ENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June

Similar documents
NIS Standardisation ENISA view

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

Discussion on MS contribution to the WP2018

Network and Information Security Directive

DIGITIZING INDUSTRY, ICT STANDARDS TO

ENISA EU Threat Landscape

The Network and Information Security Directive - ENISA's contribution

ENISA Cooperation in the EU / NIS Directive

Cyber Security Beyond 2020

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

Status of activities Joint Working Group on standards for Smart Grids in Europe

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

Package of initiatives on Cybersecurity

SG-CG/SGIS SG-CG/SGIS. ETSI Cyber Security Workshop Sophia Antipolis, France, January the 16th, 2013 Jean-Pierre Mennella, Alstom Grid

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European

Securing Europe's Information Society

The NIS Directive and Cybersecurity in

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

Security Aspects of Trust Services Providers

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

Cloud Computing Standards C-SIG Plenary Brussels, 15 February Luis C. Busquets Pérez DG CONNECT E2

Future-Proof Security & Privacy in IoT

Standardization of Knowledge and Skills for IT Security

Shaping the Cyber Security R&D Agenda in Europe, Horizon 2020

Some keynote messages on standardization and trade between US and EU

Cooperative Mobility and the importance of harmonised international standards

EISAS Enhanced Roadmap 2012

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

ENISA today and in the future

Jordi Palet Consulintel, CTO/CEO European IPv6 Task Force & Steering Committee IPv6 Forum, Education & Promotion WG

Improving recognition of ICT security standards Recommendations for the Member States for the conformance to NIS Directive

The European approach of using standards in support of regional legislation and free circulation of goods/services

Regional and subregional approaches to the Digital Economy: Lessons from Asia-Pacific and Latin America

Securing Europe s IoT Devices and Services

The current status of Esi TC and the future of electronic signatures

H2020 WP Cybersecurity PPP topics

First Set of Standards for the grid. ISGF Webinar : 11th July 2013 Dinesh Chand Sharma Director Standardization, Policy and Regulation

European Union Agency for Network and Information Security

Achieving Global Cyber Security Through Collaboration

The role of Standardization in support of harmonization

ETSI Introduction. Dr. Carmine Rizzo CISA, CISM, CISSP, ITIL, PRINCE2. ETSI Technical Officer ETSI Standardisation Projects

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

Chemical Regulations. Reducing Duplication and Proliferation in Standards Development

EU EHEALTH INTEROPERABILITY,

ENISA s Position on the NIS Directive

EU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017

Security Challenges with ITS : A law enforcement view

EUROPEAN COMMISSION Enterprise Directorate-General

ETSI and GRID Standardisation. Mike Fisher, BT ETSI TC GRID Chair. 23 October 2006 ITU-T/OGF Workshop on Next Generation Networks and Grids

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Friedrich Smaxwil CEN President. CEN European Committee for Standardization

Joint FIEEC-ZVEI Position on Cybersecurity

Standards for Smart Grids

European Standards- preparation, approval and role of CEN. Ashok Ganesh Deputy Director - Standards

Bridging the gap. New initiatives at ETSI. World Class Standards. between research and standardisation

Coordination Meeting of Standardisation Activities for assessing the Environmental Impact of ICT

Security and resilience in Information Society: the European approach

Emergency Communications Preparedness Center (ECPC) Research and Development (R&D) Focus Group (FG)

Technical guidelines implementing eidas

Cyber Security in Europe

EC Mandate: Adaptation to climate change use of standards to make key infrastructures more resilient. Ab de Buck/ Caroline van Hoek

Standardization mandate addressed to CEN, CENELEC and ETSI in the field of Information Society Standardization

Bringing EU Cybersecurity & privacy research results closer to the market

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

IPv6 Task Force - Phase II. Welcome

The Digitalisation of Finance

Digital Platforms for 'Interoperable and smart homes and grids'

Toward Horizon 2020: INSPIRE, PSI and other EU policies on data sharing and standardization

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

Electronic Commerce Working Group report

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Opportunities for collaboration in Big Data between US and EU

Governance framework for European standardisation

NIS Directive development The Incident Notification Framework

The EuroHPC strategic initiative

European Cybersecurity cppp and ECSO. org.eu

NIST Smart Grid Activities

13967/16 MK/mj 1 DG D 2B

M403 ehealth Interoperability Overview

WORK PROGRAMME 2015 INCLUDING MULTI-ANNUAL PLANNING

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Governance of information security

IEEE 802 EC ITU standing committee

WORLD TELECOMMUNICATION STANDARDIZATION ASSEMBLY Hammamet, 25 October 3 November 2016

ETSI TC GRID in 5mn!

Cyber Security in Europe and CEER s new PEER initiative

ECSC Brief Razvan GAVRILA NIS Expert. European Union Agency for Network and Information Security

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Cybersecurity and Vulnerability Assessment

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Global cybersecurity and international standards

The European System of Standardization in the Globalized Economy. AFSEC General Assembly Johannesburg, 10 August 2010

Cyber security: a building block of the Digital Single Market

Transcription:

ENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June European Union Agency for Network and Information Security

Summary 01 What's ENISA? 02 Some challenges in standardization 03 Challenges from UE perspective 04 ENISA approach to Standards 05 ENISA actions in standardization ENISA and Standards Adrián Belmonte 2

Securing Europe s Information Society Operational Office in Athens Seat in Heraklion 3 3

Positioning ENISA activities ENISA and Standards Adrián Belmonte 4

The nice thing about standards is there's so many to choose from, A.S. Tanenbaum, Computer Networks, 2nd ed., p. 254 ENISA and Standards Adrián Belmonte 5

A plethora of standardisation initiatives International ISO: International Organization for Standardization IEC: International Electro technical Commission ITU: International Telecommunications Union IETF: Internet Engineering Task Force IEEE: Institute of Electrical and Electronic Engineers European CEN: Comité Européen de Normalisation ETSI: European Telecommunications Standards Institute Cyber Security Coordination Group ICTSB: ICT Standards Board NISSG ( 04-08) National ANSI: American National Standards Institute NIST: National Institute of Standards and Technology Industrial initiatives W3C, OASIS, Liberty Alliance, FIDO, Wi-Fi Alliance, BioAPI, WS-Security, TCG GP, PC/SC, Open Card Framework, Multos PKCS, SECG 6 6

Challenges in standardization Two main challenges in Standardization: 1. Complexity 2. Maintenance 7 7

The challenge of complexity Backwards compatibility Optimizations for various cases High complexity in some cases - barrier for evaluation - barrier for market entry - makes secure implementation very difficult 8 8

The challenge of maintenance Context changes New technical vulnerabilities Is fixing it better than doing nothing? Fast changes incompatible with slow consensus-based procedures; 9 9

Challenges from UE perspective Need establishing a small number of key initiatives at EU level - Multi-disciplinary projects with industrial participation; - Necessary contributions by Data Protection Authorities (DPAs), apps developers; - Horizon2020 Standardisation should be promoted Improve coordination between different actors (ie: EU funded R&D and ISO) Possible vehicles for such a coordination - ETSI CEN CENELEC CSCG; - H2020 (industrial platforms); ENISA and Standards Adrián Belmonte 10

ENISA approach to standards Aim: promotion of best practices through Standard Development Organizations (SDOs) ENISA role: interface between private sector, public sector, SDOs Short- and mid-term goals - Formal cooperation with SDOs and specific Work Groups (WGs) - Working collaboration with SDOs Long-term goal - Review of and participation in NIS standardisation activities - Proposal of standards, via means of proposals for standardisation mandates. ENISA and Standards Adrián Belmonte 11

ENISA actions in standardisation Until 2013 (Regulation (EC) 460/2004)..to track the development of standards for products and services on network and information security.. After 2013 (Regulation (EC) 526/2013) support research and development and standardisation.. Concrete actions include - Support for Cybersecurity Coordination Group (CSCG) - Support for the Algo paper (ETSI) - SMEs Community Support ENISA and Standards Adrián Belmonte 12

ETSI CEN-CENELEC Cyber Security Coordination Group (CSCG) Give strategic advice to the technical committees of CEN, CENELEC and ETSI Develop a gap analysis of European and International Standards on cyber security Define of joint European requirements for European and International Standards on cyber security Establish a European roadmap on standardization of cyber security Act as contact point for all questions of EU institutions relating to standardization of cyber security Suggest a joint US and European strategy for the establishment of a framework of International standards on cyber security 13

CSCG Action Plan #1 Governance Framework #2 Common Understanding Of Cyber Security Leading an expert group #3 Trust In The European Digital Environment #4 European Pki And Cryptographic Capabilities #5 European Cyber Security Label #6 European Cyber Security Requirements #7 European Cyber Security Research #8 EU Industrial Forum On Cyber Security Standards #9 EU Global Initiative On Cyber Security Standards Preparing the ground for a high level conference 14 14

ETSI ESI Algo paper ETSI TR 119 312 Business Guidance on Cryptographic Suites ETSI TS 119 312 Cryptographic suites ENISA reports 2013-2014 Recommended cryptographic measures Algorithms, Key Sizes and Parameters Collaboration 2014 > 15 15

SMEs & Security Standards SMEs: Employ fewer than 250 persons + annual turnover <= 50M and/or annual balance sheet <= 43M 99% of all European Business Reduced size, sometimes: Cannot have a large number of dedicated IT staff Cannot have a single dedicated person to ICT security and privacy protection. Standards are, in general, targeting larger, specialized, organizations and they are difficult to implement for small businesses ENISA and Standards Adrián Belmonte 16

ENISA and Standards SMEs ENISA aims to identify how to facilitate the adoption of Standards by European SMEs: Gather and analyze information about which standards are used (or why they are not using standards) Investigate the obstacles and perceived problems for SMEs to embrace standards Identify main gaps in security and privacy standardization for the SME community Identify initiatives to move forward Based on the findings: Produce recommendations regarding how to facilitate and increase the adoption of standards in European SMEs ENISA and Standards Adrián Belmonte 17

Concluding Remarks Little mess with Standards: Some ICT areas overstandardised vs other areas lacks standards Standards are a tool, not the objective; Maintaining security standards is perhaps more complex than general standards; Plethora of fora and initiatives - not enough coordination Open evaluation procedures essential; Stimulate European market through procurement might be an approach? Are Standards too focused on specialized or large companies? Improve SMEs support Need for an EU strategy on research & standardisation. ENISA and Standards Adrián Belmonte 18

Thank you PO Box 1309, 710 01 Heraklion, Greece Tel: +30 28 14 40 9710 info@enisa.europa.eu www.enisa.europa.eu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback