Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Similar documents
Cybersecurity Package

Cybersecurity & Digital Privacy in the Energy sector

Package of initiatives on Cybersecurity

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

Directive on security of network and information systems (NIS): State of Play

ENISA EU Threat Landscape

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

13967/16 MK/mj 1 DG D 2B

Cyber Security in Europe

European Directives and reglements for Information security

NIS Standardisation ENISA view

EU policy on Network and Information Security & Critical Information Infrastructures Protection

ENISA s Position on the NIS Directive

Cyber Security Beyond 2020

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Committee on the Internal Market and Consumer Protection

European Union Agency for Network and Information Security

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

This document corrects document COM(2017)477 final of

ICT Legal Consulting on GDPR: the possible value of certification in data protection compliance and accountability

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Directive on Security of Network and Information Systems

Network and Information Security Directive

***I DRAFT REPORT. EN United in diversity EN. European Parliament 2017/0225(COD)

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Cybersecurity. Quality. security LED-Modul. basis. Comments by the electrical industry on the EU Cybersecurity Act. manufacturer s declaration

H2020 WP Cybersecurity PPP topics

***I DRAFT REPORT. EN United in diversity EN. European Parliament 2018/0328(COD)

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

ACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS

Committee on the Internal Market and Consumer Protection. of the Committee on the Internal Market and Consumer Protection

The Digitalisation of Finance

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Security and resilience in Information Society: the European approach

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

EUROPEAN ACCREDITATION LEGAL FRAMEWORK

Commonwealth Cyber Declaration

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

ENISA Cooperation in the EU / NIS Directive

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Securing Europe's Information Society

Joint FIEEC-ZVEI Position on Cybersecurity

The Network and Information Security Directive - ENISA's contribution

Achieving Global Cyber Security Through Collaboration

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

The NIS Directive and Cybersecurity in

eidas Regulation (EU) 910/2014 eidas implementation State of Play

Discussion on MS contribution to the WP2018

Cyber security Act Certification part. 1st of March 20018

Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)

POSITION PAPER. Initial position on the EU cybersecurity package OCTOBER 2017

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

EISAS Enhanced Roadmap 2012

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

EU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

Project CyberSouth Cooperation on cybercrime in the Southern Neighbourhood

Cyber Security in Europe and CEER s new PEER initiative

Romania - Cyber Security Strategy. 6th IT STAR Workshop on Digital Security

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Call for Expressions of Interest

CERT.LV activities, role in Latvia and globally. Baiba Kaskina, CERT.LV , Sofia, Bulgaria

Valérie Andrianavaly European Commission DG INFSO-A3

Regulating Cyber: the UK s plans for the NIS Directive

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Overview of ICT certification laboratories FINAL V1.1 JANUARY European Union Agency For Network and Information Security

EUROPEAN ORGANISATION FOR SECURITY SUPPLY CHAIN SECURITY WHITE PAPER

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Security Aspects of Trust Services Providers

Provisional Translation

Mutual Recognition Agreement/Arrangement: General Introduction, Framework and Benefits

10025/16 MP/mj 1 DG D 2B

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

ARTICLE 29 DATA PROTECTION WORKING PARTY

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

The Role of the Data Protection Officer

ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

Mozilla position paper on the legislative proposal for an EU Cybersecurity Act

10496/18 MC/sl 1 DGD 2

Cyber security: a building block of the Digital Single Market

NIS-Directive and Smart Grids

3.4 The EU as a partner in cyber diplomacy and defence

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015

MOTION FOR A RESOLUTION

DG GROW meeting with Member States in preparation of Space Strategy 8 th July Working document#1: Vision and Goals

ACCAB. Accreditation Commission For Conformity Assessment Bodies

SECURITY CERTIFICATION

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

Transcription:

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU 1

Building strong cybersecurity for the EU: Resilience, Deterrence and Defence From reactive to pro-active and cross-policy approach bringing various work streams together to build EU's strategic cybersecurity autonomy Improving resilience and response by boosting capabilities (technology/skills), ensuring the right structures are in place and EU cybersecurity single market functions well Stepping up work to detect, trace and hold accountable those responsible for cyber attacks Strengthening international cooperation as a platform for EU leadership on cybersecurity Involving all key actors - the EU, Member States, industry and individuals to give cybersecurity priority it deserves 2

Building EU Resilience to cyber attacks Creating effective EU cyber deterrence Strengthening international cooperation on cybersecurity Cybersecurity Act Reformed ENISA EU cybersecurity Certification Framework Identifying malicious actors Stepping up the law enforcement response Promoting global cyber stability and contributing to Europe's strategic autonomy in cyberspace Strengthening cyber dialogues Communication NIS Directive Implementation Stepping up public-private cooperation against cybercrime Modernising export controls, including for critical cybersurveillance technologies Recommendation Rapid emergency response Blueprint & Cybersecurity Emergency Response Fund Stepping up political response Continue rights-based capacity building model Cybersecurity competence network with a European Cybersecurity Research and Competence Centre Building cybersecurity deterrence through the Member States' defence capability Deepen EU-NATO cooperation on cybersecurity, hybrid threats and defence Building strong EU cyber skills base, improving cyber hygiene and awareness 3

ICT cybersecurity certification Towards a true cybersecurity single market in the EU

The issue The digitalisation of our society generates greater need for cyber secure products and services Cybersecurity certification plays an important role in increasing trust of digital products and services Current landscape emergence of separate national initiatives lacking mutual recognition (e.g. France, UK, Germany, Netherlands, Italy) Current European mechanisms (SOG-IS MRA) have limited membership (12 MSs), involve high costs and long duration

Our proposal A voluntary European cybersecurity certification framework. to enable the creation of individual EU certification schemes for ICT products and services that are valid across the EU

How will the framework work in practice ENISA Consults Industry & Standardization Bodies European Commission Requests ENISA to prepare a Candidate Scheme ENISA Prepares candidate scheme ENISA Transmits candidate scheme to the European Commission European Commission Adopts Candidate Scheme A European Cybersecurity Certification Scheme European Cybersecurity Certification Group (MSs) ECCG Advices ENISA or may propose the Advises preparation and of a scheme to assists the Commission preparation In a nutshell: EC proposes & decides, Group advices (and may propose), ENISA prepares schemes

Core elements (i) No 'One size fits all' - one EU Framework, many schemes Each scheme will specify: - i) scope (pdct/service), ii) evaluation criteria, iii) assurance level, iv) security requirements v) rules for monitoring compliance Certificates from European schemes are valid across all MSs. Where a European scheme exists: - MSs cannot introduce new national schemes with same scope - Existing national schemes covering same pdct/service cease to produce effects - Existing certificates from national schemes are valid until expire date The use of EU certificates remains voluntary, unless otherwise specified in Union law. A EU scheme should not conflict with certification provisions from other Union legislation (e.g. data protection certification in GDPR). 8

Core elements (ii) National Authorities and European Cybersecurity Certification Group (ECCG) MSs will appoint a national certification supervisory authority. In their territory, each authority shall: supervise the activities of conformity assessment bodies (CAB) and the compliance of the certificates issued by CABs be independent of the entities they supervise. handle complaints on certificates issued by CABs withdraw certificates that are not compliant and impose penalties participate in the new European Cybersecurity Certification Group The Group has the following tasks: advises the Commission and assists ENISA in the preparation of EU schemes proposes to the Commission that it requests ENISA to prepare a EU scheme adopt opinions addressed to the Commission relating to the maintenance and review of existing EU schemes The Commission chairs the Group and provides the secretariat with the assistance of ENISA 9

Core elements (iii) National Accreditation Bodies (NABs) & Conformity Assessment Bodies (CABs) European cybersecurity certificates are normally issued by CABs accredited by a National Accreditation Body (NAB) Reg. 765/2008 - Accreditation shall be issued for a maximum of five years - NABs can revoke accreditation of CABs - NABs notify the Commission of the accredited CABs for each EU scheme However, in justified cases a European scheme may provide that a certificates can only be issued by a public body such as: - a national certification supervisory authority - a body accredited as a CAB - a body established under national laws, meeting the requirements according to ISO/IEC 17065:2012. 10

Benefits for citizens/end users NOW Difficult to distinguish between more and less secure products/services FUTURE more information on the security properties of product/services ahead of purchase Co-existence of schemes makes comparison difficult end-users (OES) refrain from buying certified products/services Greater incentive for OES to buy certified products/service Increased cyber resilience of critical infrastructures As end-users of digital solutions, governments would rely on an institutional framework to identify and express priority areas needing ICT security certification.

For vendors/providers The possibility to obtain cybersecurity certificates that are valid across the EU would: Generate higher incentive to certify and enhance the quality of digital products / services Enhance competitiveness through reduced time and cost of certification Help gain access to market segments where certification is required Contribute to promote a chain of trust between vendors and end-users For SMEs and new business Elimination of a potential market-entry barrier

Thank you for your attention!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback