels, 26 June 2008; Questionnaire sent to Member States

Policy initiative on CIIP: Next steps - Short term Q4 2008 Completion of the survey on MS policy approaches on CIIP Focus on i) definitions/criteria; ii) risk assessment activities; iii) incident response capability; iv) Public Private Partnership; v) International dimension Analysis of inputs Q1 2009 Adoption of Commission policy on CIIP + Action Plan

Policy initiative on CIIP Q1 2009: The main areas for action Process to define the ICT criteria to identify the European critical infrastructures Improvement of the incident response capability at national and European level Development of a trusted public-private partnership at the European Union level on security and resilience to support sharing of information and good practices Bridging gaps on national CIIP policies across Europe - Reinforcing the cooperation and the information exchange between Member States International dimension of CIIP to reinforce co-operation on global issues, in particular the security and the robustness of the Internet A significant step forward in the implementation of the Commission's strategy for a Secure Information Society

Policy initiative on CIIP Q1 2009 Tentative Flowchart Implementation for the ICT sector* of the European Programme on Critical Infrastructures Protection framework (EPCIP) by defining the criteria for identification of European Critical Information Infrastructures (ECIIs)** Tool: Staff Working Paper & Study to be launched by the end of 2008 Communication (including Impact Assessment) Action Plan (either as part of the Communication or proposal for a Recommendation) Strengthening the incident response capability for Europe by creating: 1. Governmental CERTs in all Member States 2. EISAS multi-lingual European information Sharing and Alert System Tool: 1. Obligation/Recommendation for Member States Tool: 2. Development of prototype tool (to be funded under the EU Programme on "Prevention, Preparedness and Consequences Management of Terrorism and other security related risks") Creation of a strong and trusted EU Public-Private Partnership determining the good practices to be followed, in terms of: -Industrial deployment -Public policy practices Tool: Public Private Partnership for European Resilience International dimension Creating a unified European security voice and strategy in international discussions and fora (in particular for Internet) Tool: Global security dialogue following WSIS with aim to create guidelines on risk preparedness and response

Policy initiative on CIIP: Next steps - Medium term 2009 A study on dependencies on ICTs of finance, energy and transport sectors* Prototype of a European multilingual information sharing and alert system to provide appropriate and timely information via dedicated е-security web portals on threats, risks and alerts as well as on best practices* A project on DNS security* Call just closed: A study on measures to analyse and improve European emergency preparedness in the field of fixed and mobile telecommunications and Internet* A study to support the process to define sectoral criteria to identify European Critical Infrastructures in the ICT sector focusing on the sub-sectors of Internet, fixed and mobile telecommunications* * Projects and studies funded under EPCIP financial scheme: "Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks "

Web Sites DG INFSO Web site on the EU policy on secure Information Society http://ec.europa.eu/information_society/policy/nis/index_en.htm Page on CIIP http://ec.europa.eu/information_society/policy/nis/strategy/a ctivities/ciip/index_en.htm Page on ARECI study http://ec.europa.eu/information_society/policy/nis/strategy/a ctivities/ciip/areci_study/index_en.htm Page on the workshop on large scale attacks http://ec.europa.eu/information_society/policy/nis/strategy/a ctivities/ciip/large_scale/index_en.htm

Links to EU Policy Document 1/2 Strategy for a Secure Information Society [COM(2006)251] http://eurlex.europa.eu/result.do?t1=v5&t2=2006&t3=251&rechtype=rech_natu rel&submit=search Fighting spam, spyware and malicious software [COM(2006)688] http://eurlex.europa.eu/result.do?t1=v5&t2=2006&t3=688&rechtype=rech_natu rel&submit=search Promoting data protection by Privacy Enhancing Technologies (PETs) [COM(2007)228] http://eurlex.europa.eu/result.do?t1=v5&t2=2007&t3=228&rechtype=rech_natu rel&submit=search Towards a general policy on the fight against cyber crime [COM(2007)267] http://eurlex.europa.eu/result.do?t1=v5&t2=2007&t3=267&rechtype=rech_natu rel&submit=search Package to reform the Regulatory Framework for e-communications [COM(2007)697, COM(2007)698, COM(2007) 699] http://ec.europa.eu/information_society/policy/ecomm/tomorrow/index_ en.htm

Links to EU Policy Document 2/2 European Programme for Critical Infrastructure Protection [COM(2006) 786] http://eurlex.europa.eu/lexuriserv/lexuriserv.do?uri=com:2006:0786:fin:en:pdf Directive on the identification and designation of European Critical Infrastructure and the assessment of the need to improve their protection Press release: http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/jha /101001.pdf Final text: http://register.consilium.europa.eu/pdf/en/08/st09/st09403.en08.pdf EPCIP financial scheme: "Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks Call for proposals http://ec.europa.eu/justice_home/funding/cips/funding_cips_en.htm Call for tenders http://ec.europa.eu/justice_home/funding/tenders/funding_calls_en.htm Call for expression of interest (looking for external experts) http://ec.europa.eu/justice_home/funding/tenders/funding_interest_en.htm

Annex Key findings & way forward Key findings & way forward of the workshop on Learning from large scale attacks on the Internet: policy implications (17.01.2008)

Workshop on Learning from large scale attacks on the Internet: policy implications Key findings & way forward (1/4) Build resilience / Harden the infrastructure Servers and links redundancy, Anycast Security of routing protocol / traffic exchange Security of DNS service Profiling attackers and understanding their objectives (know your enemies)

Workshop on Learning from large scale attacks on the Internet: policy implications Key findings & way forward (2/4) Response preparedness National contingency plan for the Internet Cyber exercises on National/international level are crucial Strengthen multinational cooperation for rapid response (formal rather than informal) Importance of CERTs/CSIRTs and their role for national and international cooperation Measurement - monitoring of traffic to understand what is going on Computers at the edges could be leveraged to build collective intelligence

Workshop on Learning from large scale attacks on the Internet: policy implications Key findings & way forward (3/4) Technology will not be sufficient Study the economics of security and cyber crime R. Anderson (et al) report on Security Economics and the Internal Market (ENISA) Set-up Public Private Partnership (PPP) Importance of the role of government, which is to coordinate and be a good user Develop cross-sector and crossorganisational cooperation on national, EU and international levels

Workshop on Learning from large scale attacks on the Internet: policy implications Key findings & way forward (4/4) Agree on responsibility s allocation Information and best practices sharing importance of trust EISAS (European Information Sharing an Alert System) feasibility study (ENISA) Funding for proof of concept implementation of an EISAS Raising awareness and education of individuals, public bodies, corporate users and service providers

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback