ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

Similar documents
Achieving Global Cyber Security Through Collaboration

ENISA EU Threat Landscape

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

EU policy on Network and Information Security & Critical Information Infrastructures Protection

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

EISAS Enhanced Roadmap 2012

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

ENISA Cooperation in the EU / NIS Directive

ENISA Operational security CERT relations. Update January Contact:

European Cybersecurity PPP European Cyber Security Organisation - ECSO November 2016

ENISA s Position on the NIS Directive

NIS Country Reports Overview Document

Securing Europe's Information Society

Cyber Security in Europe

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Directive on security of network and information systems (NIS): State of Play

CSIRT capacity building Andrea Dufkova CSIRT-relations, COD1 NLO meeting Athens June 8. European Union Agency for Network and Information Security

Call for Expressions of Interest

The NIS Directive and Cybersecurity in

Discussion on MS contribution to the WP2018

European Union Agency for Network and Information Security

European Cybersecurity cppp and ECSO. org.eu

Mapping of the CVD models in Europe

ITU. The New Global Challenges in Cybersecurity 30 October 2017 Bucharest, Romania

ehaction Joint Action to Support the ehealth Network

European Cybersecurity PPP European Cyber Security Organisation - ECSO

The Network and Information Security Directive - ENISA's contribution

Cybersecurity Strategy of the Republic of Cyprus

The prospects of data breach laws in 18 European countries

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

The Critical Importance of CIIP to Cybersecurity

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

Country-specific notes on Waste Electrical and Electronic Equipment (WEEE)

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

ITU Global Cybersecurity Index

Combating Pharmacrime AGENDA

Valérie Andrianavaly European Commission DG INFSO-A3

Securing Europe s IoT Devices and Services

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Security frameworks for Gov Clouds: A Technical Analysis

Network and Information Security Directive

Where is the EU in cloud security certification?: Main findings

EU funded research is keeping up trust in digital society

Security Aspects of Trust Services Providers

Minutes of National Laison Officer s Meeting,

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

ENISA GENErAl report 2012

Romania - Cyber Security Strategy. 6th IT STAR Workshop on Digital Security

Directive on Security of Network and Information Systems

esignature Infrastructure Marketing Model

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

EUREKA European Network in international R&D Cooperation

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cyber Security Beyond 2020

ITS Action Plan Task 1.3 Digital Maps

Digital Dividend harmonisation in Europe

ENISA S WORK ON ICS AND SMART GRID SECURITY

13967/16 MK/mj 1 DG D 2B

NIS Standardisation ENISA view

Handbook on Security of Personal Data Processing DECEMBER European Union Agency For Network and Information Security

e-sens Electronic Simple European Networked Services

EU Cybersecurity Certification Framework

The commission communication "towards a general policy on the fight against cyber crime"

Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European

European Standardization & Digital Transformation. Ashok GANESH Director Innovation ETICS Management Committee

HEALTH INFORMATION INFRASTRUCTURE PROJECT: PROGRESS REPORT

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Package of initiatives on Cybersecurity

Cybersecurity & Digital Privacy in the Energy sector

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Bradford J. Willke. 19 September 2007

EUMETSAT EXPERIENCE WITH MULTICAST ACROSS GÉANT

COMMUNICATIONS COMMITTEE

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

WORK PROGRAMME 2015 INCLUDING MULTI-ANNUAL PLANNING

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

HPC IN EUROPE. Organisation of public HPC resources

Friedrich Smaxwil CEN President. CEN European Committee for Standardization

Cyber Security in Europe and CEER s new PEER initiative

H2020 WP Cybersecurity PPP topics

Experience from the UK Government s BIM Programme

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

Security and resilience in Information Society: the European approach

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

4th EU-India Environment Forum - Dealing with e-waste: Key elements of the European WEEE Directive. New Delhi, 21 October 2010

GDPR General Data Protection Regulation

H2020 & THE FRENCH SECURITY RESEARCH

EU e-marketing requirements

CERT.LV activities, role in Latvia and globally. Baiba Kaskina, CERT.LV , Sofia, Bulgaria

EXPOFACTS. Exposure Factors Sourcebook for Europe GENERAL

Analysis of the Interoperability Possibilities of Implemented Governmental e-services EU15

Improving Resilience in European e-communication networks MTP 1

Harmonisation of Digital Markets in the EaP. Vassilis Kopanas European Commission, DG CONNECT

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

Transcription:

ENISA & Cybersecurity Steve Purser Head of Technical Competence Department December 2012

Agenda Protecting Critical Information Infrastructure Input to EU & MS Cyber Security Strategies Assisting Operational Communities Security & Data Breach Notification Data Protection 2

Cyber Exercises Cyber Europe 2010. Europe s first ever international cyber security exercise EU-US exercise, 2011. Also a first : work with COM & MS to build transatlantic cooperation Cyber Europe 2012. Developed from 2010 & 2011 exercises. Involves MS, private sector and EU institutions. Highly realistic exercise, Oct 2012

EFMS & EP3R The European Forum for Member States builds on national approaches to CIIP. It will be used to foster common understanding of the issues and strategies for dealing with them. The European PPP for Resilience will provide a framework for supporting collaboration between public and private sectors on NIS policy issues. ENISA is supporting both these initiatives: Ensuring exchange of expertise on policy and operational aspects. Provision of good practice guides. Identifying significant risks and proposing suitable mitigation strategies. www.enisa.europa.eu

Securing New Technologies

Agenda Protecting Critical Information Infrastructure Input to EU & MS Cyber Security Strategies Assisting Operational Communities Security & Data Breach Notification Data Protection 6

Member States with NCSS Czech Republic Estonia Finland France Germany Lithuania Luxemburg Netherlands Slovakia United Kingdom 7

Good Practice Guide ENISA project for 2012 (delivery Q4) Will describe Known good practices, standards and policies The elements of a good Cyber Security Strategy Institutions and roles identified in a Strategy Parties involved in the development lifecycle Challenges in developing and maintaining a Strategy 8

Agenda Protecting Critical Information Infrastructure Input to EU & MS Cyber Security Strategies Assisting Operational Communities Security & Data Breach Notification Data Protection 9

Supporting Operational Communities - Overview 10

National/governmental CERTs the situation has changed in 2005 in 2012 ESTABLISHED IN 2005: Finland France Germany Hungary The Netherlands Norway Sweden UK Baseline capabilities of n/g CERTs Initially defined in 2009 (operational aspects) In 2010 Policy recommendations drafted In 2012 ENISA continues to work on a harmonisation together with MS Status Report 2012 National/governmental CERT capabilities updated recommendations 2012

CERT Status Report 2012 Total: 45 responses to the questionnaire (25 from n/g CERTs; 20 from other CERTs and other stakeholders) Self-Assessment of the Maturity Status of National / Governmental CERTs Years of Operation of National / Governmental CERT Up to one year 1-2 years 3-5 years 6-8 years Over 8 years 5% 10% 15% 10% Initial Repeatable Defined 16% 4% 20% 30% 30% Managed Optimised Other 32% 28% Interviewed teams assessed themselves as either governmental or national/governmental CERTs indicated the years of operations between: 4 months and 11 years. (France, Germany, Norway, Hungary, Denmark, Sweden, Spain, Ireland, Latvia, Czech Republic, Slovakia, Romania, CERT-EU)

CERT Exercises and training material ENISA CERT training/exercise material, used since 2009, was extended to host 23 different topics and training exercises including: Technical aspects Organisational aspects Operational aspects Additionally a Roadmap was created to answer the question How could ENISA provide more proactive and efficient CERT training?

EISAS Large Scale Pilot European Information Sharing and Alert System introduced in COM(2006) 251: Communication on a strategy for a Secure Information Society In 2012: Pilot Project for collaborative Awareness Raising for EU Citizens and SMEs Gathered n/g CERTs, governmental agencies and private companies in 6 different MS Cross-border awareness raising campaign Reached more than 1.700 people in 5 months Social networks involved 14

Main goals: Define key concepts Describe the technical and legal/regulatory aspects of the fight against cybercrime Compile an inventory of operational, legal/regulatory and procedural barriers and challenges and possible ways to overcome these challenges Collect existing good and best practices Develop recommendations Focus on CERT-LEA cooperation Fostering CERT-LEA Collaboration 15

Agenda Protecting Critical Information Infrastructure Input to EU & MS Cyber Security Strategies Assisting Operational Communities Security & Data Breach Notification Data Protection 16

Security & Data Breach Notification Supporting MS in implementing Article 13a of the Telecommunications Framework Directive Supported NRA s in implementing the provisions under article 13a Developed and implemented the process for collecting annual national reports of security breaches Developed minimum security requirements and propose associated metrics and thresholds Supporting COM and MS in defining technical implementation measures for Article 4 of the eprivacy Directive. Recommendations for the implementation of Article 4. Collaboration with Art.29 TS in producing a severity methodology for the assessment of breaches by DPAs 17

Article 13a - Incidents 2011 51 incidents from 11 countries, 9 countries without significant incidents, 9 countries with incomplete implementation Most incidents Affect mobile comms (60%) Are caused by hardware/software failures (47%) third party failures (33%), natural disasters (12%) Many involve power cuts (20%) Natural disasters (storm, floods, et cetera) often cause power cuts, which cause outages

Severity of a data breach Estimation of the magnitude of potential impacts on the individuals privacy and data protection Low Medium High Data subjects either will not be affected or may encounter a few inconveniences, which they will overcome without any problem (time spent re-entering information, annoyances, irritations, etc.). Data subjects may encounter significant inconveniences, which they will be able to overcome despite a few difficulties (extra costs, denial of access to business services, fear, lack of understanding, stress, minor physical ailments, etc.). Data subjects may encounter significant consequences, which they should be able to overcome albeit with serious difficulties (misappropriation of funds, blacklisting by banks, property damage, loss of employment, subpoena, worsening of health, etc.). Very High Data subjects may encounter significant, or even irreversible, consequences, which they may not overcome (financial distress such as substantial debt or inability to work, long-term psychological or physical ailments, death, etc.). 19

Agenda Protecting Critical Information Infrastructure Input to EU & MS Cyber Security Strategies Assisting Operational Communities Security & Data Breach Notification Data Protection 20

The right to be forgotten - between expectations and practice Included in the proposed regulation on data protection published by the EC in Jan 2012. ENISA addressed the technical means of assisting the enforcement of the right to be forgotten. A purely technical and comprehensive solution to enforce the right in the open Internet is generally not possible. Technologies do exist that minimize the amount of personal data collected and stored online.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback