Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Similar documents
EU policy on Network and Information Security & Critical Information Infrastructures Protection

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Security and resilience in Information Society: the European approach

Valérie Andrianavaly European Commission DG INFSO-A3

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Securing Europe's Information Society

ENISA EU Threat Landscape

Cyber Security in Europe

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Cybersecurity & Digital Privacy in the Energy sector

European Union Agency for Network and Information Security

ENISA s Position on the NIS Directive

13967/16 MK/mj 1 DG D 2B

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Bradford J. Willke. 19 September 2007

EISAS Enhanced Roadmap 2012

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Call for Expressions of Interest

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Commonwealth Cyber Declaration

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Discussion on MS contribution to the WP2018

GENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Cyber Security in Europe and CEER s new PEER initiative

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

NIS Standardisation ENISA view

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

Package of initiatives on Cybersecurity

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

5972/17 GT/cb 1 DG G 3 C

21ST OSCE ECONOMIC AND ENVIRONMENTAL FORUM

Between 1981 and 1983, I worked as a research assistant and for the following two years, I ran a Software Development Department.

Enhancing the cyber security &

Directive on Security of Network and Information Systems

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

European Directives and reglements for Information security

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

Plan of action for Implementation of the Sendai Framework for Disaster Risk Reduction in Central Asia and South Caucasus Region

Cybersecurity Strategy of the Republic of Cyprus

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Horizon 2020 Security

Directive on security of network and information systems (NIS): State of Play

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

The NIS Directive and Cybersecurity in

NIS-Directive and Smart Grids

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

Resolution adopted by the General Assembly. [on the report of the Second Committee (A/56/561/Add.2)]

Assessment of the progress made in the implementation of and follow-up to the outcomes of the World Summit on the Information Society

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

Critical Infrastructure Protection & Resilience Europe / Asia. Conference Discussion Reviews

Cybersecurity Package

Critical Infrastructure Protection in the European Union

Research Infrastructures and Horizon 2020

Towards a European Cloud Computing Strategy

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Securing Europe s IoT Devices and Services

Position Paper of the ASD Civil Aviation Cybersecurity Taskforce

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

ENISA Cooperation in the EU / NIS Directive

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

RESOLUTION 45 (Rev. Hyderabad, 2010)

The UNISDR Private Sector Alliance for Disaster Resilient Societies

G8 Lyon-Roma Group High Tech Crime Subgroup

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

Network and Information Security Directive

H2020 Opportunities in the Area of Security and Critical Infrastructure Protection

ASEAN REGIONAL COOPERATION ON DISASTER MANAGEMENT

All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011

Resolution adopted by the General Assembly. [without reference to a Main Committee (A/62/L.30 and Add.1)]

UPU UNIVERSAL POSTAL UNION. CA C 4 SDPG AHG DRM Doc 3. Original: English COUNCIL OF ADMINISTRATION. Committee 4 Development Cooperation

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

Cyber Security Beyond 2020

Promoting Global Cybersecurity

The Network and Information Security Directive - ENISA's contribution

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

CEF Telecom Calls: CEF-TC : Cyber Security TZAFALIAS ARISTOTELIS POLICY OFFICER DG CONNECT

Resolution adopted by the General Assembly on 14 December [without reference to a Main Committee (A/61/L.44 and Add.1)]

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

ENISA S WORK ON ICS AND SMART GRID SECURITY

The commission communication "towards a general policy on the fight against cyber crime"

9168/17 GT/nj 1 DG G 3 C

Protecting Critical Information Infrastructure in times of increasing cyber conflict

Research Infrastructures and Horizon 2020

10025/16 MP/mj 1 DG D 2B

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

GLOBAL AGENDA FOR CYBER CAPACITY BUILDING

Promoting accountability and transparency of multistakeholder partnerships for the implementation of the 2030 Agenda

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Secure Societies Work Programme Call

Transcription:

Information sharing in the EU policy on NIS & CIIP Andrea Servida European Commission DG INFSO-A3 Andrea.Servida@ec.europa.eu

COM(2006) 251 - Towards a secure Information Society DIALOGUE structured and multi-stakeholder PARTNERSHIP greater awareness & better understanding of the challenges Open & inclusive multi-stakeholder debate EMPOWERMENT commitment to responsibilities of all actors involved

the Council Resolution 2007/C 68/01 AND THEREFORE INVITES MEMBER STATES TO: 3 Give due attention to the need to prevent and fight new and existing security threats on electronic communications networks, which also include unlawful interception and exploitation of data, recognise and deal with associated risks and to encourage, where appropriate in cooperation with ENISA, effective exchanges of information and cooperation between the relevant organisations and agencies at national level; to commit to fighting spam, spyware and malware, in particular through improved cooperation between competent authorities at national and international level; AND CALLS UPON: 8 Network operators, service providers and the private sector to share and implement good security practices and to foster a culture of risk analysis and management in organisations and business by supporting appropriate training programmes and developing contingency planning as well as make security solutions available to their customers as part of their services

Communication on CIIP Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience - COM(2009)149 Information sharing is a key element for : 1. Preparedness and prevention (EFMS & EP3R) 2. Detection and response (EISAS) 3. Mitigation and recovery (pan-european exercise) 4. International Cooperation 5. Criteria for European Critical Infrastructures in the ICT sector

The CIIP Action plan The European Forum of Member States (EFMS) Objective and basic principles Sharing information and good policy practices on security and resilience of CIIs EFMS is dedicated to representatives of national public authorities dealing with NIS/CIIP policies EFMS is complementary to EP3R - the European Public-Private Partnership for Resilience Specific topics currently under discussion Sectoral criteria to identify European Critical Infrastructures in the ICT sector Internet resilience and stability Pan-European exercises (call for ENISA s support)

CIIP Action Plan - The European Public Private Partnership for Resilience - EP3R High level objectives Provide a flexible European-wide governance framework to involve relevant public and private stakeholders in public policy discussion and strategic decision making = Focus on prevention and preparedness matters with a European and international dimension. Function as a forum to discuss the public policy priorities, economic and market dimensions of challenges and measures for resilience of CIIs (including appropriate positive and negative incentives for stakeholders) as well as to clarify responsibilities. Serve as a platform for global outreach on public policy, economic and market matters relevant to resilience of CIIs

CIIP Action Plan - The European Public Private Partnership for Resilience - EP3R Specific objectives Provide a platform for information sharing and stock taking of good policy and industrial/business practices in order to foster a common understanding on economic and market dimensions of security and resilience of CIIs Discuss public policy priorities, objectives and measures with a view to define framework conditions and socio-economic incentives to improve the coherence and coordination of policies for security and resilience of CIIs in Europe Identify and promote the adoption of good baseline practices for the security and resilience of CIIs, with a view to pursue minimum security and resilience standards and coordinated risk assessment approaches

CIIP Action Plan - The European Public Private Partnership for Resilience - EP3R Key principles Complementarity: EP3R should build upon and complement existing national initiatives, benefit from ENISA s work and fully respect national responsibility, without duplicating efforts. Trust: EP3R should provide the structure, processes and environment for "trusted collaboration", including the protection of sensitive information. Value: set emphasis on bi-directional exchanges between public and private participants. EP3R should aim to deliver concrete results. NO-Competition: Activities have to ensure that market mechanisms will not be distorted and no elements or perception of cartel behaviour would emerge. On the other hand, participation of competitors in EP3R should not hinder the exchange of information and good practices. Openness: EP3R should be open to all stakeholders which bear a part of the shared responsibility for resilience of CIIs. Flexibility: EP3R should be capable to consider and adapt to evolving challenges and policy developments.

European Public Private Partnership for Resilience (EP3R) Possible topics Management of vulnerability disclosure processes Frameworks for (coordinated) risk management for resilience Minimum/baseline security & resilience standards Economics of security and resilience (positive vs. negative drivers/incentives) Terminology and procedures for data collection on and economic impacts of security incidents Workable frameworks and practices to support the exchange of sensitive information Practices for threat identification Mutual assistance agreements

EPCIP Information sharing resources CIWIN - Critical Infrastructures Information Warning Network Governments only Contracted by the Commission and now hosted by the JRC Information repository European Reference Network for CIP Established at the JRC Focus on technological aspects Leverage EU cooperation

Web Sites EU policy on promoting a secure Information Society http://ec.europa.eu/information_society/policy/nis/index_en.ht m EU policy on Critical Information Infrastructure Protection CIIP http://ec.europa.eu/information_society/policy/nis/strategy/ac tivities/ciip/index_en.htm Presidency Conclusions of the Ministerial Conference on CIIP Tallinn (EE), 27-28 April 2009 http://www.tallinnciip.eu/doc/eu_presidency_conclusions_talli nn_ciip_conference.pdf Report on the public consultation Towards a Strengthened Network and Information Security Policy in Europe http://ec.europa.eu/information_society/policy/nis/nis_public_ consultation/index_en.htm The reformed Telecom Regulatory Framework - November 2009 http://ec.europa.eu/information_society/policy/ecomm/tomorr ow/index_en.htm

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback