Presentation is loading. Please wait.

Presentation is loading. Please wait.

The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.

Published byBethany Potter Modified over 9 years ago

Similar presentations

Presentation on theme: "The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National."— Presentation transcript:

1 The French approach to CIIP ENISA workshop

2 Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National Security (SGDSN) assists the Prime Minister in matters of national defense and security. 12 critical sectors Energy, communications, healthcare and public health, financial services, transportation, water… A list of critical operators “An operator whose unavailability could strongly threaten the economical or military potential, the security or the resilience of the Nation”

3 The ANSSI ANSSI 3 An interministerial agency, responsible for prevention and reaction to cyber attacks. Originally focused on the protection of governmental networks. Extended its missions to cover critical operators. Reports to the SGDSN. CIIP issues are under ANSSI’s responsibility.

4 The initial CIIP framework ANSSI 4 A CIP framework originally focused on the physical protection of critical infrastructures. A relatively slow interministerial process, unsuited to IT security. IT security obligations only for the communications sector.

5 A new basis for CIIP : the military programming law ANSSI 5 Article 22 introduces specific provisions to enhance the cyber security of critical operators. The military programming law (LPM) is promulgated on December 18, 2013, following the measures announced by the 2013 White Paper. The 2013 White Paper on Defense and National Security recognizes the need to reinforce the security of critical infrastructures.

6 Secondary legislation will define all implementation measures ANSSI 6 Security rules Security rules ANSSI can set technical and organizational rules Network mapping, network segmentation, implementation of detection capabilities, homologation, IT administration rules, IT security policy... Incident notification ANSSI shall be notified of incidents occuring on critical systems  Types of incidents to be notified will be specified by sectorial orders.  Direct notification to ANSSI by the critical operators. Inspection ANSSI can trigger security inspections  Inspections done by ANSSI, an other governmental authority or a qualified provider.  On a regular basis or following an incident. Major crises ANSSI can impose measures in case of major crises  The threshold of what is a ”major crisis” is defined by the Prime Minister.  Legal basis for action in the framework of crises management plans.

7 2014 : three phases of experiment ANSSI 7 February – May 2014 First listing of the critical systems (all operators). March – June 2014 Applicability of ANSSI’s recommendations on industrial control systems cybersecurity (4 operators). June – October 2014 Incident notification (a dozen operators).

8 A work in progress : what’s next ? ANSSI 8 End 2014 : Legal implementation texts to be published.2014 – 2015 : Sectorial working groups leaded by the ANSSI. 2015 : Sectorial orders to define identification criteria for critical systems, security rules and types of incidents to notify. 2017 – 2020 : Feedback – possible upgrading of the sectorial orders.

Download ppt "The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National."

Similar presentations

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
CIRAS PROJECT OVERVIEW

CIRAS PROJECT OVERVIEW
Ministry of Economic Affairs The process of transposition in France.

Ministry of Economic Affairs The process of transposition in France.
Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.
Speaker: Tamar Shapatava

Speaker: Tamar Shapatava
MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.

MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.
The Stabilisation and Association Agreement between Montenegro and the EU signed in October 2007, entered into force in May 2010. Montenegro has been.

The Stabilisation and Association Agreement between Montenegro and the EU signed in October 2007, entered into force in May Montenegro has been.
National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.
Strategy and Policy Unit: Current Activities and Future Tasks

Strategy and Policy Unit: Current Activities and Future Tasks
NIS Directive and NIS Platform

NIS Directive and NIS Platform
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
Regulatory Body MODIFIED Day 8 – Lecture 3.

Regulatory Body MODIFIED Day 8 – Lecture 3.
LOGO MIRJANA SEKULOVSKA, PhD, DEPUTY MINISTER OF INFORMATION SOCIETY Republic of Macedonia Ministry of Information Society.

LOGO MIRJANA SEKULOVSKA, PhD, DEPUTY MINISTER OF INFORMATION SOCIETY Republic of Macedonia Ministry of Information Society.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Space Systems as Critical Infrastructure Iulia-Elena Jivanescu 1st Space Retreat, Tenerife, Spain, 8-22 January, 2013.

Space Systems as Critical Infrastructure Iulia-Elena Jivanescu 1st Space Retreat, Tenerife, Spain, 8-22 January, 2013.
Making the Services Directive Work Dublin 6 March 2014 Services Directive and why it matters.

Making the Services Directive Work Dublin 6 March 2014 Services Directive and why it matters.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
IAEA International Atomic Energy Agency Overview of legal framework Regional Workshop - School for Drafting Regulations 3-14 November 2014 Abdelmadjid.

IAEA International Atomic Energy Agency Overview of legal framework Regional Workshop - School for Drafting Regulations 3-14 November 2014 Abdelmadjid.
Japanese Government’s Efforts to Address Information Security Issues October, 2007 National Information Security Center (NISC)

Japanese Government’s Efforts to Address Information Security Issues October, 2007 National Information Security Center (NISC)
IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.

IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.

Similar presentations

Ads by Google