Enhancing the cyber security &

Similar documents
cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Securing Europe s IoT Devices and Services

European Union Agency for Network and Information Security

Discussion on MS contribution to the WP2018

IoT and Smart Infrastructure efforts in ENISA

ENISA Cooperation in the EU / NIS Directive

The NIS Directive and Cybersecurity in

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

ENISA S WORK ON ICS AND SMART GRID SECURITY

Cyber Security in Europe

ENISA EU Threat Landscape

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Package of initiatives on Cybersecurity

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

NIS Standardisation ENISA view

Valérie Andrianavaly European Commission DG INFSO-A3

Call for Expressions of Interest

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Cybersecurity & Digital Privacy in the Energy sector

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Security and resilience in Information Society: the European approach

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

How a global industry player addresses the Cybersecurity challenges of Air Transport

Cyber Security in Europe and CEER s new PEER initiative

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

Position Paper of the ASD Civil Aviation Cybersecurity Taskforce

EU policy on Network and Information Security & Critical Information Infrastructures Protection

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

ICB Industry Consultation Body

IoT & SCADA Cyber Security Services

13967/16 MK/mj 1 DG D 2B

Digital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Cyber Security Beyond 2020

Cybersecurity, safety and resilience - Airline perspective

Securing Europe's Information Society

EISAS Enhanced Roadmap 2012

Innovation policy for Industry 4.0

David Fletcher Co-Principal Investigator Western Management & Consulting LLC Albuquerque, NM

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

Critical Infrastructure Protection in the European Union

European Cybersecurity PPP European Cyber Security Organisation - ECSO November 2016

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Secure Societies Work Programme Call

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Work Package 2.4. (Public) Procurement Expert Group on the security and resilience of communication networks and information systems for Smart Grids

Future-Proof Security & Privacy in IoT

Aviation Security Committee

Achieving Global Cyber Security Through Collaboration

ENISA s Position on the NIS Directive

Bradford J. Willke. 19 September 2007

Directive on Security of Network and Information Systems

Cybersecurity Strategy of the Republic of Cyprus

Never a dull moment. Media Conference «Clarity on Cyber Security» 24 May 2016

How can operators capitalize on outputs?

The Network and Information Security Directive - ENISA's contribution

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Cyber Security. Activities of an national insurance association based on the example of VVO

PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

NIS-Directive and Smart Grids

Security Challenges with ITS : A law enforcement view

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Strategic Transport Research and Innovation Agenda - STRIA

EUROPEAN ORGANISATION FOR SECURITY SUPPLY CHAIN SECURITY WHITE PAPER

Provisional Translation

Network and Information Security Directive

Securing continuity and Availability

The Challenges of Risk Assessment for Smart Grid

Industrial control system (ICS) security

Why you should adopt the NIST Cybersecurity Framework

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

Training + Information Sharing: Pillars of enhancing cybersecurity posture

ACARE WG 4 Security Overview

Directive on security of network and information systems (NIS): State of Play

European Cyber Security Certification: ECSO Meta-Scheme Approach

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Cybersecurity Package

Understanding Holistic Effects of Cyber Events on Critical Infrastructure

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Horizon 2020 Security

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

POSITION DESCRIPTION

Transcription:

Enhancing the cyber security & resilience of transport infrastructure in Europe European Union Agency for Network and Information Security

Securing Europe s Information society 2

Positioning ENISA activities CAPACITY Hands on activities POLICY Support MS & COM in Policy implementation Harmonisation across EU EXPERTISE Recommendations Independent Advice 3

Secure Infrastructure and Services Finance IoT Smart infrastructures ehealth and Smart Hospitals www.enisa.europa.eu/topics 4

What could possibly go wrong? 5

Smart Cities as a system of systems New and emerging risks ICT Dependency is generalised Cohabitation between IP-connected systems and older (legacy) systems Data exchange integrated into business processes Threats with consequences on the society Economical consequences, but not only Smart Infrastructures operators are not security experts Lack of clarity on the concept of cyber security Cyber security measures are not only technical but also operational and organisational 6

Securing the transport infrastructure 2015 studies: Architecture model of the transport sector in Smart Cities Cyber Security and Resilience of Intelligent Public Transport. Good practices and recommendations Objectives Assist operators in their risk assessment Raise awareness to municipalities and policy makers Invite manufacturers and solution vendors to focus on security https://enisa.europa.eu/smartinfra 7

2015 study: Architecture model of the transport sector in Smart Cities Understand the threats to critical assets Assess applicable security measures Collaborate to enhance cyber security All studies are available for free download on ENISA website https://enisa.europa.eu /smartinfra 8

2015 study: Intelligent public transport cybersecurity https://enisa.europa.eu/smartinfra 9

Smart Cars cybersecurity Increased attack surface Insecure development in today s cars Security culture Liability Safety and security process integration https://www.enisa.europa.eu/road 10

2016 study: Securing Smart Cars Recommendations: Cybersecurity by design Improve information sharing amongst industry actors Achieve consensus on technical standards for good practices Clarify cyber security liability among industry actors Download the report at https://www.enisa.europa.eu/road 11

IoT + Airports = smart airports List of past incidents List of all possible threats 3 detailed description of attacks: Tampering with airport selfserving e-ticketing systems Network attack to the baggage handling Drone intercept as mobile vehicle for jamming and spoofing aircraft-airport and traffic control-airline communications Attacks tools and techniques available Security good practices Technical/tool-based good practices Policies and standards Organisational, people and processes Gap Analysis Recommendations https://www.enisa.europa.eu/air 12

2016 study: Securing Smart Airports Recommendations: Prioritizing cyber security for safety Establishing a clear airport cyber security posture and allocating cybersecurity experts and resources Constant revision of cyber security policies and practices based on good practices monitoring Implementing network-based, holistic risk and threat management policies and processes for cyber security Download the report at https://www.enisa.europa.eu/air 13

EASA, in collaboration with ENISA, will host the first ENISA training on cybersecurity in aviation on the 20th and 21st of November in Brussels: overview of the cybersecurity threat landscape for aviation s information infrastructures, introduction of the Network and Information Security Directive first ENISA training on Incident Handling, customized for the aviation sector. The training is a customization of ENISA trainings based on the 2016 ENISA report on threat modeling and security measures for airports and relevant stakeholders Securing smart airports. 14

Cybersecurity for ICS SCADA EuroSCSIE ICS Security Stakeholder Group Protecting Industrial Control Systems. Recommendations for Europe and Member States Can we learn from SCADA security incidents? Window of exposure a real problem for SCADA systems? Good Practices for an EU ICS Testing Coordination Capability Certification of Cyber Security skills of ICS/SCADA professionals https://www.enisa.europa.eu/scada 15

What you can do from today: Consider the cybersecurity impact on safety Include cyber security in your governance model in order to define liabilities Ensure you consider cyber security in all stages of the life cycle of products and services Consider network connectivity and interdependencies and cascading effects Start reusing existing good practices from other sectors, for example for SCADA 16

Goals 01 Raise the level of awareness on Infrastructure security in Europe 02 Support Private and Public Sector with focused studies and tools 03 Facilitate information exchange and collaboration 04 Foster the growth of communication networks and industry 05 Enable higher level of security for Europe s Infrastructures 17

Thank you, Rossella Mattioli resilience@enisa.europa.eu https://www.enisa.europa.eu/iot

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback