Achieving Global Cyber Security Through Collaboration

Similar documents
ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

ENISA EU Threat Landscape

Cyber Security in Europe

CSIRT capacity building Andrea Dufkova CSIRT-relations, COD1 NLO meeting Athens June 8. European Union Agency for Network and Information Security

ITU. The New Global Challenges in Cybersecurity 30 October 2017 Bucharest, Romania

Cyber Security Beyond 2020

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Securing Europe's Information Society

European Cybersecurity PPP European Cyber Security Organisation - ECSO November 2016

ENISA s Position on the NIS Directive

NIS Country Reports Overview Document

ENISA Cooperation in the EU / NIS Directive

Security Aspects of Trust Services Providers

Minutes of National Laison Officer s Meeting,

Call for Expressions of Interest

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Discussion on MS contribution to the WP2018

EISAS Enhanced Roadmap 2012

Friedrich Smaxwil CEN President. CEN European Committee for Standardization

Combating Pharmacrime AGENDA

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Mapping of the CVD models in Europe

Romania - Cyber Security Strategy. 6th IT STAR Workshop on Digital Security

ITU Global Cybersecurity Index

European Union Agency for Network and Information Security

Systemic Analyser in Network Threats

European Directives and reglements for Information security

Cybersecurity & Digital Privacy in the Energy sector

Network and Information Security Directive

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

The Network and Information Security Directive - ENISA's contribution

Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European

European Cybersecurity cppp and ECSO. org.eu

NIS Standardisation ENISA view

EUREKA European Network in international R&D Cooperation

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

The NIS Directive and Cybersecurity in

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

The Critical Importance of CIIP to Cybersecurity

Securing Europe s IoT Devices and Services

Cyber Security Strategic Level Landscape in Poland. Krzysztof Silicki NASK Institute, Poland ENISA MB, EB

Cost Saving Measures for Broadband Roll-out

European Standardization & Digital Transformation. Ashok GANESH Director Innovation ETICS Management Committee

ECSC Brief Razvan GAVRILA NIS Expert. European Union Agency for Network and Information Security

NATO MultiNational Smart Defence Project on Cyber Defence Education & Training (Project 1.36)

ENISA Operational security CERT relations. Update January Contact:

3.4 The EU as a partner in cyber diplomacy and defence

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

Country-specific notes on Waste Electrical and Electronic Equipment (WEEE)

Directive on security of network and information systems (NIS): State of Play

PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK

Cybersecurity Package

WORK PROGRAMME 2015 INCLUDING MULTI-ANNUAL PLANNING

Enhancing Cooperative Energy Security. NATO Energy Security Centre of Excellence

ehaction Joint Action to Support the ehealth Network

esignature Infrastructure Marketing Model

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

List of nationally authorised medicinal products

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

Improving Resilience in European e-communication networks MTP 1

Europol The Police Intelligence Agency of the European Union

Enhancing the cyber security &

Draft ENISA Work programme 2017 STATUS: DRAFT VERSION: JANUARY, European Union Agency For Network And Information Security

European Cybersecurity PPP European Cyber Security Organisation - ECSO

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

List of beneficiaries who are to be awarded grants for the implementation of CEPOL training activities in 2014

CSM-ACE 2010 KUALA LUMPUR CONVENTION CENTRE OCTOBER 2010

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS. ENISA Article 19 Team

The prospects of data breach laws in 18 European countries

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

EU Customs Policy for Supply Chain Security & Detection Technology (for CBRNE)

European Nuclear Security Regulators Association

HPC IN EUROPE. Organisation of public HPC resources

Cybersecurity Strategy of the Republic of Cyprus

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

8th ENISA Workshop CERTs in Europe

13967/16 MK/mj 1 DG D 2B

EXPOFACTS. Exposure Factors Sourcebook for Europe GENERAL

ENISA GENErAl report 2012

Measures to Maintain Post-Nuclear Security Summit Momentum for Continuously Enhancing Nuclear Security

Digital Dividend harmonisation in Europe

Strategic and operational threat analysis at Europol's EC3

10025/16 MP/mj 1 DG D 2B

European Cybersecurity in Public Private Partnership

BoR (11) 08. BEREC Report on Alternative Voice and SMS Retail Roaming Tariffs and Retail Data Roaming Tariffs

H2020 WP Cybersecurity PPP topics

NATO MultiNational Smart Defence Project on Cyber Defence Education & Training (Project 1.36)

Package of initiatives on Cybersecurity

Transcription:

Achieving Global Cyber Security Through Collaboration Steve Purser Head of Core Operations Department December 2013 European Union Agency for Network and Information Security www.enisa.europa.eu

Agenda About ENISA The EU Cyber Security Strategy Protecting Critical Information Infrastructure Input to EU & MS Cyber Security Strategies Assisting Operational Communities Security & Data Breach Notification European Union Agency for Network and Information Security www.enisa.europa.eu

ENISA The European Network & Information Security Agency (ENISA) was formed in 2004. The Agency is a Centre of Expertise that supports the Commission and the EU Member States in the area of information security. We facilitate the exchange of information between EU institutions, the public sector and the private sector. European Union Agency for Network and Information Security www.enisa.europa.eu

Agenda About ENISA The EU Cyber Security Strategy Protecting Critical Information Infrastructure Input to EU & MS Cyber Security Strategies Assisting Operational Communities Security & Data Breach Notification Data Protection European Union Agency for Network and Information Security www.enisa.europa.eu

EU Cyber Security Strategy The Five strategic objectives of the strategy: Achieving cyber resilience Drastically reducing cybercrime Developing cyberdefence policy and capabilities related to the Common Security and Defence Policy (CSDP) Developing the industrial and technological resources for cybersecurity Establishing a coherent international cyberspace policy for the European Union and promote core EU values. European Union Agency for Network and Information Security www.enisa.europa.eu

Agenda About ENISA The EU Cyber Security Strategy Protecting Critical Information Infrastructure Input to EU & MS Cyber Security Strategies Assisting Operational Communities Security & Data Breach Notification Data Protection European Union Agency for Network and Information Security www.enisa.europa.eu

The ENISA Threat Landscape The ENISA Threat Landscape provides an overview of threats and current and emerging trends. It is based on publicly available data and provides an independent view on observed threats, threat agents and threat trends. Over 120 recent reports from a variety of resources have been analysed. European Union Agency for Network and Information Security www.enisa.europa.eu

Developed overview European Union Agency for Network and Information Security www.enisa.europa.eu

Cyber Exercises Cyber Europe 2010. first ever international cyber security exercise EU-US exercise, 2011. Also a first : work with COM & MS to build transatlantic cooperation Cyber Europe 2012. Developed from 2010 & 2011 exercises. Involves MS, private sector and EU institutions. Highly realistic exercise, Oct 2012 European Union Agency for Network and Information Security www.enisa.europa.eu

Securing New Technologies

Agenda About ENISA The EU Cyber Security Strategy Protecting Critical Information Infrastructure Input to EU & MS Cyber Security Strategies Assisting Operational Communities Security & Data Breach Notification Data Protection

Austria Czech Republic Estonia Finland France Germany Hungary Lithuania Luxemburg Netherlands Poland Romania Slovakia United Kingdom Member States with NCSS

Good Practice Guide ENISA deliverable of 2012 Describes: Known good practices, standards and policies The elements of a good Cyber Security Strategy Institutions and roles identified in a Strategy Parties involved in the development lifecycle Challenges in developing and maintaining a Strategy

Agenda About ENISA The EU Cyber Security Strategy Protecting Critical Information Infrastructure Input to EU & MS Cyber Security Strategies Assisting Operational Communities Security & Data Breach Notification Data Protection

Supporting Operational Communities - Overview

in 2005 National/governmental CERTs in 2013 ESTABLISHED IN 2005: Finland France Germany Hungary The Netherlands Norway Sweden UK

CERT Status Report 2012 Up to one year 1-2 years 3-5 years 6-8 years Over 8 years 5% 10% 15% 10% Initial Repeatable Defined 16% 4% 20% 30% 30% Managed Optimised Other 32% 28%

CERT Exercises and training material ENISA CERT training/exercise material, used since 2009, was extended to host 23 different topics and training exercises including: Technical aspects Organisational aspects Operational aspects Additionally a Roadmap was created to could ENISA provide more proactive and efficient training? CERT

Fostering CERT-LEA Collaboration Main goals: Define key concepts Describe the technical and legal/regulatory aspects of the fight against cybercrime Compile an inventory of operational, legal/regulatory and procedural barriers and challenges and possible ways to overcome these challenges Collect existing good and best practices Develop recommendations Focus on CERT-LEA cooperation

Agenda About ENISA The EU Cyber Security Strategy Protecting Critical Information Infrastructure Input to EU & MS Cyber Security Strategies Assisting Operational Communities Security & Data Breach Notification Data Protection

Security & Data Breach Notification Supporting MS in implementing Article 13a of the Telecommunications Framework Directive Supported Developed and implemented the process for collecting annual national reports of security breaches Developed minimum security requirements and propose associated metrics and thresholds Supporting COM and MS in defining technical implementation measures for Article 4 of the eprivacy Directive. Recommendations for the implementation of Article 4. Collaboration with Art.29 TS in producing a severity methodology for the assessment of breaches by DPAs

Article 13a - Incidents 2011 51 incidents from 11 countries, 9 countries without significant incidents, 9 countries with incomplete implementation Most incidents Affect mobile comms (60%) Are caused by hardware/software failures (47%) third party failures (33%), natural disasters (12%) Many involve power cuts (20%) Natural disasters (storm, floods, et cetera) often cause power cuts, which cause outages

Article 13a - Incidents 2012 79 incidents from 18 countries, 9 countries without significant incidents, 1 country with incomplete implementation Most incidents Are caused by System failures (76%), third party failures (13%), Malicious actions (8%) natural disasters (6%)

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback