Cyber Security in Europe

Similar documents
ENISA EU Threat Landscape

ENISA Cooperation in the EU / NIS Directive

Directive on security of network and information systems (NIS): State of Play

Securing Europe s IoT Devices and Services

Discussion on MS contribution to the WP2018

Securing Europe's Information Society

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Call for Expressions of Interest

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Package of initiatives on Cybersecurity

Achieving Global Cyber Security Through Collaboration

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Cybersecurity & Digital Privacy in the Energy sector

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

European Union Agency for Network and Information Security

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

13967/16 MK/mj 1 DG D 2B

Valérie Andrianavaly European Commission DG INFSO-A3

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Security and resilience in Information Society: the European approach

ENISA s Position on the NIS Directive

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Cyber Security Beyond 2020

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Directive on Security of Network and Information Systems

The NIS Directive and Cybersecurity in

NIS-Directive and Smart Grids

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Promoting Global Cybersecurity

H2020 Opportunities in the Area of Security and Critical Infrastructure Protection

EISAS Enhanced Roadmap 2012

Bradford J. Willke. 19 September 2007

Cyber Security in Europe and CEER s new PEER initiative

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Enhancing the cyber security &

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Network and Information Security Directive

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

Commonwealth Cyber Declaration

ENISA today and in the future

ENISA S WORK ON ICS AND SMART GRID SECURITY

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

Cybersecurity Strategy of the Republic of Cyprus

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

European Cybersecurity PPP European Cyber Security Organisation - ECSO November 2016

European Directives and reglements for Information security

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

NIS Standardisation ENISA view

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

Itu regional workshop

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

Cybersecurity Package

The Network and Information Security Directive - ENISA's contribution

The Digitalisation of Finance

Horizon 2020 Security

Harmonisation of Digital Markets in the EaP. Vassilis Kopanas European Commission, DG CONNECT

European Cybersecurity PPP European Cyber Security Organisation - ECSO

HEALTH IN ECSO (European Cyber Security Organisation) 18 October 2017

Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European

Secure Societies Work Programme Call

Cyber Security Strategy

FINNISH APPROACH TO CRITICAL INFRASTRUCTURE PROTECTION

G8 Lyon-Roma Group High Tech Crime Subgroup

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

Cyber Security Strategic Level Landscape in Poland. Krzysztof Silicki NASK Institute, Poland ENISA MB, EB

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

Security Aspects of Trust Services Providers

The UK s National Cyber Security Strategy

Minutes of National Laison Officer s Meeting,

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

14965/17 MK/ec 1 DG D 2B

Society, the economy and the state depend on information and communications technology (ICT).

H2020 WP Cybersecurity PPP topics

STRATEGIC PLAN. USF Emergency Management

Draft ENISA Work programme 2017 STATUS: DRAFT VERSION: JANUARY, European Union Agency For Network And Information Security

Questionnaire on the evaluation and review of the European Union Agency for Network and Information Security (ENISA)

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK

National Policy and Guiding Principles

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

Cyber security: a building block of the Digital Single Market

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

About Issues in Building the National Strategy for Cybersecurity in Vietnam

RESOLUTION 45 (Rev. Hyderabad, 2010)

Transcription:

Cyber Security in Europe ENISA supporting the National Cyber Security Strategies An evaluation framework Liveri Dimitra Security and Resilience of Communication Networks Officer www.enisa.europa.eu

Securing Europe s Information Society www.enisa.europa.eu 2

ENISA Activities Recommendations Mobilising Communities Policy Implementation Hands on www.enisa.europa.eu 3

EU Cyber Security Strategy www.enisa.europa.eu 4

Five Strategic Objectives Achieving cyber resilience Drastically reducing cybercrime Developing cyber defence policy and capabilities related to the Common Security and Defence Policy (CSDP) Developing the industrial and technological resources for cybersecurity Establishing a coherent international cyberspace policy for the European Union and promote core EU values. www.enisa.europa.eu 5

National Cyber Security Strategy Context Protection of citizens, business and government Raising awareness on cyber security issues (citizens, business) Enhancing cyber security and critical information infrastructures protection (health, finance, transport, energy sector) in national level. Trusted information sharing and cooperation (effective PPPs) www.enisa.europa.eu 6

ENISA work in supporting NCSS 2012: Desk research on cyber security strategies in the EU 2012: Good practice guide on how to design and implement cyber security strategies 2013: Inventory of NCSS in EU www.enisa.europa.eu 7

National Cyber Security Strategies in the EU Source: http://www.enisa.europa. eu/activities/resilienceand-ciip/national-cybersecurity-strategiesncsss/national-cybersecurity-strategies-in-theworld www.enisa.europa.eu 8

ENISA doctrine: NCSS Lifecycle Design 2012 Guide Adjust Implement 2012 Guide This year! Evaluate www.enisa.europa.eu 9

Evaluation framework for NCSS Evaluation framework for NCSS Objectives of the evaluation Logic model and steps to follow (inputs and outputs) Key performance indicator per objective www.enisa.europa.eu 10

Why evaluate? Allow learning from past experience and make the according adjustments Evaluation procedure can offer credibility and enhance trustworthiness of the scheme Evidence of effectiveness of the plan and of involvement of the stakeholders Catalyses discussion with stakeholders CHALLENGE: Correct evaluation need investment in time, resources and money www.enisa.europa.eu 11

Evaluation in the Lifecycle www.enisa.europa.eu 12

What do we want to achieve? Establish and implement legislation Preparedness, resilience and adequate response to cyber-threats and attacks Protect critical information infrastructures Tackle cyber crime Raise awareness Train and educate Promote economy reliant on digitalised industry Secure cyber space Invest on ICT and innovation in security and privacy Ensure quality of IT and communication products through security standards www.enisa.europa.eu 13

High level goals www.enisa.europa.eu 14

How will we achieve it? Develop legislation and standards Establish public private partnerships Enhance international cooperation Create a culture of information security: inform, educate, raise awareness Invest in research, development and innovation Build competence capabilities on relevant actors www.enisa.europa.eu 15

Specific Objectives www.enisa.europa.eu 16

Long term impact Critical information Infrastructure and services protection: Better coordination and greater competence between actors Elimination of disruptions Strengthening capabilities Business and Innovation Societal development Effective and innovative ebusiness solutions Expanding digital economy Rights and Society Protection of personal data and privacy General Secure, credible and reliable cyber space www.enisa.europa.eu 17

Long term impact www.enisa.europa.eu 18

Usual approaches on evaluation Regular progress reports Security Committee assessment of the implementation and progress of specified objectives; Participating institutions provide an update; Promote the use of questionnaires among stakeholders to understand the training needs; Regular evaluation of security policies; Specific measures to evaluate the effectiveness of projects; Testing the efficiency of processes designed to deal with security risks. www.enisa.europa.eu 19

Examples of evaluation processes www.enisa.europa.eu 20

Logic model for evaluation www.enisa.europa.eu 21

Key performance indicators Categorised by objective: Cyber defence policy and capabilities Achieving cyber resilience: developing capabilities and cooperating efficiently within public and private sector Reducing cyber crime Develop the industrial and technological resources for cybersecurity Secure critical information infrastructure Example: Key Performance Indicator Evidence (what we should measure) Setup of CERTs and/or National Security Agencies Existence or setup of public private partnerships on cyber security Identified risk and threats landscape Existence of organised national cyber security exercises Enhanced capabilities: organised trainings for the public and private sector, mutual learning activities (workshops and conference). Awareness raising activities for end-users (material, campaigns, events) Existence and mandate of the institutional actors (mission scope, agencies/ bodies mandate) Identification and structure of those partnerships, bodies involved and their role, activity reports Risk analysis, threat analysis (conducted by CERTs or National Security Agencies) Activity reports Activity reports, event title, companies/stakeholders participated Material disseminated, campaigns/event organised, survey on citizens perception Existence of developed response capabilities (reactrecovery plans, early warning systems etc) simulation models, activity report protect-detect-react-recover plan, early warning systems and www.enisa.europa.eu 22

ENISA Supporting the EU Strategies ENISA CERT community, trainings, recommendations and good practices on how to setup and run a national CERT Cyber Exercises, trainings on how to organize and run a national cyber exercise; pan European exercises Critical information infrastructures protection: security recommendations on ICS SCADA, Smart Grids, Telecom sector, Finance Sector (soon to introduce Transport and Health) Support public sector: Article13a, Article 4 Educating the citizens: October the Cyber Security Month Annual threat landscape: security on emerging technologies Enhancing privacy issues www.enisa.europa.eu 23

Outlook Cyber Security is important for the well functioning of the society and economy Critical Services and Infrastructures should be better protected from cyber attacks and threats MS recognize the importance and develop NCSS ENISA develops good practices for EU MS and Private Sector to address the emerging issues Sharing experiences and deploying good practices improves the situation quickly When it is necessary, additional regulatory measures are introduced to resolve issues Exercises are the guarantees that these protective measures work www.enisa.europa.eu 24

Thank you for your attention Dimitra Liveri: Dimitra.liveri@enisa.europa.eu For more information visit: http://www.enisa.europa.eu Follow ENISA: European Union Agency for Network and Information Security www.enisa.europa.eu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback