The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Similar documents
NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Commonwealth Cyber Declaration

ENISA EU Threat Landscape

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Package of initiatives on Cybersecurity

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Directive on security of network and information systems (NIS): State of Play

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

ENISA s Position on the NIS Directive

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Ms. Izumi Nakamitsu High Representative for Disarmament Affairs United Nations

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Cyber Security in Europe

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

Bradford J. Willke. 19 September 2007

European Union Agency for Network and Information Security

Medical Device Cybersecurity: FDA Perspective

Cybersecurity & Digital Privacy in the Energy sector

European Directives and reglements for Information security

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

Directive on Security of Network and Information Systems

Securing Europe's Information Society

Regional Development Forum For the Arab States(RDF-ARB) 2018

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Security and resilience in Information Society: the European approach

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

OUTCOME DOCUMENT OF THE INTERNATIONAL CONFERENCE ON CYBERLAW, CYBERCRIME & CYBERSECURITY

Cybersecurity Package

Promoting Global Cybersecurity

13967/16 MK/mj 1 DG D 2B

Society, the economy and the state depend on information and communications technology (ICT).

Discussion on MS contribution to the WP2018

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cyber Security Strategy

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

From Hyogo to Sendai. Anoja Seneviratne Disaster Management Centre

Provisional Translation

RESOLUTION 45 (Rev. Hyderabad, 2010)

GLOBAL AGENDA FOR CYBER CAPACITY BUILDING

Itu regional workshop

DHS Cybersecurity: Services for State and Local Officials. February 2017

21ST OSCE ECONOMIC AND ENVIRONMENTAL FORUM

NIS-Directive and Smart Grids

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

National Policy and Guiding Principles

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Romania - Cyber Security Strategy. 6th IT STAR Workshop on Digital Security

WSIS Forum 2012-Identifying Emerging Trends and a Vision beyond 2015!

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

RESOLUTION 130 (REV. BUSAN, 2014)

RESOLUTION 67 (Rev. Buenos Aires, 2017)

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

The UNISDR Private Sector Alliance for Disaster Resilient Societies

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

H2020 WP Cybersecurity PPP topics

Cybersecurity Strategy of the Republic of Cyprus

Plenipotentiary Conference (PP- 14) Busan, 20 October 7 November 2014

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

Draft Resolution for Committee Consideration and Recommendation

Examining Cooperative Strategies through Cyber Exercises

Global Security Advisor

Cyber Security Strategic Level Landscape in Poland. Krzysztof Silicki NASK Institute, Poland ENISA MB, EB

Call for Expressions of Interest

NIS Standardisation ENISA view

Cyber Security Strategy

Ministerial Meeting 19 th June 2015 Nuku alofa, Tonga

IMPORTANT GLOBAL CYBERLAW TRENDS 2017

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

G7 Bar Associations and Councils

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Implementing Executive Order and Presidential Policy Directive 21

Global cybersecurity and international standards

Legal Foundation and Enforcement: Promoting Cybersecurity

THE VALUE OF INTERNATIONAL COOPERATION IN CYBERSPACE: LESSONS FROM THE UNGGE PROCESS

EISAS Enhanced Roadmap 2012

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

Report to the Storting (white paper) No. 38

Cyber Security Roadmap

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

International cyber strategy for Norway

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Security and Privacy Governance Program Guidelines

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

Plan of action for Implementation of the Sendai Framework for Disaster Risk Reduction in Central Asia and South Caucasus Region

PIPELINE SECURITY An Overview of TSA Programs

Transcription:

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association page 1

Cybersecurity Strategy Essential Points The norms, principles and values that the City of Vienna and the the Vienna Hospital Association uphold offline, should also apply online Cyberspace must be correctly protected The City of Vienna has a significant role to play in ensuring a safe cyberspace The City of Vienna and the Vienna Hospital Association augment this situation by ensuring respect of fundamental rights online page 2

The Crux of Cyber Resilience Digital technology touches virtually every aspect of daily life today: Social interaction, political engagement or economic decisionmaking and also healthcare activity Digital connectivity impinges on all of these, and the dependence on this connectivity is growing swiftly It is necessary to develop a common set of expectations to address systemic risks, and to define not only the roles but also the responsibilities of all participants in the cyber ecosystem page 3

The Crux of Cyber Resilience (cont.) The collective ability to manage cyber risks in this shared digital environment is fundamental. Information security relates to a core aspect of modern life TRUST in the strategic infrastructure that we need people who work with it every day E-Health applications, we work with suppliers of E-Health products and medical devices page 4

Uncertain information can destroy this trust! "It's about nothing less than the question of how an instrument can be mutually created in the work style of the health and social care community to be safe, reliable, efficient and trustworthy" It's about lifelines in a modern society page 5

Perspectives of ICT in Hospitals and Healthcare Altered structures in healthcare and integrated care models require ICT for their implementation Healthcare needs to became more: patient-centered and user-oriented knowledge-based process-oriented and output-oriented Increasing globalization and networking of healthcare processes also increase cyber vulnerability and increase the importance of the above aspects page 6

Strategic Objectives To strengthen cyber resilience To develop a cyber defence policy and related capabilities in accordance with Austrian national security and defence policy To develop technological resources for cybersecurity To reduce cybercrime by working together with the National Association of Computer Emergency Response Teams ( CERT-Verbund: HealthCERT, GovCERT, MilCERT, WienCERT, ) page 7

Achieving Cyber Resilience Requires the establishment of a cybersecurity culture to enhance business opportunities and competitiveness Requires the exchange of information between, and the reporting of significant incidents to, members of the National Association of CERTs / CSIRTs and other regulatory bodies Requires the improvement and expansion of cybersecurity exercises, in combination with civil defence exercises, as carried out by the Vienna Hospital Association and the City of Vienna page 8

Achieving Cyber Resilience (cont. 1) The strategy should aim to increase cooperation and transparency relating to cybersecurity in ICT activity. A high degree of cybersecurity can only be guaranteed if all contribute something to the value chain for cybersecurity. Cooperation with relevant stakeholders in the development of technical guidelines to identify emerging trends relating to cybersecurity, and security in general, is necessary. page 9

Achieving Cyber Resilience (cont. 2) A public private partnership structure for coordination at operational level involving the business and research sectors should be created It should be designed as an operational executive body for overall cyber crisis and civil defence crisis management A periodic and incident-related Cybersecurity Overview of the threat situation in cyber space should be prepared and published page 10

Cyber Crisis Management as a part of Civil Defence Crisis Management Austria s Cyber Crisis Management involves state, provincial and local authority administrations, and operators of critical infrastructure. Vienna s Civil and Cyber Crisis Management is a part of this. It is modelled on the Governmental Crisis and Civil Protection Management architecture (SKKM) Crisis management and continuity plans are prepared and updated regularly on the basis of risk analyses for sector-specific and cross-sectoral cyber threats page 11

page 12

Establishing a Regulatory Framework Institutions can take all the actions they want on their own, but if there is no law-enforcement mechanism to pursue and prosecute perpetrators, then their actions are meaningless. A balance between incentives and sanctions must be set to ensure the performance of nonstate actors In order to guarantee cybersecurity in Austria, it is necessary to establish an additional legal framework, regulatory measures and selfcommitment (code of conduct) page 13

Establishing a Regulatory Framework (cont.) The following points are important for the additional legal framework: Information exchange between authorities and nonstate actors An obligation of the state, private industry, and research sectors to report incidents to the cyber security centre A duty to adopt protection measures The security of the private industry and the research sectors supply chains is also important page 14

page 15

Cooperation between Stakeholders The responsibility to use digital technology in a prudent way rests with each individual organizational unit. But only broad cooperation between all sectors and regular mutual exchange of information will make the use of ICT transparent and safe. page 16

Support for Small and Medium Enterprises Priority programmes on cybersecurity will be launched to raise awareness amongst small and medium enterprises (SMEs) concerning cybersecurity Sector-specific information platforms such as the Austrian Trust Circles should help to develop cyber risk management plans for SMEs These risk management plans should be coordinated with governmental crisis and continuity management plans page 17

Protection of Critical Infrastructure Today almost all sectors of infrastructure increasingly depend on specialised ICT systems It is therefore a top priority to improve the resilience of these ICT systems against cyber threats Under the Austrian Programme for Critical Infrastructure Protection, enterprises operating critical infrastructure systems are encouraged to introduce comprehensive security architectures page 18

Protection of Critical Infrastructure (cont. 1) The enterprises operating critical infrastructure systems should be involved in all processes of national and also regional crisis management Existing arrangements for the protection of critical infrastructure and the national and regional crisis and civil protection management should be reviewed on an ongoing basis to ensure that they continue to meet new cyber challenges and the protection plans should be modified if required page 19

Protection of Critical Infrastructure (cont. 2) Enterprises involved in critical infrastructure should have a duty to report severe cyber incidents Crisis communication should be further developed and intensified Enterprises involved in critical infrastructure should set up a default comprehensive security, risk and crisis management architecture page 20

Awareness Raising and Training By sensitising all target groups, the necessary awareness of, personal interest in, and attention to cybersecurity will be increased These awareness-raising measures will help to create understanding for the need to ensure cybersecurity in Austria page 21

Awareness Raising and Training (cont.) A meaningful and adequate ICT competence level should be ensured by expanding training in the field of cyber security and media competence in schools and other educational facilities as well as by developing national cyber security competence in the apprenticeship training system Awareness-raising initiatives should be developed, coordinated and implemented on the basis of a common approach incorporating existing programmes page 22

Strengthening a Cybersecurity Culture In this context it is important to examine cybersecurity from different perspectives, to highlight relevant dangers, to draw attention to possible effects and damage as well as to make recommendations for additional security measures To ensure cybersecurity, technical expertise is necessary, which must be based on state-of-theart research and development results Cybersecurity must be among our key research priorities page 23

Effective Collaboration on Cybersecurity The free exercise of all human rights must be guaranteed in virtual space, and particularly the right to freedom of expression, and information must not be restricted in cyber space This is the position Austria should adopt in international forums Hence, Austria should participate actively in developing and establishing a transnational code of governance in cyber space, which will include measures to build confidence and security page 24

Thank you for your attention Franz Hoheiser-Pförtner Chief Information Security Officer Certified Information Systems Security Professional (CISSP) Vienna Hospital Association phone +43 1 40409 66017 e-mail: franz.hoheiser-pfoertner@wienkav.at page 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback