Network and Information Security Directive

Similar documents
The Network and Information Security Directive - ENISA's contribution

Directive on Security of Network and Information Systems

The NIS Directive and Cybersecurity in

Directive on security of network and information systems (NIS): State of Play

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

NIS-Directive and Smart Grids

ENISA s Position on the NIS Directive

NIS Directive development The Incident Notification Framework

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

European Union Agency for Network and Information Security

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

Discussion on MS contribution to the WP2018

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

ENISA EU Threat Landscape

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

ENISA Cooperation in the EU / NIS Directive

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

Regulating Cyber: the UK s plans for the NIS Directive

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European

Securing Europe s IoT Devices and Services

Securing Europe's Information Society

NIS Standardisation ENISA view

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS. ENISA Article 19 Team

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

Cyber Security Beyond 2020

The Digitalisation of Finance

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Cyber Security in Europe

Technical guidelines implementing eidas

Cybersecurity Strategy of the Republic of Cyprus

Package of initiatives on Cybersecurity

Creating NIS Compliant Country in a Non-Regulated Environment. Jurica Čular

Committee on the Internal Market and Consumer Protection

Call for Expressions of Interest

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

Valérie Andrianavaly European Commission DG INFSO-A3

EISAS Enhanced Roadmap 2012

Bradford J. Willke. 19 September 2007

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Council of the European Union Brussels, 14 September 2017 (OR. en)

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Cybersecurity Package

The SPARKS Project Motivation, Objectives and Results

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Security Aspects of Trust Services Providers

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

ENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June

Achieving Global Cyber Security Through Collaboration

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS

Cyber Security in Europe and CEER s new PEER initiative

Member of the County or municipal emergency management organization

Legislative Framework

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Cybersecurity & Digital Privacy in the Energy sector

H2020 WP Cybersecurity PPP topics

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

EU Code of Conduct on Data Centre Energy Efficiency

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Improving Resilience in European e-communication networks MTP 1

Improving recognition of ICT security standards Recommendations for the Member States for the conformance to NIS Directive

16474/08 JJ/ap 1 DGH4

Working with the EU Directive High common level of network and information security. Martin Apel, SANS ICS Summit, Munich und

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

The Case for National CSIRTs

Toward Horizon 2020: INSPIRE, PSI and other EU policies on data sharing and standardization

RESOLUTION 45 (Rev. Hyderabad, 2010)

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Security and resilience in Information Society: the European approach

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

ECSC Brief Razvan GAVRILA NIS Expert. European Union Agency for Network and Information Security

13967/16 MK/mj 1 DG D 2B

NYDFS Cybersecurity Regulations

Security frameworks for Gov Clouds: A Technical Analysis

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

European Code of Conduct on Data Centre Energy Efficiency

Mozilla position paper on the legislative proposal for an EU Cybersecurity Act

CSIRT capacity building Andrea Dufkova CSIRT-relations, COD1 NLO meeting Athens June 8. European Union Agency for Network and Information Security

V{ xy Éy à{x Vtu Çxà Éy ` Ç áàxüá

IoT and Smart Infrastructure efforts in ENISA

Critical Infrastructure Protection in the European Union

CTI Capability Maturity Model Marco Lourenco

CEF Telecom Calls: CEF-TC : Cyber Security TZAFALIAS ARISTOTELIS POLICY OFFICER DG CONNECT

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

Italian government CERT: INITIAL RESULTS

ENISA S WORK ON ICS AND SMART GRID SECURITY

Transcription:

Network and Information Security Directive Provisions + ENISA s activities Dr Evangelos Ouzounis Head of Secure Infrastructure and Services Unit, ENISA European Union Agency for Network and Information Security

2

The NIS Directive (EU 2016/1148) Scope: to achieve a high common level of security of NIS within the Union (first EU regulatory act at this level). Status: ADOPTED August 2016. Deadline for transposition: 9 May 2018 (21 months). Provisions: 1. Improved cybersecurity capabilities at national level 2. Increased EU-level cooperation 3. Obligations for operators of essential services (OES) 4. Obligations for digital service providers (DSP) 3

1. Improved cybersecurity capabilities at national level - adopt a national NIS strategies to include: - Strategic objectives, priorities and governance framework - Measures on preparedness, response and recovery - Cooperation methods between the public and private sectors - designate one or more national competent authorities. - designate one or more Computer Security Incident Response Teams (CSIRTs): - Monitoring incidents national level - Providing early warning, alerts - Incident response 4

2. Increased EU-level cooperation - Creates first EU Cooperation Group on NIS - Assist MS in NIS capacity building - Support MS in the identification of OES - Evaluate national NIS strategies and effectiveness of CSIRTs (on voluntary basis) - Provide strategic guidance for CSIRTs network - Creates a Network of National CSIRTs - Exchange information - Provide support and identify forms of coordinated incident response for cross-border incident handling. 5

CSIRTs network - Article 9 and 12 of the Directive gives the framework for CSIRTs Why (paragraph 1): - Develop confidence and trust between Member States - Promote swift and effective operational cooperation Composition (paragraph 2): - representatives of the Member States CSIRTs - CERT-EU (CSIRT for EU institutions) - ENISA (secretariat and active support) - European Commission (as observer) Tasks (paragraph 3): - Exactly how the group will perform its tasks is up to the group itself, as stated by paragraph 5. - It means that the group will determine its own priorities, with input from the Collaboration Group. - ENISA will support the group by making appropriate proposals. - Annex 1. Requirements and tasks of the CSIRT. This Annex gives a list of tasks that a MS CSIRT has to perform - Annex 2. Sectors and entities. This Annex lists the sectors and subsectors that need to be covered by each country s Information Security Strategy and CSIRTs 6

3. Obligations for MSs on OES - Identification of operators of essential services. - Minimum security measures to ensure a level of security appropriate to the risks. - Incident notification to prevent and minimize the impact of incidents on the IT systems that provide services. - Make sure authorities have the powers and means to assess security and check evidence of compliance for OES. 7

Challenges for the transport sector Interdependencies Cross border services Intermodality Overlapping regulations Lack of security standards for the different transport modes Existing incident notification schemes for safety Different authorities Emerging technologies 8

ENISA s role to support MS with OESs In 2017 ENISA assists MS Identification of OES Preliminary work started in 2016, namely by: - looking into approaches taken by MS in identifying OES; Minimum Security Measures for OES Cross sector security measures Mapping with well known standards for all sectors Incident reporting guidelines for OES 9

CSIRTS Network - Status - 2 formal meetings in 2017 and 3 informal ones in 2016 - last meeting Oct 2017 in Heraklion - Working Groups - SOPs for CSIRTs - Security Requirements for Services - Building Functional exchange with Coop. Group - CSIRTs maturity assessment and CSIRTs network portal development - Coordination and Synergies with CEF/CSP project and CEF call for proposal for CSIRTs 10

Key success factors Build trust amongst the members of the CG and the CSIRTs network Enhanced engagement by the MSs Active support with facilitation, surveys and stock takings and reports Assist MS in the implementation of the NIS Directive 11

NIS directive - TIMELINE August 2016 - Entry into force February 2017 6 months Cooperation Group starts its tasks August 2017 February 2018 12 months 18 months Adoption of implementing on security and notification requirements for DSPs Cooperation Group establishes work programme 9 May 2018 21 months Transposition into national law November 2018 27 months Member States to identify operators of essential services May 2019 May 2021 33 months (i.e. 1 year after transposition) 57 months (i.e. 3 years after transposition) Commission report - consistency of Member States' identification of OES Commission review 12

Thank you PO Box 1309, 710 01 Heraklion, Greece Tel: +30 28 14 40 9710 info@enisa.europa.eu www.enisa.europa.eu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback