Cyber Security in Europe and CEER s new PEER initiative

Similar documents
European Union Agency for Network and Information Security

ENISA Cooperation in the EU / NIS Directive

Cybersecurity & Digital Privacy in the Energy sector

ENISA s Position on the NIS Directive

Package of initiatives on Cybersecurity

Cyber Security in Europe

EU policy on Network and Information Security & Critical Information Infrastructures Protection

The NIS Directive and Cybersecurity in

Discussion on MS contribution to the WP2018

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

NIS Standardisation ENISA view

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

Call for Expressions of Interest

Securing Europe's Information Society

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Directive on security of network and information systems (NIS): State of Play

EISAS Enhanced Roadmap 2012

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

NIS-Directive and Smart Grids

The smart metering experience in Italy in the framework of cooperation between energy and telecom NRAs

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

The Network and Information Security Directive - ENISA's contribution

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

13967/16 MK/mj 1 DG D 2B

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

European Directives and reglements for Information security

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Enhancing the cyber security &

Directive on Security of Network and Information Systems

Cybersecurity Strategy of the Republic of Cyprus

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Valérie Andrianavaly European Commission DG INFSO-A3

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Network and Information Security Directive

Security and resilience in Information Society: the European approach

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

The Digitalisation of Finance

ENISA S WORK ON ICS AND SMART GRID SECURITY

ENISA EU Threat Landscape

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

IoT and Smart Infrastructure efforts in ENISA

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Bradford J. Willke. 19 September 2007

National CIRT - Montenegro. Ministry for Information Society and Telecommunications

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

Securing Europe s IoT Devices and Services

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Cyber Security Beyond 2020

Policy drivers and regulatory framework to roll out the Smart Grid deployment. Dr. Manuel Sánchez European Commission, DG ENERGY

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

falanx Cyber ISO 27001: How and why your organisation should get certified

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

Critical Infrastructure Protection in the European Union

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

Kick-off Meeting DPIA Test phase

Position Paper of the ASD Civil Aviation Cybersecurity Taskforce

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Towards a European Cloud Computing Strategy

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Cybersecurity Package

EU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017

Future-Proof Security & Privacy in IoT

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Horizon 2020 Security

COUNTERING IMPROVISED EXPLOSIVE DEVICES

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

General Framework for Secure IoT Systems

How the Board Should Take Care of Cyber Security. ICS Conference 2012, October 31 Denmark

GDPR Update and ENISA guidelines

About Issues in Building the National Strategy for Cybersecurity in Vietnam

The commission communication "towards a general policy on the fight against cyber crime"

CYBER SECURITY AIR TRANSPORT IT SUMMIT

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

10025/16 MP/mj 1 DG D 2B

NIS Directive development The Incident Notification Framework

CEER Executive Seminar on European Institutions and Developments and Multi-Sector Regulation. 8-9 March 2016

Harmonisation of Digital Markets in the EaP. Vassilis Kopanas European Commission, DG CONNECT

PIPELINE SECURITY An Overview of TSA Programs

Cybersecurity for ALL

Centre for cybersecurity Belgium : Role, Missions et future capacities

International Atomic Energy Agency Meeting the Challenge of the Safety- Security Interface

Smart Grids Task Force. Cybersecurity

2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS. ENISA Article 19 Team

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

Starting from the basics: cybersecurity awareness campaigns in the electricity and energy sector

Transcription:

NARUC-CEER International Forum, 27 April 2017, Arlington, Virginia Cyber Security in Europe and CEER s new PEER initiative Lord Mogg, CEER President

Outline New EU legislativedevelopments: NIS Directive GDPR Clean Energy legislative Proposals (and EECSP energy recommendations) What Europe s national energy regulatory authorities (NRAs) are doing on cyber: Enhancing national cyber capability PEER (cross-agency cooperation) in Europe International cooperation Some challenges:

NIS (Network Information Security) Directive NIS - new (cross-sectoral) law to strengthen EU network and information security (enters into force nationally - May 2018) Introduces a new EU-wide baseline Cyber Security (CS) obligations for: Operators of essential services in energy, transport, banking, etc Digital service providers - search engines, online marketplaces, cloudcomputing NIS Directive focuses on 3 pillars: Raising resilience through baseline CS standards Ensuring EU-wide minimum CS capabilities through audits and penalities NIS competent authorities on national and sector level Increase cooperation (incident reporting obligations) nationally and EU level EU Agencies and between counrtries Nationally between public and private stakeholders

General Data Protecion Regulation (GDPR) GDPR - legislation to set EU-wide data protection standards Strengthens data protection rights of individuals, provides businesses with clear, modern and applicable rules Main rules include: Easier access to private data A right to data portability The right to be forgotten Reporting obligations for data handlers in case of data theft Penalties in case of severe data theft incidentes Adoped in 2016. Legislation to take effect in 2018

Energy Expert Cyber Security Platform (EECSP) EECSP (international cyber expert group) Report (Feb 2017) 10 challenges for energy + nuclear 39 gaps EECSP recommendations to the European Commission (EC) for an energy-specific cyber strategy to close gaps: Set-up an effective threat and risk management system; Set-up an effective cyber defense framework; Continuously improve cyber resilience in energy; Build-up required capacity and competence for cyber in energy.

Clean Energy For All Europeans Legal Proposals (1/2) Legislative package proposed by European Commmission (Nov 2016, revisions Feb 2017) Currently in negotiations by EU law-makers Cyber issues (not addressed in NIS) are reinforced: Risk Preparedness Regulation identify crisis scenarios and risk preparedness plans; Recast Electricity Regulation new EU wide Network Code on cyber security Addresses main recommendations for a specific cyber strategy for energy issues of the EECSP

Clean Energy For All Europeans Legal Proposals (2/2) New cyber issues addressed: Mandatory cyber requirements for smart meters Key role for Distribution System Operators (DSOs) in cyber when performing their duties New EU wide Network Code on cybersecurity rules Electricity operators to contribute to the development of resilience in respect of the risk of CS attacks or incidents Requires Member States (MS) to have risk preparedness plans at national + regional level (but cyber is linked to electricity security of supply in the Risk Preparedness Regulation!) we are reviewing gaps!

Evolving cyber framework for European energy NRAs to consider Support information-sharing initiatives and collaboration at any level Gradually build trust between actors Promote an open environment Encourage cross-border cooperation and joint initiatives to share bestpractice, knowledge and resources in a collective effort Actively engage and support European and national/regional initiatives Facilitate quantitative risk assessments Drive CS-awareness and/or introduce baseline security and safety standards Take part to the introduction of a Maturity Framework Take part to research projects or education activities to offer also a Regulator perspective

European energy NRAs work on cyber CEER/ACER cyber work stream NRA + ACER experts Building NRA capacity in light of the evolving role of NRAs in cyber Reports, Factsheets, workshops to educate and exchange info CEER cyber training courses (next one June 2017) Dialgoue internationally (e.g. EU-US regulatory roundtable, EECSP) Participation in EC s Smart Grids Task Force (Expert Group 2 on cyber) Best Available Techniques (BATs) to make smart grids secure by design (Nov 2016 being updated) New cyber standards New PEER initaitive to enhance cross-agency cooperation (including on cyber) with involvement of EU Agencies (e.g. ENISA, ACER, consumer bodies etc.)

Partnership for the Enforcement of European Rights (PEER) Initiative of CEER to enhance cross-sectoral and cross-authority cooperation at EU level to benefit consumers EU focus Partnership for the Enforcement of European Rights (PEER) Invited Partners: EU Agencies (ACER, ENISA, BEREC), Ombudsmen and Consumer Bodies Pilot test the collaboration (with 2 pilots) in 2017-2018 Pilot 1 possible workshop Deploying a secure IoT (energy: smart meters, telecoms deployment of 5G). Pilot 2 possible workshop Bundled goods and protecting consumers rights (including data) in highly digitalised sectors. 10

Thank you for your attention! www.ceer.eu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback