Securing Europe s IoT Devices and Services

Similar documents
Enhancing the cyber security &

ENISA Cooperation in the EU / NIS Directive

European Union Agency for Network and Information Security

Discussion on MS contribution to the WP2018

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

The NIS Directive and Cybersecurity in

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cyber Security in Europe

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

IoT and Smart Infrastructure efforts in ENISA

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

NIS Standardisation ENISA view

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

ENISA EU Threat Landscape

Network and Information Security Directive

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Call for Expressions of Interest

NIS Directive development The Incident Notification Framework

Securing Europe's Information Society

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Package of initiatives on Cybersecurity

ENISA S WORK ON ICS AND SMART GRID SECURITY

Cybersecurity & Digital Privacy in the Energy sector

Development, Analysis and Evaluation of Cyber Resilience Strategies

The Network and Information Security Directive - ENISA's contribution

Cyber Security Beyond 2020

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Technical guidelines implementing eidas

Valérie Andrianavaly European Commission DG INFSO-A3

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European

ENISA s Position on the NIS Directive

European Union Agency for Network and Information Security

EU policy on Network and Information Security & Critical Information Infrastructures Protection

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

The Digitalisation of Finance

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

EISAS Enhanced Roadmap 2012

Security Aspects of Trust Services Providers

Technologies with the potential to enhance resilience - An overview on the activities of ENISA

Achieving Global Cyber Security Through Collaboration

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Cybersecurity Strategy of the Republic of Cyprus

13967/16 MK/mj 1 DG D 2B

ENISA today and in the future

Directive on security of network and information systems (NIS): State of Play

Security and resilience in Information Society: the European approach

WORK PROGRAMME 2015 INCLUDING MULTI-ANNUAL PLANNING

ENISA National Cyber Security Strategies workshop

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Cyber Security in Europe and CEER s new PEER initiative

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Итоги регионального семинара МСЭ «Умные устойчивые города и сообщества» (1-2 июня 2017, Самарканд, Узбекистан)

Towards a European Cloud Computing Strategy

Committed to connecting the world

Strategic Transport Research and Innovation Agenda - STRIA

Cyber Security and Protecting Critical Information Infrastructures

ENISA today and in the future

EUROPEAN PLATFORMS AND INITIATIVES FOR C-ITS DEPLOYMENT

H2020 WP Cybersecurity PPP topics

Cyber security: a building block of the Digital Single Market

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

Cyber Security. Activities of an national insurance association based on the example of VVO

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

Shaping the Cyber Security R&D Agenda in Europe, Horizon 2020

Draft ENISA Work programme 2017 STATUS: DRAFT VERSION: JANUARY, European Union Agency For Network And Information Security

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Smart Sustainable Cities

Data Governance for Smart City Management

Minutes of National Laison Officer s Meeting,

WORLD TELECOMMUNICATION STANDARDIZATION ASSEMBLY Hammamet, 25 October 3 November 2016

Directive on Security of Network and Information Systems

Horizon 2020 Security

The Australian Government s Approach to Critical Infrastructure Resilience

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Itu regional workshop

CEF e-invoicing. Presentation to the European Multi- Stakeholder Forum on e-invoicing. DIGIT Directorate-General for Informatics.

Cybersecurity Package

Stock taking of information security training needs in critical sectors DECEMBER European Union Agency For Network and Information Security

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

Horisont 2020 IKT tööprogramm Aavo Kaine

GENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Transcription:

Securing Europe s IoT Devices and Services Dr. Evangelos OUZOUNIS Head of Unit - Secure Infrastructure and Services Validation Workshop Berlin 16 October 2015 European Union Agency for Network and Information Security

Positioning ENISA activities 2

Emerging Threat Environment significant physical disasters affecting CIIs complex networks and services low quality of software and hardware asymmetric threats allowing remote attacks increasing organised cybercrime and industrial espionage lack of international agreements and regimes, lack of well functioning, international operational mechanism 3

EU Policy Context Resilience and CIIP ENISA II new mandate Proposal for a NIS Directive eidas Directive article 19 EU Cyber Security Strategy (COM) EU Cloud Computing Strategy and Partnership (COM) Telecom Package article 13 a, art. 4 EU s CIIP action plan Digital Single Market Alliance for Internet of Things Innovation 4

Secure Infrastructure and Services 5

Like curling 6

Secure Infrastructure and Services Policy implementation Incident Reporting (Article 13a, Article 19), technical expertise Enhance the level of security Minimum security measures, recommendations Community engagement Expert reference groups, workshop organisation Domains of expertise ICT systems (Cloud, electronic communications) Critical infrastructure (Transport, Smart Grids, Finance, ICS/SCADA) Emerging technologies (Smart Cities, Smart Homes, ehealth) 7

Industry 4.0 Increased connectivity to the Internet Great impact in case of attack New types of attacks (APT ) Cascading effects due to interconnection of critical infrastructures 8

ehealth Cyber Security Security and Resilience in ehealth infrastructures and services Critical information infrastructures protection (incident-impact) Scope Health information networks as critical infrastructures Health jurisdictions responsible Electronic health records (focusing mostly on availability and integrity of the data stored and exchanged) ENISA s domains of interest ehealth and Cloud Computing Smart hospitals Big Data for health records 9

Smart Infrastructures Cyber Security Threats with consequences on the society ICT Dependency generalised Data exchange integrated into business processes Cohabitation between legacy and new systems Cyber Security for Smart Infrastructures Raise awareness on existing threats Provide security guidance to industry Importance of cyber security for safety ENISA s domains of interest Intelligent Transportation Systems Smart cars and connected roads Smart Homes Smart Airports 10

Defining IoT Security IoT is a Smart Infrastructure Cyber System Physical System Rely on data exchange and data processing Usage of cyber-physical systems (sensors/actuators) Objectives Dynamic adaption of services Reduction of operational expenditure Improvement of the global quality of life Following a sectorial/service driven approach Important to secure Smart Infrastructures and citizens against cyber threats 11

IoT Security at ENISA Smart Cities Intelligent Transportation Systems ehealth Smart Homes SCADA and Industry 4.0 Emerging threats target Data collection, data exchange and data processing Cyber-physical systems with a potential impact on citizens Dependences and existing technologies (Cloud, ICS/SCADA ) ENISA engages in several communities with specific cyber security needs 12

ENISA s Threat Landscape for Smart Homes (2014) Source: nanjingiot.wordpress.com Smart Home is unsecure Several cyber threats to Smart Home Environments Multiple devices, OS, networks, protocols Interdependences between devices and services Several limitations to Smart Home security Limited knowledge of security by manufacturers/vendors Difficult to implement security for many reasons: technical, economical, lack of harmonisation No regulatory framework for liabilities Good Practices and Recommendations for Smart Homes (2015) Basic measures increase security in Smart Homes Need to promote and extend security good practices 13

Conclusion Importance of IoT in Europe New business models appear with IoT Usage increases in critical sectors Yet, lack of harmonisation for security ENISA promotes Cyber Security for IoT Developing sectorial expertise Promoting security good practices Engaging stakeholders Cyber Security of IoT is an opportunity for the European Union 14

Thank you PO Box 1309, 710 01 Heraklion, Greece Tel: +30 28 14 40 9710 info@enisa.europa.eu www.enisa.europa.eu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback