The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

Similar documents
New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

Package of initiatives on Cybersecurity

Cybersecurity & Digital Privacy in the Energy sector

Cybersecurity Package

ENISA s Position on the NIS Directive

13967/16 MK/mj 1 DG D 2B

ENISA EU Threat Landscape

Network and Information Security Directive

NIS Standardisation ENISA view

Cyber Security Beyond 2020

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

The Digitalisation of Finance

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

ENISA Cooperation in the EU / NIS Directive

European Directives and reglements for Information security

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Directive on security of network and information systems (NIS): State of Play

Cyber Security in Europe

***I DRAFT REPORT. EN United in diversity EN. European Parliament 2017/0225(COD)

European Union Agency for Network and Information Security

Discussion on MS contribution to the WP2018

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

The Network and Information Security Directive - ENISA's contribution

Directive on Security of Network and Information Systems

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Cyber Security in Europe and CEER s new PEER initiative

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

Cybersecurity. Quality. security LED-Modul. basis. Comments by the electrical industry on the EU Cybersecurity Act. manufacturer s declaration

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

The NIS Directive and Cybersecurity in

This document corrects document COM(2017)477 final of

EISAS Enhanced Roadmap 2012

Securing Europe's Information Society

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Horizon 2020 Security

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

14965/17 MK/ec 1 DG D 2B

Securing Europe s IoT Devices and Services

Security Aspects of Trust Services Providers

14435/17 MK/ec 1 DGD2B

Committee on the Internal Market and Consumer Protection

10025/16 MP/mj 1 DG D 2B

Valérie Andrianavaly European Commission DG INFSO-A3

NIS-Directive and Smart Grids

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

ENISA today and in the future

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

13303/17 CB/ek 1 DGE 2B

MOTION FOR A RESOLUTION

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

Cyber security: a building block of the Digital Single Market

A comprehensive approach on personal data protection in the European Union

H2020 WP Cybersecurity PPP topics

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

ENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June

How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Committee on the Internal Market and Consumer Protection. of the Committee on the Internal Market and Consumer Protection

Resolution: Advancing the National Preparedness for Cyber Security

Committee on Foreign Affairs. on space capabilities for European security and defence (2015/2276(INI))

13543/17 PhL/at 1 DG G 3 B

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

Achieving Global Cyber Security Through Collaboration

Security and resilience in Information Society: the European approach

10496/18 MC/sl 1 DGD 2

2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS. ENISA Article 19 Team

Technical guidelines implementing eidas

10007/16 MP/mj 1 DG D 2B

***I DRAFT REPORT. EN United in diversity EN. European Parliament 2018/0328(COD)

STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?

Policies in the Quantum era

INCEPTION IMPACT ASSESSMENT. A. Context, Problem definition and Subsidiarity Check

RESOLUTION 130 (REV. BUSAN, 2014)

National Policy and Guiding Principles

POSITION PAPER. Initial position on the EU cybersecurity package OCTOBER 2017

NIS Directive development The Incident Notification Framework

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

European Union Agency for Network and Information Security

Delegations will find below the Opinion of the European Economic and Social Committee on the abovementioned subject.

Between 1981 and 1983, I worked as a research assistant and for the following two years, I ran a Software Development Department.

Secure Societies Work Programme Call

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Regulating Cyber: the UK s plans for the NIS Directive

INDUSTRY, RESEARCH AND ENERGY (ITRE) Digitising Industry (Industry 4.0) and Cybersecurity KEY FINDINGS

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

KISH REMARKS APEC CBPR NOV 1 CYBER CONFERENCE KEIO Page 1 of 5 Revised 11/10/2016

Call for Expressions of Interest

Transcription:

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018 European Union Agency for Network and Information Security

Outline 1. Cybersecurity Package 2. Why ENISA Reform? 3. The Cybersecurity Act and proposed ENISA tasks 4. Policy and R&I 5. Operational cooperation 6. Cybersecurity Certification 7. Key Developments 8. The Next Steps 2

Cybersecurity Package Commission President Juncker, State of the EU 2017: Cyber-attacks can be more dangerous to the stability of democracies and economies than guns and tanks. [ ] Today, the Commission is proposing new tools, including a European Cybersecurity Agency to help defend us. 3

Cybersecurity Package Commission Proposal for a Cybersecurity Act: Proposal for a Regulation on ENISA, the "EU Cybersecurity Agency", and on Information and Communication Technology cybersecurity certification (''Cybersecurity Act'') COM(2017) 477 Renewed Cybersecurity Strategy: European Parliament and Council Joint Communication 'Resilience, Deterrence and Defence: Building strong cybersecurity for the EU' (JOIN(2017) 450) Blueprint: Commission Recommendation on Coordinated Response to Large Scale Cybersecurity Incidents and Crises (C(2017) 6100) Commission Communication Making the Most of NIS towards effective implementation of Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union (COM(2017) 476) 4

Why ENISA Reform? Existing mandate coming to an end in June 2020 New and increasing threats in cyberspace Greater political interest in cyber issues New EU cyber legislation NIS Directive Risk of fragmentation in the Digital Single Market ENISA evaluation study for period 2013-2016 5

Why ENISA Reform? Need for enhanced role for ENISA with: A Stronger Mandate Adequate Resources Permanent Status Reformed ENISA (EU Cybersecurity Agency) 6

The Proposed Cybersecurity Act Six key objectives: 1 Increasing capabilities and preparedness at EU and MS level 2 Improving cooperation and coordination of stakeholders 3 Increasing EU level capabilities to complement MS action 4 Promoting cybersecurity awareness in the EU 5 Increasing transparency of cybersecurity assurance 6 Avoiding fragmentation of certification schemes 7

Proposed Tasks for a Stronger ENISA with a Permanent Mandate: Law and Policy Tasks Capacity Building Operational Cooperation Market and Certification Awareness Raising Research and Innovation International Cooperation 8

The Proposed Cybersecurity Act The proposal contains important new/revised tasks for ENISA: Strengthened and reinforced ENISA; substantially altered: - Role in policy development and implementation - Role in operational cooperation Blueprint - Participation in research funding programmes EU-level cybersecurity certification framework with: - A role for ENISA in the preparation of candidate schemes - Secretariat assistance provided by ENISA for the European Cybersecurity Certification Group 9

Policy and Research & Innovation ENISA involvement in the development, implementation and review of Union law and policy (Article 5): Horizontal and sectoral policy relating to cybersecurity NIS Directive implementation Special attention to electronic identity and trust services; security of electronic communications Annual report on state of implementation of legal framework Enhanced participation in research funding programmes (Article 10): Possibility to participate as a beneficiary or in the implementation of research and innovation programmes 10

Operational cooperation Enhanced operational role and involvement in the Blueprint for largescale cybersecurity incidents and crises (Article 7): ENISA to provide support to or carry out ex-post technical enquiries. ENISA to contribute to developing a cooperative response to large-scale cross border incidents or crises (Blueprint): a) aggregating reports from national sources to contribute to common situational awareness; b) ensuring efficient information flow and escalation mechanisms between CSIRTs Network, technical and political decision-makers; c) supporting technical handling of an incident/crisis, including facilitating sharing of technical solutions between Member States; d) supporting public communication around incidents/crises; e) testing the cooperation plans to respond to incidents/crises. 11

EU Cybersecurity Certification The Commission proposes a European Cybersecurity Certification framework (Article 8 and Title III) with ENISA involvement in steps 2 and 3 of the process displayed below: Commission requests ENISA ENISA drafts scheme involving all stakeholders and ECCG Commission adopts scheme by means of implementing acts MS or ECCG propose to Commission the drafting of a scheme 12

Key Aspects of Proposed Framework Key aspects of the proposed EU cybersecurity certification framework include: Addresses market fragmentation Presents a voluntary and risk-based approach Defined assurance levels (Basic, Substantial, High) Role for Member States: - Propose preparation of a candidate scheme to the Commission - Involvement through European Cybersecurity Certification Group (composed of national certification supervisory authorities) - Involved in the procedure for adoption of an implementing act Clear separation of tasks in line with Regulation (EU) 765/2008 13

Cybersecurity Package: Developments Council Conclusions of 20 th November 2017 on the Renewed Cybersecurity Strategy (JOIN(2017) 450): Welcomed the permanent mandate for ENISA, with a primary objective to: (a) support and develop cooperation between Member States; (b) increase capacities of Member States; (c) Increase confidence in a digital Europe. Stressed the need to strengthen cybersecurity certification National Parliaments subsidiarity deadline lapsed on 7 th December 2017 14

Cybersecurity Package: The Next Steps European Parliament First Reading of Cybersecurity Act: Responsible Committee in EP ITRE Committee Involvement of BUDG, IMCO, LIBE, and AFET Committees (Opinion) Vote scheduled in Committee Q3 2018 Ongoing discussions in the Council Expected Opinions from EESC and CoR EPRS European Parliamentary Research Service, 2018 15

Thank you PO Box 1309, 710 01 Heraklion, Greece Tel: +30 28 14 40 9710 info@enisa.europa.eu www.enisa.europa.eu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback