SlideShare a Scribd company logo

Protecting Europe's Network Infrastructure

European Union Agency for Network and Information Security (ENISA)
European Union Agency for Network and Information Security (ENISA)

The document summarizes the role and activities of the European Union Agency for Network and Information Security (ENISA). ENISA works to protect Europe's network infrastructure by advising the EU and member states on cybersecurity strategies and policies. It supports the development and implementation of the EU Cybersecurity Strategy and the EU Network and Information Security Directive. ENISA also assists in developing computer emergency response teams, conducting cybersecurity exercises, and analyzing emerging threats and technologies to secure new business models and critical infrastructure.

TechnologyNews & Politics
1 of 31
www.enisa.europa.eu PROTECTING EUROPE’S NETWORK INFRASTRUCTURE Udo Helmbrecht Executive Director European Union Agency for Network and Information Security – ENISA CYBER INTELLIGENCE EUROPE Brussels, 18th September 2013
www.enisa.europa.eu Topics • ENISA’s role • EU Cyber Security Strategy & EU NIS Directive • Protecting Critical Information Infrastructure • Assisting Operational Communities • CERTs • Securing New Business Models & New Technologies • Security & Data Breach Notification • Data Protection 2
www.enisa.europa.eu ENISA & EU CYBERSECURITY STRATEGY EU NIS1 DIRECTIVE 3 1Network and Information Security
www.enisa.europa.eu ENISA Objectives 1. Advice for EU & MS-political support 2. Supporting new business models & threat landscape analysis 3. “Hands on” – Computer Emergency Response Teams; building up CERTs REGULATION (EU) No 526/2013 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 21, MAY, 2013 4
www.enisa.europa.eu ENISA’s new regulation • Strong interface re fight against cybercrime - focusing on prevention & detection - with Europol’s European Cybercrime Centre (EC3) • Supporting development of EU cyber security policy & legislation • Supporting research, development & EU standardisation, for risk management & security of electronic products, networks & services • Supporting prevention, detection of & response to cross-border cyber-threats • Aligning ENISA more closely to EU Regulatory process, providing EU countries & Institutions w. assistance & advice REGULATION (EU) No 526/2013 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 21, MAY, 2013 5
www.enisa.europa.eu Recent ENISA Missions ©Shutterstock 6
www.enisa.europa.eu EU Cybersecurity Strategy I. EU's core values apply both in digital & physical world II. Protecting fundamental rights, freedom of expression, personal data & privacy 1. Achieving cyber resilience 2. Drastically reducing cybercrime 3. Developing cyberdefence policy & capabilities 4. Develop industrial & technological resources for cybersecurity 5. Establish a coherent international cyberspace policy for EU & promote core EU values 7 JOINT COMMUNICATION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS, Cybersecurity Strategy of the EU, 7.2.2013 JOIN(2013) 1
www.enisa.europa.eu Articles of the NIS Directive 5: National NIS strategy & national NIS cooperation plan 6: National competent authority on the security of network & information systems 7: Computer Emergency Response Team 8: Co-operation Network 9: Secure information-sharing system 10: Early warnings 11: Coordinated response 12: Union NIS cooperation plan 14: Security requirements & incident notification 16: Standardisation 8 DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning measures to ensure a high common level of network and information security across the Union, 7.2.2013 COM(2013) 48
www.enisa.europa.eu GOOD PRACTICE GUIDE ON NATIONAL CYBER SECURITY STRATEGIES (NCSS) Example 9 http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/cyber-security- strategies-paper
www.enisa.europa.eu EU Member States with NCSS  Austria  Czech Republic  Estonia  Finland  France  Germany  Hungary  Lithuania  Luxemburg  The Netherlands  Poland  Romania  Slovakia  Sweden  United Kingdom 10
www.enisa.europa.eu CYBER SECURITY EXERCISES Example 11
www.enisa.europa.eu Cyber Security Exercises • Cyber Europe 2010 • Europe’s 1st ever international cyber security exercise • EU-US exercise, 2011 • 1st transatlantic cooperation - COM/MS • Cyber Europe 2012 • Built on 2010 & 2011 exercises • Involved MS, private sector & EU institutions. • Highly realistic exercise, Oct 2012 • 4000 injects, 517 individuals, 339 organisations 12 https://www.enisa.europa.eu/media/press-releases/largest-cyber-security-exercise-cyber-europe- report-published-in-23-languages-by-eu-agency-enisa
www.enisa.europa.eu 13
www.enisa.europa.eu 14 EU Cyber Security Strategy §2.1 Achieving Cyber Resilience The Commission asks ENISA to: • Assist the Member States in developing strong national cyber resilience capabilities, notably by building expertise on security and resilience of industrial control systems, transport and energy infrastructure • Continue supporting the Member States and the EU institutions in carrying out regular pan-European cyber incidents exercises which will also constitute the operational basis for the EU participation in international cyber incidents exercises.
www.enisa.europa.eu CERT - COMPUTER EMERGENCY RESPONSE TEAM Example 15 http://www.enisa.europa.eu/activities/cert
www.enisa.europa.eu National/governmental CERTs the situation has changed… • We are building & actively supporting a growing network of national/governmental CERTs • CERT Interactive MAP: http://www.enisa.europa.eu/activities/cert/background/inv/certs-by- country-interactive-map ESTABLISHED IN 2005: ESTABLISHED IN 2013:Armenia Austria Belgium Bulgaria Croatia Czech Republic Denmark Estonia Finland France Georgia Germany Greece Hungary Iceland Ireland Israel Italy Latvia Lithuania Luxembourg Malta Netherlands Norway Poland Portugal Romania Slovakia Slovenia Spain Sweden Switzerland Turkey Ukraine United Kingdom EU Institutions Finland France Germany Hungary The Netherlands Norway Sweden United Kingdom 16
www.enisa.europa.eu 17 EU Cyber Security Strategy §2.1 Achieving Cyber Resilience The Commission asks ENISA to: Examine in 2013 the feasibility of Computer Security Incident Response Teams for Industrial Control Systems (ICS- CSIRTs) for the EU.
www.enisa.europa.eu BREACH NOTIFICATION Example 18 http://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents-reporting http://www.enisa.europa.eu/activities/identity-and-trust/risks-and-data-breaches/dbn
www.enisa.europa.eu • 1st report in 2012 (on 2011’s incidents - 51) • 2nd report in 2013 (on 2012’s incidents); • 79 incidents from 18 countries, • 9 countries without incidents, • 1 country without implementation (9 in 2011) • Most incidents affect mobile comms (50% of incidents, 1.8 Mn/incident) • Natural disaster, power cuts outages affected 2.8 Mn/incident • Ca 40% impact on emergency number 112 https://www.enisa.europa.eu/media/press-releases/new-major-incidents-in-2012-report-by-eu-cyber-security-agency-enisa Major Incidents 2012 - “Article 13a” 19 Third party failure System failure Malicious attacks 138 5 6 76
www.enisa.europa.eu SECURING NEW BUSINESS MODELS & NEW TECHNOLOGIES Example 20
www.enisa.europa.eu Smartphone Security 21 ENISA report: • Guide for developers on how to develop secure apps • Presents top 10 controls to implement, based on the top 10 most important risks for mobile users http://www.enisa.europa.eu/act/application-security/smartphone-security-1/smartphone-secure-development-guidelines
www.enisa.europa.eu Cloud Computing Objectives for Cloud Computing: • Help governments & businesses to leverage cost benefits of cloud computing, with due consideration of security requirements & new risks • Improve transparency on security practices - > allow informed decisions • Create trust & trustworthiness by promoting best practice & assurance standards Report defines minimum baselines for: • Comparing cloud offers • Assessing the risk to go Cloud • Reducing audit burden & security risks www.enisa.europa.eu/act/application-security/rm/files/deliverables/cloud-computing-risk-assessment 22
www.enisa.europa.eu Smart Grid Security ENISA recommendations include: • Establishing of clear regulatory & policy framework on smart grid cyber security at national & EU level – currently missing! • The EC, with ENISA, MS, & private sector, should develop minimum set of security measures based on existing standards & guidelines • EC & MS authorities should promote security certification schemes for entire value chain of smart grids components, including organisational security www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/smart-grids-and-smart-metering/ENISA-smart-grid-security- recommendations 23
www.enisa.europa.eu 24 EU Cyber Security Strategy §2.4 Promoting a Single Market for Cybersecurity Products The Commission asks ENISA to: Develop, in cooperation with relevant national competent authorities, relevant stakeholders, International and European standardisation bodies and the European Commission Joint Research Centre, technical guidelines and recommendations for the adaptation of NIS standards and good practices in the public and private sectors.
www.enisa.europa.eu SECURITY LANDSCAPE Example 25 http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/ENISA_Threat_Landscape Risk = Asset, Threat, Impact
www.enisa.europa.eu Threats & Trends (1) 26
www.enisa.europa.eu Threats & Trends (2) 27
www.enisa.europa.eu 28 EU Cyber Security Strategy §2.4 Fostering R&D investments & innovation The Commission asks Europol and ENISA to: Identify emerging trends and needs in view of evolving cybercrime and cybersecurity patterns so as to develop adequate digital forensic tools and technologies.
www.enisa.europa.eu PRIVACY Example 29 http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/the-right-to-be- forgotten?searchterm=The+right+to+be+forgotten
www.enisa.europa.eu “The Right To Be Forgotten” - between expectations & practice • Included in proposed EC regulation of Jan 2012 on “the processing of personal data & on free movement of such data” • ENISA addressed technical means of assisting enforcement of ”the right to be forgotten” • A purely technical & comprehensive solution to enforce the right in open Internet is not possible • Technologies do exist that minimize amount of personal data collected & stored online 30  Personal Data is the new currency in Cyberspace !
www.enisa.europa.eu 31 European Union Agency for Network and Information Security Science and Technology Park of Crete P.O. Box 1309 71001 Heraklion Crete Greece http://www.enisa.europa.eu Follow us on: Contact details

Recommended

European priorities in information security
European priorities in information securityEuropean priorities in information security
European priorities in information securityEuropean Union Agency for Network and Information Security (ENISA)
 
The Cope Cyber Security Market https://smartdigitalplanet.files.wordpress.com...
The Cope Cyber Security Market https://smartdigitalplanet.files.wordpress.com...The Cope Cyber Security Market https://smartdigitalplanet.files.wordpress.com...
The Cope Cyber Security Market https://smartdigitalplanet.files.wordpress.com...KEBE Mbaye
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Brian Honan
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaEUBrasilCloudFORUM .
 
Session 2.1 Martin Mühleck
Session 2.1 Martin MühleckSession 2.1 Martin Mühleck
Session 2.1 Martin MühleckCommonwealth Telecommunications Organisation
 
Vodafone security priorities in Greece
Vodafone security priorities in GreeceVodafone security priorities in Greece
Vodafone security priorities in GreeceKevin Duffey
 
Siber Uzayda NATO ve AB
Siber Uzayda NATO ve ABSiber Uzayda NATO ve AB
Siber Uzayda NATO ve ABEnsar Seker
 
[CB20] Alliance power for Cyber Security by Kenneth Geers
[CB20] Alliance power for Cyber Security by Kenneth Geers[CB20] Alliance power for Cyber Security by Kenneth Geers
[CB20] Alliance power for Cyber Security by Kenneth GeersCODE BLUE
 

Recommended

European priorities in information security
European priorities in information securityEuropean priorities in information security
European priorities in information securityEuropean Union Agency for Network and Information Security (ENISA)
 
The Cope Cyber Security Market https://smartdigitalplanet.files.wordpress.com...
The Cope Cyber Security Market https://smartdigitalplanet.files.wordpress.com...The Cope Cyber Security Market https://smartdigitalplanet.files.wordpress.com...
The Cope Cyber Security Market https://smartdigitalplanet.files.wordpress.com...KEBE Mbaye
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Brian Honan
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaEUBrasilCloudFORUM .
 
Session 2.1 Martin Mühleck
Session 2.1 Martin MühleckSession 2.1 Martin Mühleck
Session 2.1 Martin MühleckCommonwealth Telecommunications Organisation
 
Vodafone security priorities in Greece
Vodafone security priorities in GreeceVodafone security priorities in Greece
Vodafone security priorities in GreeceKevin Duffey
 
Siber Uzayda NATO ve AB
Siber Uzayda NATO ve ABSiber Uzayda NATO ve AB
Siber Uzayda NATO ve ABEnsar Seker
 
[CB20] Alliance power for Cyber Security by Kenneth Geers
[CB20] Alliance power for Cyber Security by Kenneth Geers[CB20] Alliance power for Cyber Security by Kenneth Geers
[CB20] Alliance power for Cyber Security by Kenneth GeersCODE BLUE
 
Cp18 cyrail final conference en
Cp18 cyrail final conference enCp18 cyrail final conference en
Cp18 cyrail final conference enUICcom
 
Summary-ECSM_4edition
Summary-ECSM_4editionSummary-ECSM_4edition
Summary-ECSM_4editionRalf Braga
 
National cyber security strategies
National cyber security strategiesNational cyber security strategies
National cyber security strategiesjcp88600
 
AEGIS Project Overview
AEGIS Project OverviewAEGIS Project Overview
AEGIS Project OverviewAEGIS Big Data
 
CSCSS ISC (INTERNATIONAL STRATEGY FOR CYBERSPACE)
CSCSS ISC (INTERNATIONAL STRATEGY FOR CYBERSPACE)CSCSS ISC (INTERNATIONAL STRATEGY FOR CYBERSPACE)
CSCSS ISC (INTERNATIONAL STRATEGY FOR CYBERSPACE)Centre for Strategic Cyberspace + Security Science
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...DATA SECURITY SOLUTIONS
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseKevin Duffey
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoTFrancesca Giannoni-Crystal
 
cyber policy in Latvia
cyber policy in Latviacyber policy in Latvia
cyber policy in Latviaashraf karaimeh
 
Day 1 From CERT To NCSC
Day 1 From CERT To NCSCDay 1 From CERT To NCSC
Day 1 From CERT To NCSCvngundi
 
dcb1222 - Feature3
dcb1222 - Feature3dcb1222 - Feature3
dcb1222 - Feature3Julie Shennan
 
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsBigData_Europe
 
Cybersecurity isaca
Cybersecurity isacaCybersecurity isaca
Cybersecurity isacaAntoine Vigneron
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesEuropean Union Agency for Network and Information Security (ENISA)
 
Cyber security
Cyber securityCyber security
Cyber securityИрина Шевченко
 
Cyber security
Cyber securityCyber security
Cyber securityИрина Шевченко
 
Enisa and cyber security standards
Enisa and cyber security standardsEnisa and cyber security standards
Enisa and cyber security standardsEuropean Union Agency for Network and Information Security (ENISA)
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Glorisosegughana
 
Cyber security
Cyber securityCyber security
Cyber securityИрина Шевченко
 
Cyber security for smart cities an architecture model for public transport
Cyber security for smart cities an architecture model for public transportCyber security for smart cities an architecture model for public transport
Cyber security for smart cities an architecture model for public transportAndrey Apuhtin
 
EUACM Cybersecurity White Paper
EUACM Cybersecurity White PaperEUACM Cybersecurity White Paper
EUACM Cybersecurity White Paperpteromys_volans
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity ContextMiguel A. Amutio
 

More Related Content

What's hot

Cp18 cyrail final conference en
Cp18 cyrail final conference enCp18 cyrail final conference en
Cp18 cyrail final conference enUICcom
 
Summary-ECSM_4edition
Summary-ECSM_4editionSummary-ECSM_4edition
Summary-ECSM_4editionRalf Braga
 
National cyber security strategies
National cyber security strategiesNational cyber security strategies
National cyber security strategiesjcp88600
 
AEGIS Project Overview
AEGIS Project OverviewAEGIS Project Overview
AEGIS Project OverviewAEGIS Big Data
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...DATA SECURITY SOLUTIONS
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseKevin Duffey
 
Day 1 From CERT To NCSC
Day 1 From CERT To NCSCDay 1 From CERT To NCSC
Day 1 From CERT To NCSCvngundi
 

What's hot (11)

Cp18 cyrail final conference en
Cp18 cyrail final conference enCp18 cyrail final conference en
Cp18 cyrail final conference en
 
Summary-ECSM_4edition
Summary-ECSM_4editionSummary-ECSM_4edition
Summary-ECSM_4edition
 
National cyber security strategies
National cyber security strategiesNational cyber security strategies
National cyber security strategies
 
AEGIS Project Overview
AEGIS Project OverviewAEGIS Project Overview
AEGIS Project Overview
 
CSCSS ISC (INTERNATIONAL STRATEGY FOR CYBERSPACE)
CSCSS ISC (INTERNATIONAL STRATEGY FOR CYBERSPACE)CSCSS ISC (INTERNATIONAL STRATEGY FOR CYBERSPACE)
CSCSS ISC (INTERNATIONAL STRATEGY FOR CYBERSPACE)
 
North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...North European Cybersecurity Cluster - an example of the regional trust platf...
North European Cybersecurity Cluster - an example of the regional trust platf...
 
ENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident responseENISA - EU strategies for cyber incident response
ENISA - EU strategies for cyber incident response
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoT
 
cyber policy in Latvia
cyber policy in Latviacyber policy in Latvia
cyber policy in Latvia
 
Day 1 From CERT To NCSC
Day 1 From CERT To NCSCDay 1 From CERT To NCSC
Day 1 From CERT To NCSC
 
dcb1222 - Feature3
dcb1222 - Feature3dcb1222 - Feature3
dcb1222 - Feature3
 

Similar to Protecting Europe's Network Infrastructure

SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsBigData_Europe
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Glorisosegughana
 
Cyber security for smart cities an architecture model for public transport
Cyber security for smart cities an architecture model for public transportCyber security for smart cities an architecture model for public transport
Cyber security for smart cities an architecture model for public transportAndrey Apuhtin
 
EUACM Cybersecurity White Paper
EUACM Cybersecurity White PaperEUACM Cybersecurity White Paper
EUACM Cybersecurity White Paperpteromys_volans
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity ContextMiguel A. Amutio
 
Cyber security and resilience of intelligent public transport
Cyber security and resilience of intelligent public transportCyber security and resilience of intelligent public transport
Cyber security and resilience of intelligent public transportAndrey Apuhtin
 
Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020Community Protection Forum
 
SMi Group's 5th annual European Smart Grid Cyber Security conference
SMi Group's 5th annual European Smart Grid Cyber Security conferenceSMi Group's 5th annual European Smart Grid Cyber Security conference
SMi Group's 5th annual European Smart Grid Cyber Security conferenceDale Butler
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eumanelmedina
 
The Digital Agenda for Europe. What about the Cloud?
The Digital Agenda for Europe. What about the Cloud?The Digital Agenda for Europe. What about the Cloud?
The Digital Agenda for Europe. What about the Cloud?Carl-Christian Buhr
 
CTO-Cybersecurity-Forum-2010-Peter Burnett
CTO-Cybersecurity-Forum-2010-Peter BurnettCTO-Cybersecurity-Forum-2010-Peter Burnett
CTO-Cybersecurity-Forum-2010-Peter Burnettsegughana
 
Security5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docxSecurity5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docxbagotjesusa
 

Similar to Protecting Europe's Network Infrastructure (20)

SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
 
Cybersecurity isaca
Cybersecurity isacaCybersecurity isaca
Cybersecurity isaca
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Enisa and cyber security standards
Enisa and cyber security standardsEnisa and cyber security standards
Enisa and cyber security standards
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Gloriso
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security for smart cities an architecture model for public transport
Cyber security for smart cities an architecture model for public transportCyber security for smart cities an architecture model for public transport
Cyber security for smart cities an architecture model for public transport
 
EUACM Cybersecurity White Paper
EUACM Cybersecurity White PaperEUACM Cybersecurity White Paper
EUACM Cybersecurity White Paper
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity Context
 
FIRE overview
FIRE overviewFIRE overview
FIRE overview
 
Cyber security and resilience of intelligent public transport
Cyber security and resilience of intelligent public transportCyber security and resilience of intelligent public transport
Cyber security and resilience of intelligent public transport
 
Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020
 
SMi Group's 5th annual European Smart Grid Cyber Security conference
SMi Group's 5th annual European Smart Grid Cyber Security conferenceSMi Group's 5th annual European Smart Grid Cyber Security conference
SMi Group's 5th annual European Smart Grid Cyber Security conference
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Cybercrime Risks Eu
Cybercrime Risks EuCybercrime Risks Eu
Cybercrime Risks Eu
 
The Digital Agenda for Europe. What about the Cloud?
The Digital Agenda for Europe. What about the Cloud?The Digital Agenda for Europe. What about the Cloud?
The Digital Agenda for Europe. What about the Cloud?
 
CTO-Cybersecurity-Forum-2010-Peter Burnett
CTO-Cybersecurity-Forum-2010-Peter BurnettCTO-Cybersecurity-Forum-2010-Peter Burnett
CTO-Cybersecurity-Forum-2010-Peter Burnett
 
Security5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docxSecurity5Security5 is an entry level certifi cation fo.docx
Security5Security5 is an entry level certifi cation fo.docx
 

Recently uploaded

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Recently uploaded (20)

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Protecting Europe's Network Infrastructure

  • 1. www.enisa.europa.eu PROTECTING EUROPE’S NETWORK INFRASTRUCTURE Udo Helmbrecht Executive Director European Union Agency for Network and Information Security – ENISA CYBER INTELLIGENCE EUROPE Brussels, 18th September 2013
  • 2. www.enisa.europa.eu Topics • ENISA’s role • EU Cyber Security Strategy & EU NIS Directive • Protecting Critical Information Infrastructure • Assisting Operational Communities • CERTs • Securing New Business Models & New Technologies • Security & Data Breach Notification • Data Protection 2
  • 4. www.enisa.europa.eu ENISA Objectives 1. Advice for EU & MS-political support 2. Supporting new business models & threat landscape analysis 3. “Hands on” – Computer Emergency Response Teams; building up CERTs REGULATION (EU) No 526/2013 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 21, MAY, 2013 4
  • 5. www.enisa.europa.eu ENISA’s new regulation • Strong interface re fight against cybercrime - focusing on prevention & detection - with Europol’s European Cybercrime Centre (EC3) • Supporting development of EU cyber security policy & legislation • Supporting research, development & EU standardisation, for risk management & security of electronic products, networks & services • Supporting prevention, detection of & response to cross-border cyber-threats • Aligning ENISA more closely to EU Regulatory process, providing EU countries & Institutions w. assistance & advice REGULATION (EU) No 526/2013 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 21, MAY, 2013 5
  • 7. www.enisa.europa.eu EU Cybersecurity Strategy I. EU's core values apply both in digital & physical world II. Protecting fundamental rights, freedom of expression, personal data & privacy 1. Achieving cyber resilience 2. Drastically reducing cybercrime 3. Developing cyberdefence policy & capabilities 4. Develop industrial & technological resources for cybersecurity 5. Establish a coherent international cyberspace policy for EU & promote core EU values 7 JOINT COMMUNICATION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS, Cybersecurity Strategy of the EU, 7.2.2013 JOIN(2013) 1
  • 8. www.enisa.europa.eu Articles of the NIS Directive 5: National NIS strategy & national NIS cooperation plan 6: National competent authority on the security of network & information systems 7: Computer Emergency Response Team 8: Co-operation Network 9: Secure information-sharing system 10: Early warnings 11: Coordinated response 12: Union NIS cooperation plan 14: Security requirements & incident notification 16: Standardisation 8 DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning measures to ensure a high common level of network and information security across the Union, 7.2.2013 COM(2013) 48
  • 9. www.enisa.europa.eu GOOD PRACTICE GUIDE ON NATIONAL CYBER SECURITY STRATEGIES (NCSS) Example 9 http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/cyber-security- strategies-paper
  • 10. www.enisa.europa.eu EU Member States with NCSS  Austria  Czech Republic  Estonia  Finland  France  Germany  Hungary  Lithuania  Luxemburg  The Netherlands  Poland  Romania  Slovakia  Sweden  United Kingdom 10
  • 12. www.enisa.europa.eu Cyber Security Exercises • Cyber Europe 2010 • Europe’s 1st ever international cyber security exercise • EU-US exercise, 2011 • 1st transatlantic cooperation - COM/MS • Cyber Europe 2012 • Built on 2010 & 2011 exercises • Involved MS, private sector & EU institutions. • Highly realistic exercise, Oct 2012 • 4000 injects, 517 individuals, 339 organisations 12 https://www.enisa.europa.eu/media/press-releases/largest-cyber-security-exercise-cyber-europe- report-published-in-23-languages-by-eu-agency-enisa
  • 14. www.enisa.europa.eu 14 EU Cyber Security Strategy §2.1 Achieving Cyber Resilience The Commission asks ENISA to: • Assist the Member States in developing strong national cyber resilience capabilities, notably by building expertise on security and resilience of industrial control systems, transport and energy infrastructure • Continue supporting the Member States and the EU institutions in carrying out regular pan-European cyber incidents exercises which will also constitute the operational basis for the EU participation in international cyber incidents exercises.
  • 15. www.enisa.europa.eu CERT - COMPUTER EMERGENCY RESPONSE TEAM Example 15 http://www.enisa.europa.eu/activities/cert
  • 16. www.enisa.europa.eu National/governmental CERTs the situation has changed… • We are building & actively supporting a growing network of national/governmental CERTs • CERT Interactive MAP: http://www.enisa.europa.eu/activities/cert/background/inv/certs-by- country-interactive-map ESTABLISHED IN 2005: ESTABLISHED IN 2013:Armenia Austria Belgium Bulgaria Croatia Czech Republic Denmark Estonia Finland France Georgia Germany Greece Hungary Iceland Ireland Israel Italy Latvia Lithuania Luxembourg Malta Netherlands Norway Poland Portugal Romania Slovakia Slovenia Spain Sweden Switzerland Turkey Ukraine United Kingdom EU Institutions Finland France Germany Hungary The Netherlands Norway Sweden United Kingdom 16
  • 17. www.enisa.europa.eu 17 EU Cyber Security Strategy §2.1 Achieving Cyber Resilience The Commission asks ENISA to: Examine in 2013 the feasibility of Computer Security Incident Response Teams for Industrial Control Systems (ICS- CSIRTs) for the EU.
  • 19. www.enisa.europa.eu • 1st report in 2012 (on 2011’s incidents - 51) • 2nd report in 2013 (on 2012’s incidents); • 79 incidents from 18 countries, • 9 countries without incidents, • 1 country without implementation (9 in 2011) • Most incidents affect mobile comms (50% of incidents, 1.8 Mn/incident) • Natural disaster, power cuts outages affected 2.8 Mn/incident • Ca 40% impact on emergency number 112 https://www.enisa.europa.eu/media/press-releases/new-major-incidents-in-2012-report-by-eu-cyber-security-agency-enisa Major Incidents 2012 - “Article 13a” 19 Third party failure System failure Malicious attacks 138 5 6 76
  • 20. www.enisa.europa.eu SECURING NEW BUSINESS MODELS & NEW TECHNOLOGIES Example 20
  • 21. www.enisa.europa.eu Smartphone Security 21 ENISA report: • Guide for developers on how to develop secure apps • Presents top 10 controls to implement, based on the top 10 most important risks for mobile users http://www.enisa.europa.eu/act/application-security/smartphone-security-1/smartphone-secure-development-guidelines
  • 22. www.enisa.europa.eu Cloud Computing Objectives for Cloud Computing: • Help governments & businesses to leverage cost benefits of cloud computing, with due consideration of security requirements & new risks • Improve transparency on security practices - > allow informed decisions • Create trust & trustworthiness by promoting best practice & assurance standards Report defines minimum baselines for: • Comparing cloud offers • Assessing the risk to go Cloud • Reducing audit burden & security risks www.enisa.europa.eu/act/application-security/rm/files/deliverables/cloud-computing-risk-assessment 22
  • 23. www.enisa.europa.eu Smart Grid Security ENISA recommendations include: • Establishing of clear regulatory & policy framework on smart grid cyber security at national & EU level – currently missing! • The EC, with ENISA, MS, & private sector, should develop minimum set of security measures based on existing standards & guidelines • EC & MS authorities should promote security certification schemes for entire value chain of smart grids components, including organisational security www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/smart-grids-and-smart-metering/ENISA-smart-grid-security- recommendations 23
  • 24. www.enisa.europa.eu 24 EU Cyber Security Strategy §2.4 Promoting a Single Market for Cybersecurity Products The Commission asks ENISA to: Develop, in cooperation with relevant national competent authorities, relevant stakeholders, International and European standardisation bodies and the European Commission Joint Research Centre, technical guidelines and recommendations for the adaptation of NIS standards and good practices in the public and private sectors.
  • 28. www.enisa.europa.eu 28 EU Cyber Security Strategy §2.4 Fostering R&D investments & innovation The Commission asks Europol and ENISA to: Identify emerging trends and needs in view of evolving cybercrime and cybersecurity patterns so as to develop adequate digital forensic tools and technologies.
  • 30. www.enisa.europa.eu “The Right To Be Forgotten” - between expectations & practice • Included in proposed EC regulation of Jan 2012 on “the processing of personal data & on free movement of such data” • ENISA addressed technical means of assisting enforcement of ”the right to be forgotten” • A purely technical & comprehensive solution to enforce the right in open Internet is not possible • Technologies do exist that minimize amount of personal data collected & stored online 30  Personal Data is the new currency in Cyberspace !
  • 31. www.enisa.europa.eu 31 European Union Agency for Network and Information Security Science and Technology Park of Crete P.O. Box 1309 71001 Heraklion Crete Greece http://www.enisa.europa.eu Follow us on: Contact details