Nowe przepisy Komisji Europejskiej dotyczące cyberbezpieczeństwa (strategia UE, NIS, GDPR obejmuje certyfikację) i jej wpływ na codzienną pracę telco w praktyce
9. Orange Labs9
Badania i rozwój (R&I)
Programy ramowe (FP), HORIZON 2020
Cele (KPI)
Partnerstwo publiczno prywatne (PPP)
Styczeń 2016: Komisja Europejska (EC) uruchamia Cybersecurity
cPPP
Czerwiec 2016: Europejska Organizacja Cyberbezpieczeństwa (ECSO
– Association)
https://www.ecs-org.eu/
450 mEUR z budżetu H2020, oczekiwany poziom inwestycji sektora
prywatnego 1300 mEUR
Strategiczny Plan Badań i Rozwoju (SRIA)
11. ECS - cPPP Partnership Board
(monitoring of the ECS cPPP - R&I priorities)
EUROPEAN
COMMISSION
ECSO –Board of Directors
(Management of the ECSO Association: policy/market actions)
R&I
ECSO General Assembly
INDUSTRIAL POLICY
Coordination / Strategy Committee
WG 1
Standardisation /
certification /
labelling / supply
chain management
WG 2
Market deployment
/ investments /
international
collaboration
WG 3
Sectoral Demand
(Industry 4.0; Energy;
Transport; Finance;
eGov; Health; Smart
Cities; Telecom/media )
WG 4
Support to SMEs
and REGIONS
(in particular
East EU)
WG 5
Education,
training, cyber
ranges, awareness
WG 6
Strategic Research &
Innovation Agenda
Technologies,
Products & Services
SME solutions /
services providers;
local / regional SME
clusters and
associations Startups,
Incubators /
Accelerators
Large companies
Solutions / Services
Providers; National
or European
Organisation /
Associations
Regional / Local
administrations
(with economic
interests); Regional
/ Local Clusters of
Solution / Services
providers or users
Public or
private users /
operators:
large
companies
and SMEs
National Public
Authority
Representatives
Committee
R&I Group /
Policy Advisory
Group (GAG)
Others
(financing
bodies,
insurance,
etc.)
Research Centers
(large and
medium / small),
Academies /
Universities and
their Associations
Governance
12. WORKING GROUPS & TASK FORCES
WG 1
Standardisation
Certification /
Labelling / Supply Chain
Management
WG 2
Market deployment /
investments /
international collaboration
WG 3
Sectoral demand
(vertical market applications:
Industry 4.0; Energy;
Transport; Finance; eGov;
Health; Smart Cities;
Telecom/media )
WG 4
Support SME, REGIONS and
coordination with local
bodies (in particular East EU)
WG 5
Education, training,
awareness,
cyber ranges
WG 6
Strategic Research &
Innovation Agenda (SRIA)
Technologies, Products &
Services
13. Orange Labs13
Europejski certyfikat bezpieczeństwa
Obowiązkowy czy dobrowolny
Koszty
Czas ważności
Przyznawanie
Odnawianie
Monitorowanie
Co ?
Jak ?
Kto ?
Gdzie ?
Kiedy ?
Dlaczego ?
15. 15
Cybersecurity Act: levels proposed
Assurance
Level
Definition proposed
Basic Provides a limited degree of confidence in the claimed or asserted
cybersecurity qualities of an ICT product or service, and is characterized with
reference to technical specifications, standards and procedures related
thereto, including technical controls, the purpose of which is to decrease the
risk of cybersecurity incidents.
Substantial Provides a substantial degree of confidence in the claimed or asserted
cybersecurity qualities of an ICT product or service, and is characterized with
reference to technical specifications, standards and procedures related
thereto, including technical controls, the purpose of which is to decrease
substantially the risk of cybersecurity incidents.
High Provides a higher degree of confidence in the claimed or asserted
cybersecurity qualities of an ICT product or service than certificates with the
assurance level substantial, and is characterized with reference to technical
specifications, standards and procedures related thereto, including technical
controls, the purpose of which is to prevent cybersecurity incidents.
16. 16
Risk assessment: impact levels and relevant
factors mapping
Level of
impact
Attributes Weighting factors
Privacy Confidenti
ality
Integrity Availa
bility
Authenti
city
Safety Reputatio
n and
financial
loss
High
Disclosure
of
biometric
data
Disclosure of
classified IP
System
behaves
different
than
expected
Compl
ete
DoS
Impersona
tion
Death or
permanent
environment
al damage
Break of
business
Substan-
tial
Disclosure
of any
other
personal
data
Disclosure of
any other
information
Some
functionali-
ties features
impacted
Partial
DoS
Impossible
to verify
authentici
ty
Injury or
remediable
environment
al damage
Long term
impact
Basic No
disclosure
of data
No disclo-
sure of
information
No feature is
impacted
No
impact
No impact No harm No impact
17. 17
Possible mapping of levels
Levels of
assurance in the
Cybersecurity
Act
Levels of
assurance from
the ECSO’s
meta-scheme
Levels of
assurance from
the ECSO’s meta-
scheme (alt.)
Body performing
the evaluation
High
A Ag National
(governmental)
body
B A
3rd party
evaluation facility
(lab)
Substantial C B
Basic
D Ce
E Ci Self-evaluation
18. Orange Labs18
ECSO WG1 - 135 members
Standardization, certification, labelling and supply chain
Structure
– SWG 1.1 Products & components manufacturers
– SWG 1.2 ICT infrastructure operators (chaired byOrange)
– SWG 1.3 Users, Integrators and other service providers
– SWG 1.4 Basic Layer
Deliverables:
Challenges of the Industry (COTI)
- Collection of member’s views
State-of-the-Art Syllabus (SOTA)
- Standards and certification schemes
Certification Meta Scheme Approach
- Certification framework proposal
19. Orange Labs19
ECSO WG2 - 41 members
Market deployment
Structure
– SWG 2.1 Market development, products and stakeholders
– SWG 2.2 Investments, innovative business models
– SWG 2.3 International cooperation, global competetiveness and support to
export
– SWG 2.4 Dissemination and awareness, events
20. Orange Labs20
ECSO WG3 - 123 members
Sectoral demand
Structure
– SWG 3.1 Digitalisation of the European Industry (including Industry 4.0) and ICS;
– SWG 3.2 Energy (oil, gas, electricity), and Smart Grids;
– SWG 3.2 Transportation (road, rail, air, sea, space);
– SWG 3.4 Banks and Financial Services, ePayments and Insurance;
– SWG 3.5 Public Services, eGovernment, Digital Citizenship;
– SWG 3.6 Healthcare;
– SWG 3.7 Smart Cities and Smart Buildings (convergence of digital services for Citizens) and
other Utilities;
– SGW 3.8 Telecom, Media and Content
Deliverables (landscape, user engagement, sector specifics, market study):
2018_SWG3.1Industry4.0andICS_sectorreport_final_v0.1
2018_SWG3.4FinancialServicesInsurance_sectorreport_final_v0.1
2018_SWG3.6Healthcare_sectorreport_final_v0.1
2018_SWG3.7Smartcities_sectorreport_final_v0.1
21. Orange Labs21
ECSO WG4 - 23 members
Support to SME and regions
Structure
– SWG 4.1 SMEs, start-ups and high growth companies
– SWG 4.2 Coordination with activities in EU countries and regions
– SWG 4.3 Support to East EU Members
WG4_Deliverable_Positionpaper_Consolidated_VF
Support to SME’s, coordination with countries (in particular East EU) and
regions
22. Orange Labs22
ECSO WG5 - 98 members
Education, training, awareness, exercises
Structure
– TF 5.0.1 EHR4CYBER Task Force
– SWG 5.1 Cyber Range environments and technical exercises
– SWG 5.2 Education and professional training
– SWG 5.3 Awareness
Deliverables
“Report on market overview of European cyber range landscape“
“Report on overview of European cyber education and professional training,
including gap analysis“
“Report on awareness activities already in place and actors involved”
Cyber range questionnaires
Questionnaire #1: Understanding/mapping existing cyber range platforms
and activities (technology focused)
Questionnaire #2: Understanding of attitude and experience towards cyber
trainings and exercises (usage, acceptance, etc.)
23. Orange Labs23
ECSO WG6 – 66 members
Strategic Research and Innovation Agenda
Structure
– SWG 6.1 Ecosystem
– SWG 6.2 Application domains
– SWG 6.3 Transversal infrastructures
– SWG 6.4 Basic technologies
Deliverable: 2017_WG6_ECSO_SRIA
H2020-WP2018-20-LEIT-ICT
SU-ICT-03-2018: Establishing and operating a pilot for a Cybersecurity
Competence Network to develop and implement a common Cybersecurity
Research & Innovation Roadmap
Network of Competence Centres
Questionnaire on competences
European Cyber Security Centres of Expertise Map
WG6 cyber security vision 2020 and beyond: R&I future priorities for the
European cyber security strategy - towards FP9