The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Similar documents
EU policy on Network and Information Security & Critical Information Infrastructures Protection

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Valérie Andrianavaly European Commission DG INFSO-A3

Security and resilience in Information Society: the European approach

Securing Europe's Information Society

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

ENISA EU Threat Landscape

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

Cyber Security in Europe

EISAS Enhanced Roadmap 2012

Directive on security of network and information systems (NIS): State of Play

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

ENISA s Position on the NIS Directive

European Union Agency for Network and Information Security

Cybersecurity & Digital Privacy in the Energy sector

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

Summary. Strategy at EU Level: Digital Agenda for Europe (DAE) What; Why; How ehealth and Digital Agenda. What s next. Key actions

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

The NIS Directive and Cybersecurity in

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Discussion on MS contribution to the WP2018

Commonwealth Cyber Declaration

Directive on Security of Network and Information Systems

13967/16 MK/mj 1 DG D 2B

Achieving Global Cyber Security Through Collaboration

Bradford J. Willke. 19 September 2007

Package of initiatives on Cybersecurity

Europe (DAE) for Telehealth

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Towards a European Cloud Computing Strategy

Cybersecurity Strategy of the Republic of Cyprus

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

IT EC. Challenges & Experiences. Francisco García Morán. Director General DG Informatics European Commission

European Directives and reglements for Information security

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

NIS Standardisation ENISA view

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

Call for Expressions of Interest

Cyber Security in Europe and CEER s new PEER initiative

Network and Information Security Directive

ENISA Cooperation in the EU / NIS Directive

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

PATHWAYS TO INNOVATION IN DISASTER RISK MANAGEMENT. Paolo Venturoni CEO European Organisation For Security 4 th June 2018

10025/16 MP/mj 1 DG D 2B

Cybersecurity for ALL

The Network and Information Security Directive - ENISA's contribution

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

ENISA S WORK ON ICS AND SMART GRID SECURITY

RESOLUTION 130 (REV. BUSAN, 2014)

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Joint Declaration by G7 ICT Ministers

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

NIS-Directive and Smart Grids

Harmonisation of Digital Markets in the EaP. Vassilis Kopanas European Commission, DG CONNECT

Cybersecurity Package

Promoting Global Cybersecurity

Systemic Analyser in Network Threats

Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment

ehealth in Europe: at the convergence of technology, medicine, law and society

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Plan of action for Implementation of the Sendai Framework for Disaster Risk Reduction in Central Asia and South Caucasus Region

ENISA today and in the future

Security Aspects of Trust Services Providers

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

INTERMEDIATE EVALUATION

DIGITIZING INDUSTRY, ICT STANDARDS TO

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

A European Perspective on Smart Grids

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

ehealth Ministerial Conference 2013 Dublin May 2013 Irish Presidency Declaration

Cyber Security Beyond 2020

IPv6 Task Force - Phase II. Welcome

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Protecting Critical Information Infrastructure in times of increasing cyber conflict

Shaping the Cyber Security R&D Agenda in Europe, Horizon 2020

Securing Europe s IoT Devices and Services

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

NIS Directive : Call for Proposals

Recommendations for Small and Medium Enterprises. Event Date Location

H2020 WP Cybersecurity PPP topics

Research Infrastructures and Horizon 2020

ehealth action in the EU

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

European Transport Policy: ITS in action ITS Action Plan Directive 2010/40/EU

16474/08 JJ/ap 1 DGH4

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Promoting Digital Economy in the Eastern Partnership. Vassilis Kopanas European Commission, DG CONNECT

An Energy Community for the Future Key Findings of the Report of the High Level Reflection Group. Barbora Jaksova, Energy Community Secretariat

Critical Infrastructure Protection in the European Union

Transcription:

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3 Andrea.Servida@ec.europa.eu

What is at stake with CIIs The World Economic Forum estimated in 2008 that there is a 10 to 20% probability of a major CII breakdown in the next 10 years, with a potential global economic cost of approximately $250 billion The US Business Roundtable in 2007 suggested that the economic costs of a month-long Internet disruption to the United States alone could be more than $200 billion. According to OECD report on Malicious software, the estimated annual loss to United States businesses caused by malware is USD 67.2 billion The macroeconomic costs of a major disruption to Switzerland, having an annual GDP of CHF 482 billion (EUR 317 billion) are estimated at CHF 6 billion (EUR 3.9 billion), i.e. 1.2% of GDP

Are large scale cyber attacks & disruptions real or science fiction? Few recent large scale events DDoS attacks on Estonian networks (April-May 2007) Defacement attacks on more than 300 private and official sites in Lithuania (June-July 2008) Three major cables cuts in the Mediterranean (January, February and December 2008) Lowering entry barriers for malicious attackers According to UK House of Lords report on Personal Internet Security, the competition to supply botnets has decreased the cost of renting a platform for spamming to around 3-7 US cents per zombie per week One report averaged the weekly rental rate for a botnet at USD 50 60 per 1 000 2 000 bots.

Communication on CIIP - COM(2009)149 Objectives and scope High level objectives Protect Europe from large scale cyber attacks and disruptions Promote security and resilience culture (first line of defence) & strategy Tackle cyber attacks & disruptions from a systemic perspective Means Enhance the CIIP preparedness and response capability in EU Promote the adoption of adequate and consistent levels of preventive, detection, emergency and recovery measures Foster International cooperation, in particular on Internet stability and resilience Approach Build on national and private sector initiatives Engage public and private sectors Adopt an all-hazards approach Be multilateral, open and all inclusive

Communication on CIIP COM(2009)149 Specific objectives The 5 specific objectives to be achieved: 1. Foster cooperation and exchange of good policy practices between MS 2. Develop a public-private partnership at the European level on security and resilience of CIIs 3. Enhance incident response capability in the EU 4. Promote the organisation of national and European exercises on simulated largescale network security incidents. 5. Reinforce international cooperation on global issues, in particular on resilience and stability of Internet

The CIIP Action Plan 1. Preparedness and prevention Baseline of capabilities and services for pan-european cooperation between National/Governmental CERTs Target: End of 2010 for agreeing on minimum standards End of 2011 for well functioning National/Gov CERTs in all Member States European Public Private Partnership for Resilience (EP3R) Target: End of 2009 for a roadmap and plan for EP3R Mid of 2010 for establishing EP3R End of 2010 for the first results European Forum for information sharing between Member States Target: End of 2009 for launching the Forum End of 2010 for delivering the first results With the support of ENISA and building upon its activities

The CIIP Action Plan 2. Detection and response Development and deployment of European Information Sharing and Alert System (EISAS) The Commission financially supports two complementary prototyping projects ENISA is called upon to take stock of results and produce a roadmap to further develop and deploy EISAS Target: End of 2010 for completing the prototyping projects End of 2010 for the roadmap

The CIIP Action Plan 3. Mitigation and recovery National contingency planning and exercises National/Governmental CERTs/CSIRTs to take the lead in national contingency planning exercises and testing Target: End of 2010 for running a national exercise in every MS Pan-European exercises on large-scale network security incidents EC provide some financial support in 2009 Target: End of 2010 for first pan-european exercise End of 2010 for EU participation in international exercises Reinforced cooperation between National/Governmental CERTs Support pan European cooperation also by expanding existing cooperation schemes (like EGC) Target: End of 2010 for doubling the number of national bodies participating in EGC; End of 2010 for ENISA to develop reference materials

Internet resilience and stability Define European priorities on long term Internet resilience and stability Target: End of 2010 for EU priorities Define principles and guidelines for Internet resilience and stability at the European level Target: End of 2009 for a roadmap towards the principles & guidelines Target: End of 2010 for agreeing on first drafts ( focusing inter alia on regional remedial actions, mutual assistance agreements, coordinated recovery and continuity strategies, geographical distribution of critical Internet resources, technological safeguards in the architecture and protocols of the Internet, replication and diversity of services and data ) Promote the principles and guidelines for Internet resilience and stability at global level Target: Beginning of 2010 for a roadmap for international cooperation Target: End of 2010 for first drafts of international principles & guidelines ( strategic cooperation with third countries will be developed, notably in Information Society dialogues, as a vehicle to build global consensus ) The CIIP Action Plan 4. International Cooperation (1/2)

The CIIP Action Plan 4. International Cooperation (2/2) Global cooperation on exercises on large-scale Internet incidents Practical way to extend at the global level National and pan- European exercises and to build upon regional contingency plans and capabilities Target: End of 2010 to propose a framework and a roadmap

The CIIP Action Plan 5. ICT Criteria to identify ECI Continue to develop the criteria for identifying European Critical Infrastructures (ECI) for the ICT sector Process conducted in cooperation with Member States and all relevant stakeholders A 9-month study was launched in June 2009 to support the process Staff Working Paper on criteria is under development Target: First half of 2010 to define the criteria

The CIIP Action Plan The role of ENISA ENISA is called to Support the process of defining and agreeing on a baseline of capabilities and services for national/governmental CERTs in support to pan-european cooperation Take stock of the results of the projects aiming the prototyping of EISAS and other national initiatives and produce a roadmap to further progress in the development and deployment of EISAS Support the exchange of good practices between Member States on national contingency planning and exercises Stimulate and support pan-european cooperation between National/Governmental CERTs and develop reference materials

A Digital Agenda for Europe-COM(2010)245 The Seven Priority areas for action Every European Digital N. Kroes 1. Creating a Digital Single Market 2. Improving the framework conditions for interoperability between ICT products and services 3. Boosting internet trust and security 4. Guaranteeing the provision of much faster internet access 5. Encouraging investment in research and development 6. Enhancing digital literacy, skills and inclusion 7. Applying ICT to address social challenges such as climate change, rising healthcare costs and the ageing population.

Overview of Pillar 3 Trust and Security KA 6 (28) Cybersecurity preparedness Cybercrime Safety and privacy of online content and services 1 ENISA Regulation for mandate and duration 32 Cooperation on cybersecurity 31 Create European Cybercrime center 40 Harmful content hotlines and awareness campaigns 2 ToolBox ENISA EFMS. EP3R.. Observer in Cyberstorm. EPCIIP.. CIIP Conference 33 EU cybersecurity preparedness 39 MS Simulation exercises as of 2010 30 EU platform by 2012 41 National alert platforms by 2012 36 Support for reporting of illegal content 37 Dialogue and selfregulation minors 3 EU institutions CERT Expert Group 38 Network of CERTs by 2012 KA 7 (29) Measures on cyberattacks 35 Implementation of privacy and personal data protection INFSO CdF HOME CdF Others COM CdF Commission action Member States action KA 6 (28) NIS Policy 34 Explore extension of personal data breach notification

DAE trust and security actions and CIIP pillars

A Triple Play for a modernised ENISA COM(2010) 521 final Knowing better Assist MS and EU Institutions in collecting, analysing and disseminating NIS data (regularly assess NIS in Europe) Working better Provide assistance, support and expertise to the Member States and the European institutions and bodies (cross border issues, detection and response capability, Exercises, etc.) Cooperating better Facilitate cooperation, dialogue and exchange of good practice among public and private stakeholders (risk management, awareness, security of products, networks and services, etc)

Web Sites A Digital Agenda for Europe http://ec.europa.eu/information_society/digitalagenda/index_en.htm Commission to boost Europe's defences against cyberattacks http://ec.europa.eu/information_society/newsroom/cf/it emlongdetail.cfm?item_id=6190 EU policy on promoting a secure Information Society http://ec.europa.eu/information_society/policy/nis/index _en.htm EU policy on Critical Information Infrastructure Protection CIIP http://ec.europa.eu/information_society/policy/nis/strat egy/activities/ciip/index_en.htm The reformed Telecom Regulatory Framework - November 2009 http://ec.europa.eu/information_society/policy/ecomm/t omorrow/index_en.htm

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback