Call for Expressions of Interest

Similar documents
Discussion on MS contribution to the WP2018

European Union Agency for Network and Information Security

ENISA s Position on the NIS Directive

Cyber Security in Europe

ENISA EU Threat Landscape

Directive on security of network and information systems (NIS): State of Play

ENISA Cooperation in the EU / NIS Directive

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

The NIS Directive and Cybersecurity in

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Package of initiatives on Cybersecurity

Directive on Security of Network and Information Systems

Security and resilience in Information Society: the European approach

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Securing Europe s IoT Devices and Services

Network and Information Security Directive

Cyber Security Beyond 2020

Cybersecurity & Digital Privacy in the Energy sector

Securing Europe's Information Society

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

Regulating Cyber: the UK s plans for the NIS Directive

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

NIS-Directive and Smart Grids

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

NIS Directive : Call for Proposals

13967/16 MK/mj 1 DG D 2B

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

The Network and Information Security Directive - ENISA's contribution

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

Cybersecurity Strategy of the Republic of Cyprus

WORK PROGRAMME 2015 INCLUDING MULTI-ANNUAL PLANNING

Cyber Security in Europe and CEER s new PEER initiative

NIS Standardisation ENISA view

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Enhancing the cyber security &

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Valérie Andrianavaly European Commission DG INFSO-A3

Achieving Global Cyber Security Through Collaboration

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

H2020 WP Cybersecurity PPP topics

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Security Aspects of Trust Services Providers

Bradford J. Willke. 19 September 2007

***I DRAFT REPORT. EN United in diversity EN. European Parliament 2017/0225(COD)

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

Draft ENISA Work programme 2017 STATUS: DRAFT VERSION: JANUARY, European Union Agency For Network And Information Security

Commonwealth Cyber Declaration

Cybersecurity Package

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Horizon 2020 Security

About Issues in Building the National Strategy for Cybersecurity in Vietnam

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

ehealth Network ehealth Network Governance model for the ehealth Digital Service Infrastructure during the CEF funding

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Revised November EFESC Handbook

POSITION DESCRIPTION

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

Request for Expression of Interest. Consultant - Project Coordinator. Project: I-CARE Global Imperative Indicator

CEF Telecom Calls: CEF-TC : Cyber Security TZAFALIAS ARISTOTELIS POLICY OFFICER DG CONNECT

The GDPR Are you ready?

Minutes of National Laison Officer s Meeting,

How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

Towards a European Cloud Computing Strategy

Secure Societies Work Programme Call

BENCHMARKING PPP PROCUREMENT 2017 IN ARMENIA

ENISA today and in the future

Promoting Global Cybersecurity

POSITION DESCRIPTION

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

SWIFT Response to the Committee on Payments and Market Infrastructures discussion note:

Between 1981 and 1983, I worked as a research assistant and for the following two years, I ran a Software Development Department.

Position Paper of the ASD Civil Aviation Cybersecurity Taskforce

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

EISAS Enhanced Roadmap 2012

The Council Information Assurance sector seeks a national expert to reinforce the area of 'security of EU classified information'.

ENISA S WORK ON ICS AND SMART GRID SECURITY

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

10025/16 MP/mj 1 DG D 2B

CERT.LV activities, role in Latvia and globally. Baiba Kaskina, CERT.LV , Sofia, Bulgaria

National Policy and Guiding Principles

European Directives and reglements for Information security

The Digitalisation of Finance

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Request for Expressions of Interest: The EU mhealth Hub

Transcription:

Call for Expressions of Interest ENISA M/CEI/17/T01 Experts for assisting in the implementation of the annual ENISA Work Programme TECHNICAL DESCRIPTION

CONTENTS TECHNICAL DESCRIPTION... 3 1. INTRODUCTION... 3 2. ACTIVITIES... 4 Activity 1 - Expertise.... 4 Anticipate and support Europe in facing emerging network and information security challenges... 4 Activity 2 - Policy.... 5 Promote network and information security as an EU policy priority... 5 Activity 3 - Capacity.... 5 Support Europe maintaining state-of-the-art network and information security capacities... 5 Activity 4 - Community.... 5 Foster the emerging European network and information security community... 5 3. AREAS OF EXPERTISE SOUGHT... 5 4. TASKS AND ACTIVITIES OF THE NIS EXPERTS... 7 5. SELECTION CRITERIA... 7 6. DURATION OF THE LIST of NIS EXPERTS... 8 7. ESTIMATED BUDGET... 8 ENISA M-CEI-17-T01 TECHNICAL DESCRIPTION 2

TECHNICAL DESCRIPTION 1. INTRODUCTION The emergence of cyber security as a subject in its own right, where the goals and objectives are linked to global considerations and the emphasis is on international collaboration, represents a fundamental change in the way in which information security is evolving. The core mission of ENISA to foster the development of a strong culture of NIS throughout the EU is perfectly aligned with this development and the recently adopted NIS Directive. The Agency is well positioned to assist the Commission and the Member States in defining and implementing effective strategies for dealing with cyber threats throughout the next decade. The main tasks of ENISA based on its Regulation (EU) No 526/2013 aim to (a) support the development of Union network and information security policy and law, (b) support Member States in their efforts to develop and improve the prevention, detection and analysis of and the capability to respond to network and information security problems and incidents, (c) support the organisation and running of Union network and information security exercises, (d) promote cooperation between national and governmental CERTs or Computer Security Incident Response Teams (CSIRTs), and (e) support research and development and standardisation for risk management and for the security of electronic products, networks and services. Based on the above ENISA core activities span in the areas of threat/risk assessment, Critical Information Infrastructure Protection (CIIP), support of operational communities such as the CSIRT community, policy implementation (e.g. National cyber security strategies), standardisation and privacy and data protection. The Agency has put a considerable amount of effort into improving the way it interacts with its different stakeholder communities and ensuring that stakeholder requirements are well understood and reflected by the work programme. Whilst the core areas have not changed, the approach of delivering services has changed significantly. The Agency has developed from an activitiesbased approach, through a deliverables-based approach to what could now be best described as an impact driven approach. The yearly ENISA work programmes result from a consultation process involving both the ENISA Permanent Stakeholder Group (PSG) and the Management Board (MB). This process has enabled the Agency to increase its focus on areas that are both strongly aligned with the European policy agenda and also considered as core areas of competency for the Agency. The Yearly Work Programmes of ENISA can be found on the ENISA website: http://www.enisa.europa.eu/publications/programmes-reports Please see the table below which provides an indicative summary of the 2017 Activities and related Objectives for ENISA: (this Annex will be updated as required in future years). ENISA M-CEI-17-T01 TECHNICAL DESCRIPTION 3

2. ACTIVITIES Activity 1 - Expertise. Anticipate and support Europe in facing emerging network and information security challenges Objective 1.1. Improving the expertise related to Critical Information Infrastructures Objective 1.2. NIS Threat Landscape and Analysis Objective 1.3. Research & Development, Innovation Objective 1.4. Response to Article 14 Requests under Expertise Activity Activity 2 - Policy. Promote network and information security as an EU policy priority Objective 2.1. Supporting EU policy development. Objective 2.2 Supporting EU policy implementation Objective 2.3. Response to Article 14 Requests under Policy Activity Activity 3 - Capacity. Support Europe maintaining state-of-the-art network and information security capacities Objective 3.1. Assist Member States' capacity building. Objective 3.2. Support EU institutions' capacity building. Objective 3.3. Assist private sector capacity building. Objective 3.4. Assist in improving general awareness Objective 3.5. Response to Article 14 Requests under Capacity Activity Activity 4 - Community. Foster the emerging European network and information security community Objective 4.1. Cyber crisis cooperation Objective 4.2. CSIRT and other NIS community building. Objective 4.3 Response to Article 14 Requests under Community Activity The Activities for 2017 are further detailed: Activity 1 - Expertise. Anticipate and support Europe in facing emerging network and information security challenges This activity aims at developing and maintaining a high level of expertise of EU actors taking into account evolutions in NIS. It covers: the baseline security requirements, more specifically, minimum security requirements for Operators of Essential Services (OES, as they are referred in NIS Directive but especially for energy, health, finance and transportation) and recommendations for security measures on IoT (Internet of Things) field. the threat landscape activities related to research, development and innovation. ENISA M-CEI-17-T01 TECHNICAL DESCRIPTION 4

Activity 2 - Policy. Promote network and information security as an EU policy priority In this activity ENISA supports EU policy development and EU policy implementation in the areas of security and privacy. More specifically, this area includes supporting: the vision towards a Digital Single Market for high quality NIS products and services Technical implementation of EU policies and regulatory acts, such as eidas, GDPR, EU Telecommunications framework, eprivacy Directive etc. Implementation of the NIS Directive. This means contribution to the cooperation group and especially to the development of good practices for identification of OES (criteria) and development of guidelines for the implementation of Mandatory Incident Reporting. Activity 3 - Capacity. Support Europe maintaining state-of-the-art network and information security capacities Under this activity, ENISA develops actions related to the operational security capacity-support programme. More specifically, these actions include: updating and provision of trainings as well as guidelines for strengthening the national and governmental CSIRTs capabilities of EU Member States. assisting EU Member States to develop and assess their capabilities in the area of National Cyber Security Strategies (NCSS) assisting private sector capacity building in areas such as cyber insurance Activity 4 - Community. Foster the emerging European network and information security community ENISA continues to support the cooperation among CSIRTs, within an EU Member States CSIRTs network. As it is provisioned by the NIS Directive, ENISA provides the secretariat of the network of CSIRTs and supports this cooperation by developing and providing guidance and good practices in the area of operational community efforts, such as on information exchange. Moreover, ENISA continues to support the fight against cybercrime and the collaboration between CSIRTS and law enforcement. 3. AREAS OF EXPERTISE SOUGHT In implementing its yearly work programme, and in the context of its efforts towards engaging external stakeholders in its work as much as possible, ENISA would also like to involve external subject matter experts to participate in specific projects and provide their expertise for various projects within the above mentioned Activities. To this effect, ENISA hereby seeks to establish a list from which NIS experts will be selected to assist the Agency in carrying out various work activities foreseen in its Activities and related Outputs. It is emphasised that not all activities and outputs will need assistance from external subject matter experts. ENISA welcomes applications from experts in many sectors, i.e. academia, research, industry, EU institutions, International Organisations etc. Also, in terms of expertise sought, this would depend ENISA M-CEI-17-T01 TECHNICAL DESCRIPTION 5

on the projects for which assistance is required; in general, ENISA would need assistance in the following Fields of expertise: A. Technical expertise in ICTs and emerging application areas (including but not limited to the following): 1) Internet of Things, ehealth, cyber insurance, smart infrastructures, Smart Grids, Mobile technologies, network interdependencies, ICS-SCADA, RFID, etc. 2) Data Protection and Privacy (including privacy enhancing technologies, privacy impact assessment, security measures for data protection, privacy seals and personal data breaches) 3) Electronic Identification and Trust Services (including interoperability and security of electronic identification schemes, electronic ID cards, electronic authentication, digital signatures, website authentication, security and auditing schemes for Trust Service Providers, etc.) 4) Statistical analysis in this field of activity B. ICT Security Standardisation and certification (including but not limited to the following): 1) Applied cryptography (algorithms, protocols, standards) 2) Information security risk management: expertise and experience in conducting risk assessment and risk management exercises, using appropriate risk management methodologies and tools - Risk and threat analysis 3) Security awareness / Advocacy campaign 4) Resilience of communication networks 5) Existing products and services certification schemes in the areas of security and privacy 6) Statistical analysis in this field of activity C. Technical expertise in Critical Information Infrastructure Protection (CIIP) and CSIRTs Cooperation (including but not limited to the following): 1) Cyber exercises: Support and Incident development and national contingency plans 2) Cyber crisis management 3) Incident response and handling, CSIRT cooperation and law enforcement cooperation etc. 4) Incident Reporting for article 13a of the Telecom Framework Directive and article 19 of the eidas Regulation 5) Security measures according to International standards, best practices and incident reporting requirements for CIIP Areas (energy, transport, health, digital infrastructure, finance and banking sector, drinking water supply and distribution,) 6) Statistical analysis in this field of activity D. Legal expertise in NIS (including but not limited to the following): 1) Policy monitoring activity 2) Analysis of the legal framework relevant for information sharing, e.g., among CSIRTs and between CSIRTs and law enforcement agencies 3) Digital forensics 4) Providing assistance to MS for the implementation of NIS Directive 5) EU legal framework on data protection and privacy 6) Identification criteria of OES and building cyber security capabilities 7) Statistical analysis in this field of activity E. NIS aspects of cybercrime (including but not limited to the following): 1) CSIRT and law enforcement cooperation, 2) Operational cooperation and information exchange in the CSIRT network 3) Statistical analysis in this field of activity ENISA M-CEI-17-T01 TECHNICAL DESCRIPTION 6

4. TASKS AND ACTIVITIES OF THE NIS EXPERTS The NIS experts could be expected to perform one or more of the following tasks: Provide specific contributions (written and oral) according to their expertise in the project selected. Be appointed as members or coordinators of expert working groups set up to work on specific projects. Normally these groups consist of 10-15 experts. Participate in any face-to-face meetings and teleconferences organised. Act as ambassadors for ENISA activities (e.g. disseminate the results to their affiliations and organisations, report in various events/presentations, etc.). It should be noted that the NIS experts are appointed ad personam and will not be considered as representatives of their affiliation or organization they are employed with. For this reason, the successful applicant will be required to complete a Legal Entity identification form (LE) in their own name, as a natural person and not in the name of their employer. If the applicant has a 100% private family company, then this may also be used to complete the LE form. 5. SELECTION CRITERIA Applicants will be evaluated according to their technical and professional capacity to meet the requirements of the Field(s) for which they are applying, following the criteria below: Relevance of their current job responsibilities and expertise to one or more of the Fields outlined above. Professional certifications they may hold and publications will be taken into consideration. Their experience based on their previous participation in similar projects; in particular, participation in relevant EU projects will be considered an advantage. English as a working language More specifically, an applicant should provide the following documentation/information: A Curriculum Vitae, preferably in the EU format; the template (preferably in English) can be downloaded from the following web link: https://europass.cedefop.europa.eu A list of projects or publications related to their declared fields of interest in the past 3 years. Without evidence of recent activity then it will be difficult for the evaluation committee to judge the applicant s suitability and level of experience. Professional certifications (e.g. CISSP, CISA etc.) and references (e.g. links) to publications. Self-assessment of his/her expertise in the fields (sub-fields) indicated in the table on page 6. Information on languages in which the applicant is proficient should also be indicated on the application form. ENISA M-CEI-17-T01 TECHNICAL DESCRIPTION 7

6. DURATION OF THE LIST of NIS EXPERTS The official CEI List of NIS Experts compiled as a result of this procedure will be valid for a period of up to 4 years. The CEI will remain open to new applications for this whole period until 3 months before the end of the 4 th year. Regular evaluations of new applications will be conducted in order to update the List of NIS Experts. 7. ESTIMATED BUDGET It is anticipated that a budget of approximately 200.000,00 will be made available in 2017 for the various projects covered by this CEI. Each selected Expert will be remunerated with a fixed fee of 450 per person-day plus any travel and subsistence related costs, which will be based on the European Commission s standard Daily allowance or per diem rates for each European Country. Please note that in EU countries where the tax laws stipulate a withholding tax from self-employed consultants, then ENISA will fully comply with this obligation. If the expert is from a location other than the location required for the provision of services or place of meeting, the following expenses are then eligible: Travel expenses (economy class flight or 1 st class train whichever is more cost effective) from the European country/city in which the contractor is officially registered to another European city. A per diem applicable to the country in which the consultancy or meeting will take place. This allowance is set by the European Commission (download the latest rates from website http://ec.europa.eu/comm/europeaid/perdiem/index_en.htm) and is intended to cover all daily living expenses including hotel, meals, local travel etc. No other claims for living or transportation costs will be accepted. Each specific project for which an applicant may be asked to participate in, can have a budget up to a maximum of 9.900,00 which equates to 22 working days at 8 hours per day. In accordance with EU procurement rules, a maximum amount of 15,000.00 (including costs) can be paid to any individual expert during the course of one calendar year by direct award. Each subject matter expert will be selected and involved per project. It may be possible under certain circumstances for a subject matter expert to be selected for more than one project in a calendar year by direct award, as long as the projects are from different Activity Objectives. Please note that for any particular project, the Agency has the possibility under the regulations governing Calls for Expressions of Interest to conduct a simplified tender procedure whereby all Experts already placed on the List of NIS Experts in a particular field, will be invited to provide a tailored offer for the project. The offers received will then be evaluated on the basis of relevance and experience for the specific project, with the best submission being awarded the contract. It is also noted that applicants that do not wish to or cannot be remunerated due to their primary employment contracts, are also eligible to apply for inclusion in the List of NIS Experts, indicating this in the respective field of the CEI Application form. These applicants will still be entitled to reimbursement of any travel and subsistence costs incurred from their participation in a project, should they wish to be reimbursed. ENISA M-CEI-17-T01 TECHNICAL DESCRIPTION 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback