Cybersecurity & Digital Privacy in the Energy sector

Similar documents
Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Horizon 2020 Security

Package of initiatives on Cybersecurity

Cybersecurity Package

13967/16 MK/mj 1 DG D 2B

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

EU policy on Network and Information Security & Critical Information Infrastructures Protection

ENISA EU Threat Landscape

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Directive on security of network and information systems (NIS): State of Play

H2020 WP Cybersecurity PPP topics

Cyber Security in Europe

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

European Directives and reglements for Information security

Shaping the Cyber Security R&D Agenda in Europe, Horizon 2020

Cyber Security in Europe and CEER s new PEER initiative

Security and resilience in Information Society: the European approach

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

European Union Agency for Network and Information Security

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

Commonwealth Cyber Declaration

Valérie Andrianavaly European Commission DG INFSO-A3

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

ENISA Cooperation in the EU / NIS Directive

Call for Expressions of Interest

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Cyber security: a building block of the Digital Single Market

Securing Europe's Information Society

The NIS Directive and Cybersecurity in

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Securing Europe s IoT Devices and Services

Cyber Security Beyond 2020

NIS-Directive and Smart Grids

Discussion on MS contribution to the WP2018

NIS Standardisation ENISA view

The Digitalisation of Finance

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

Secure Societies Work Programme Call

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

ENISA s Position on the NIS Directive

A European Perspective on Smart Grids

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Summary. Strategy at EU Level: Digital Agenda for Europe (DAE) What; Why; How ehealth and Digital Agenda. What s next. Key actions

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

ehealth in Europe: at the convergence of technology, medicine, law and society

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

CHAIR S SUMMARY: G7 ENERGY MINISTERS MEETING

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 21 October /13 LIMITE CO EUR-PREP 37. NOTE General Secretariat of the Council

GDPR - How it may clear up the digital market. Anett Mádi-Nátor, Cyber Services Plc.

DG GROW meeting with Member States in preparation of Space Strategy 8 th July Working document#1: Vision and Goals

Security Aspects of Trust Services Providers

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

POSITION PAPER. Initial position on the EU cybersecurity package OCTOBER 2017

Enhancing the cyber security &

Protecting Critical Energy Infrastructure International Multistakeholder Conference, Training & Exhibition

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Digital Security. Rafael Tesoro Carretero DG CNECT, Unit H1 - Cybersecurity & Digital Privacy

10025/16 MP/mj 1 DG D 2B

Strategic Transport Research and Innovation Agenda - STRIA

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Societal Challenge

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

Europe (DAE) for Telehealth

H2020 & THE FRENCH SECURITY RESEARCH

RESOLUTION 130 (REV. BUSAN, 2014)

Directive on Security of Network and Information Systems

Between 1981 and 1983, I worked as a research assistant and for the following two years, I ran a Software Development Department.

10496/18 MC/sl 1 DGD 2

The Network and Information Security Directive - ENISA's contribution

RESOLUTION 130 (Rev. Antalya, 2006)

Provisional Translation

MOTION FOR A RESOLUTION

Itu regional workshop

Cyber Security Strategy

Digital Single Market Strategy for Europe

Kick-off Meeting DPIA Test phase

Policies in the Quantum era

2. Taking into account the developments in the next five years, which are the actions to be launched at the EU level?

EUROPEAN ORGANISATION FOR SECURITY SUPPLY CHAIN SECURITY WHITE PAPER

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

eidas Regulation (EU) 910/2014 eidas implementation State of Play

H2020 Opportunities in the Area of Security and Critical Infrastructure Protection

***I DRAFT REPORT. EN United in diversity EN. European Parliament 2018/0328(COD)

Promoting Global Cybersecurity

Cybersecurity Strategy of the Republic of Cyprus

RESOLUTION 45 (Rev. Hyderabad, 2010)

Update on Smart Grid Deployment in the EU. Dr.-Ing. Manuel Sánchez Jiménez Team Leader Smart Grids Directorate General for Energy European Commission

National Policy and Guiding Principles

Transcription:

ENERGY INFO DAYS Brussels, 25 October 2017 Cybersecurity & Digital Privacy in the Energy sector CNECT.H1 Cybersecurity & Digital Privacy, DG CNECT ENER.B3 - Retail markets; coal & oil, DG ENER European Commission 1

2013-2017: Evolving threat landscape Proliferation of (poorly secured) IoT devices Blurring lines between state and non-state actors Hybrid attacks on western democracies Fake news Evolving cybercrime business models Cyber espionage on the rise Dependence on foreign security technologies Persisting critical infrastructure vulnerabilities Attempts to promote new internet governance model Vulnerabilities of third countries

Policy context Digital Single Market Strategy COM(2015) 192 of 6.5.2015; European Agenda for Security COM(2015) 185 of 28.4.2015; NIS Directive Directive (EU) 2016/1148 of 6/7/2016 concerning measures for a high common level of security of network and information systems across the Union; eidas Regulation (EU) 910/2016 of 23.7.2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC; General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 of 27.4.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC; 3

Policy context (cont.) Proposal for an e-privacy regulation concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) - COM(2017) 10 of 10.1.2017; Communication on "Strengthening Europe's Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry" COM(2016) 410 of 5.7.2016; Contractual Public-Private Partnership on Cybersecurity July 2016; Cybersecurity package September 2017: Joint Communication on "Resilience, Deterrence and Defence: Building strong cybersecurity for the EU" JOIN(2017) 450 of 13.9.2017; 4

State of the Union 2017 by Jean-Claude Juncker, President of the European Commission (13 September 2017) "A Europe that protects, empowers and defends." "Fourth priority for the year ahead: we need to better protect European in the digital age." "Cyber-attacks can be more dangerous to the stability of democracies and economies than guns and tanks." Europe must be better equipped for cyber-attacks (no borders, no one is immune); European Cybersecurity Agency: to help defend against such cyber-attacks; 5

Conclusions from the Tallinn Digital Summit (29 September 2017) "We should make Europe a leader in cybersecurity by 2025, in order to ensure the trust, confidence, and protection of our citizens, consumers and enterprises online and to enable a free and law-governed internet." "Europe needs a common European approach to cybersecurity. Europe has to function as a single European cyberspace and a single cybersecurity market, including in terms of world-class and state-of-the-art security certification and joint standards, operational capacity, and collective crisis response." 6

Building strong cybersecurity for the EU: Resilience, Deterrence and Defence From reactive to pro-active and cross-policy approach bringing various work streams together to build EU's strategic cybersecurity autonomy Improving resilience and response by boosting capabilities (technology/skills), ensuring the right structures are in place and EU cybersecurity single market functions well Stepping up work to detect, trace and hold accountable those responsible for cyber attacks Strengthening international cooperation as a platform for EU leadership on cybersecurity Involving all key actors - the EU, Member States, industry and individuals to give cybersecurity priority it deserves 7

Cybersecurity Package Highlights of key initiatives 8

Building EU Resilience to cyber attacks Creating effective EU cyber deterrence Strengthening international cooperation on cybersecurity Cybersecurity Act Reformed ENISA EU cybersecurity Certification Framework Identifying malicious actors Stepping up the law enforcement response Promoting global cyber stability and contributing to Europe's strategic autonomy in cyberspace Strengthening cyber dialogues Communication NIS Directive Implementation Stepping up public-private cooperation against cybercrime Modernising export controls, including for critical cybersurveillance technologies Recommendation Rapid emergency response Blueprint & Cybersecurity Emergency Response Fund Stepping up political response Continue rights-based capacity building model Cybersecurity competence network with a European Cybersecurity Research and Competence Centre Building cybersecurity deterrence through the Member States' defence capability Deepen EU-NATO cooperation on cybersecurity, hybrid threats and defence Building strong EU cyber skills base, improving cyber hygiene and awareness 9

A European Energy Union Why does the energy sector require specific considerations in terms of cyber security? Real time requirements Cascading effects Legacy and digital technologies

How the Clean Energy Package acknowledges cybersecurity? The legislative proposals put a lot of emphasis on smarter and more efficient management of the grid, by using digital technologies and the flexibility of consumers and their electrical appliances -PV, ev, etc Innovation is at the core of the package, from renewable energy legislation, to energy efficiency and the new market design proposals The package acknowledges the importance of cyber security for the energy sector, and the need to duly assess cyber-risks and their possible impact on the security of supply. It proposes the adoption of measures to prevent and mitigate the risks identified as well as the adaption of technical rules for electricity (i.e. a Network Code) on cyber-security. The Commission's proposal for a revised security of gas supply regulation acknowledges the importance of cyber security in gas.

Smart Grids Task Force (SGTF) Working Group on Cybersecurity This working group stems from the Commission Communication "Clean Energy for All Europeans" (COM/2016/0860 final) announcing stakeholder working groups under the Smart Grids Task Force to prepare the ground for network codes on demand response, energy-specific cybersecurity and common consumer's data format. Set up in spring 2017 and final results by the end of 2018 Revision of the Electricity Regulation Article 55 Establishment of network codes Commission proposes a network code on cyber security

Study On the Evaluation of Risks of Cyber-Incidents and on Costs of Preventing Cyber-Incidents in the Energy Sector EECSP-Report: Expert Recommendation The European Commission should launch an analysis of possible cyber threat scenarios addressing the high-level objectives with their associated risks and to assess how to mitigate respective risks and associated mitigation costs. (S) Study on the Evaluation of Risks of Cyber-Incidents and on Costs of Preventing Cyber-Incidents in the Energy Sector. Tasks: Task 1: Task 2: Task 3: Task 4: Task 5: Task 6: System description & use cases Identification of threat scenarios Detailed analysis on mitigation measures in place Development of a methodology for and carrying out a risk assessment Identification of additional mitigation measures and calculation of their costs Recommendation

Digital Security in WP2018-2020 LEIT-ICT: Cybersecurity call Cybersecurity embedded in several other topics SC7 Secure Societies: intends to address: cybersecurity preparedness; digital security, privacy, data protection in critical sectors; cybersecurity in energy; combined physical and cyber threats; 14

Cybersecurity in energy NIS Directive: "Network and information systems and services play a vital role in society. Their reliability and security are essential to economic and societal activities, and in particular to the functioning of the internal market." Energy sector mentioned in Annex II of the NIS Directive, with operators of essential services, to which the Directive applies; Some of the main challenges: Digital technologies playing a more important role in the energy system, which is facing higher risks and vulnerabilities, being exposed to an increasing range of cyber threats; Need for new security approaches in detecting and preventing threats, building protection against cyber and privacy attacks;

Cybersecurity in energy Scope of action could include: Development of solutions to make the energy sector more resilient to the cyber and privacy attacks, more cyber secure; Development of scenarios for possible attacks, with appropriate counteracting measures, designed, described, tested on a demonstrator, to verify effectiveness; Assessment of vulnerabilities and threats, design of adequate security measures; Development of security information, definition of cybersecurity design principles, formulation of recommendations, including for policy purposes;

Cybersecurity in energy Impact expected could mainly include: Increased resilience against cyber and privacy attacks; Cyber protection policy design and uptake; Ensured continuity of critical business energy operations; Disclaimer: The views in the slides marked as 'draft' are the views of the services and may not in any circumstances be regarded as stating an official position of the Commission. Only the adopted work programme will have legal value. Information given in this presentation may not appear in the final work programme; and likewise, new elements may be introduced at a later stage.

Thank you for your attention! More details (revised presentation) after the publication of the Work Programme Questions? CNECT-H1@ec.europa.eu ENER-B3@ec.europa.eu 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback