Presentation is loading. Please wait.

Presentation is loading. Please wait.

EU policy on Network and Information Security (NIS) and Critical Information Infrastructure Protection (CIIP) 15 March 2012 Valérie ANDRIANAVALY European.

Published byNoel Joseph Modified over 9 years ago

Similar presentations

Presentation on theme: "EU policy on Network and Information Security (NIS) and Critical Information Infrastructure Protection (CIIP) 15 March 2012 Valérie ANDRIANAVALY European."— Presentation transcript:

1 EU policy on Network and Information Security (NIS) and Critical Information Infrastructure Protection (CIIP) 15 March 2012 Valérie ANDRIANAVALY European Commission Directorate General Information Society and Media - DG INFSO Unit A3 – Internet Governance; Network and Information Security valerie.andrianavaly@ec.europa.eu valerie.andrianavaly@ec.europa.eu

2 Main EU policy initiatives in the NIS & CIIP areas 2004: Establishment of ENISA - Regulation (EC) No 460/2004 2006: Commission’s proposal - Strategy for a Secure Information Society - Dialogue, partnership, empowerment 2009: Commission’s proposal - Action Plan on Critical Information Infrastructure protection 2009: Adoption of the revised Regulatory Framework for electronic communications – new security provisions including security breaches notifications (Art. 13 a and b) 2010: Trust and Security chapter of the Digital Agenda for Europe 2010: Commission’s proposal to modernise ENISA 2011: Second Commission Communication on CIIP - 'Achievements and next steps: towards global cyber-security’ Q3/2012: Commission’s proposal – European Strategy for Internet Security

3 Main EU policy initiatives in the NIS & CIIP areas Strategy for a Secure Information Society COM(2006)251 “Voluntary” approach based on dialogue, partnership and empowerment Comprehensive set of actions – risk management culture Promote openness, diversity, interoperability, usability, competition as inherent security safeguards Reinforce ENISA’s role in implementing the NIS policy Importance of “resilience” of electronic communications Action Plan on Critical Information Infrastructure Protection COM(2009)149 Protect Europe from large scale cyber attacks and disruptions Promote security and resilience as first line of defense Enhance the CIIP preparedness and response capability in EU Foster the adoption of adequate and consistent levels of preventive, detection, emergency and recovery measures Foster International cooperation, in particular on Internet stability and resilience

4 CIIP Action Plan – Specific Objectives Five specific objectives to be achieved: Foster cooperation and exchange of good policy practices between MS (EFMS) Develop a public-private partnership at the European level on security and resilience of CIIs (EP3R) Enhance incident response capability in the EU Promote national and European cyber contingency plans and exercises on simulated large-scale network security incidents. Reinforce international cooperation on global issues, in particular on resilience and stability of Internet

5 CIIP Action Plan – Five pillars 1. Preparedness and prevention European Forum for MS to share information & policy practices - EFMS European Public Private Partnership for Resilience EP3R Baseline of capabilities and services for National/Governmental CERTs 2. Detection and response Development of a European Information Sharing and Alert System – EISAS dedicated to EU citizens and SMEs 3. Mitigation and recovery National contingency planning and exercises Pan-European exercises on large-scale network security incidents Reinforced cooperation between National/Governmental CERTs 4. International Cooperation Define European priorities, principles and guidelines for the long term resilience and stability of the Internet Promote the principles and guidelines at global level Global cooperation on exercises on large-scale Internet incidents 5. Definition of criteria for the identification of European Critical Infrastructures in the ICT sector

6 CIIP COM(2011)163 “Achievements and next steps: towards global cyber- security” Adopted on 31 March 2011 Takes stock of results achieved since 2009 CIIP action plan Builds on existing policy initiatives, in particular Digital Agenda for Europe, Stockholm Action Plan and Internal Security Strategy Highlights next steps at European and International level

7 CIIP COM(2011)163 “Achievements and next steps: towards global cyber- security” – Areas of achievements European Forum for Member States (EFMS) European Public-Private Partnership for Resilience (EP3R) Baseline of capabilities and services for pan-European cooperation of national/governmental CERTs European Information Sharing and Alert System (EISAS) National contingency planning and exercises Pan-European exercise on large-scale network security incidents Principles and guidelines on Internet resilience and stability Sector specific criteria for identifying European Critical Infrastructures in the ICT sector

8 Very positive results achieved so far in CIIP within the EU Further efforts are needed and the EC calls upon MS to commit to: -Enhance EU preparedness by establishing a network of well-functioning National/Governmental CERTs by 2012; -A European cyber-incident contingency plan and regular National and pan-European cyber exercises by 2012; -European coordinated efforts in international fora and discussions on enhancing Internet security and resilience. CIIP COM(2011)163 “Achievements and next steps: towards global cyber- security” – The way forward 1/2

9 Global coordination is important and necessary The Commission will: Promote principles for Internet resilience and stability * developed within the EFMS; Build strategic international partnerships (e.g. EU-US Working Group on Cyber-security and Cyber-crime) and pursue coordination in International fora Develop trust in the cloud *http://ec.europa.eu/information_society/policy/nis/docs/principles_ciip/guideline s_internet_fin.pdf CIIP COM(2011)163 “Achievements and next steps: towards global cyber- security” – The way forward 2/2

10 7th EU Research Framework Programme (2007-2013) ICT Security & Trust

11 11 Call 7 70 M€ Call 8 70 M€ Call 7 20 M€ Call 8 80 M€ Call 8 160 M€ FP7 INFSO - Challenge 1.4 Pervasive and Trustworthy ICT Call FI20/07/10 – 02/12/10 Call 728/09/10 – 18/01/11 Call 826/07/11 – 17/01/12 Call 7 30 M€ Call 8 25 M€ Call FI 90 M€

12 12 ICT - Trust and Security: 58 projects of FP7 Call 1 and Call 5 Networking, Coordination and Support Research roadmaps, metrics and benchmarks, international cooperation, coordination activities 4 projects 2 projects Network infrastructures 4 projects 7 projects Services infrastructures 4 projects 7 projects 4 projects Enabling technologies Biometrics, trusted computing, cryptography, secure SW 9 projects Critical Infrastructure Protection 200 m€ Identity management, privacy, trust 8 projects 5 projects 40M€60M€48M€ 20M€ 27M€ 5M€

13 BIC: Building International Co-operation for Trustworthy ICT  Identify global trust and security challenges of mutual interest and benefit  Facilitate collaboration fora - funding calls/EU mechanisms info. - people/partner linkages - funding organization linkages - guidance on developing sustained longer-term global collaborations Prioritisation of the visions and research directions amongst the countries, moving towards alignment of work programmes. DG INFSO Unit F5 Coordination Action Jan 2011-Dec. 2013 http://www.bic-trust.eu/ For more information, please contact Jim Clarke

14 Competitiveness and Innovation Framework Programme Competitiveness and Innovation Framework Programme - ICT Policy Support Programme (CIP- ICT PSP) - 2012 Annual Work Programme:2012 Annual Work Programme −Pilot B (8 M€) to establish a European-wide pilot platform for detecting, measuring, analysing, mitigating and eliminating botnets −Accompanied by Thematic Network (1 M€) −Call 6 open from 03 February until 15 May 2012 −Information day on 17.02.2012 (presentations and attendance list available at cordis web page http://cordis.europa.eu/fp7/ict/security/cip-call- infoday-content_en.html) http://cordis.europa.eu/fp7/ict/security/cip-call- infoday-content_en.html

15 Commission Work Programme 2012 announced a European Strategy for Internet Security to be adopted by Commission in Q3 2012 Outline 1.Policy Document Context – EU activities and achievements to date and the need for EU action Objectives of the ESIS and EU core values and principles Strategic priorities and actions Governance framework and monitoring of the implementation of the strategy 2. Legal instrument

16 European Strategy for Internet Security “To ensure a safe, secure and resilient digital environment to all EU citizens, businesses and public authorities” Specific objectives: Foster close co-operation and early warning between MS' competent authorities, and between competent authorities and the private sector, by ensuring adequate capacities for prevention, detection, mitigation and response at national and EU level Stimulate efforts to improve security of in products, networks and services Ensure a strong EU response to cybercrime Stimulate R&D investments and strengthen the competitiveness of EU’s security industry Foster global responses and reinforce cooperation with international partners Strategic objective:

17 Elements of the future European Strategy for Internet Security (1/4) An effective network of National competent bodies and Governmental CERTs at EU level (with the necessary protection of confidentiality) Well-functioning National/Governmental CERTs capabilities A "European Forum for Regulators” (towards a model for pan-EU cooperation mechanisms – similarly to what is in place in other sectors) A European cyber-incident contingency plan General security breach notification obligation (extending Article 13a FD beyond Telcos/ISPs) −Adoption of a risk management framework (identification of risks) −Adoption of relevant security measures −Supervision by competent bodies (including via audit) −Notification mechanisms to competent bodies (possibly via CERT function) ensuring confidentiality Mandatory security audits and authorisation mechanisms where this is already required by applicable law (e.g. banking, energy…) Preliminary ideas for legal measures aiming at ensuring the establishment of:

18 Elements of the future European Strategy for Internet Security (2/4) Preliminary ideas for further measures to improve security in networks and services: Incentives for the private sector to improve security in products and services, e.g. through IT security standards in public procurement −Incentives through the public procurement process (via guidelines and standards) −Stimulating a public-private partnership to reduce the spread of malware −Promotion of transparency and competitiveness in the internal market (benchmarks, trusted data on incidents and vulnerabilities, information to users, compliance with standards, certification and self-certification to develop re- assurance market) −Security of supply chain Awareness raising measures and activities −Mobilisation of Member States and stakeholders towards a EU-wide campaign (for instance, a month for Network and Information Security for all) −National/European Cyber-security Competitions to foster development of skills −International synchronisation and coordination of awareness raising messages and campaigns (US and Japan) −Reinforced role of ENISA in promoting standards, good practices and a risk management culture

19 Elements of the future European Strategy for Internet Security (3/4) Preliminary ideas for further measures to improve security in networks and services: Making the best use of research and innovation and putting in place a robust industrial policy Adoption of state-of-the-art technologies & processes - Promote take up −stimulate private and public demand (security to be an integral part of the provision of e-services, mandatory for eGov, pre-commercial procurement) −develop standards −improve usability Reinforcing and coordinating R&D for present and future security challenges −H2020 LEIT = 450 M€ for R&D => make the technologies available −H2020 IIS = 700 M€ for Innovation => put technology to work −Underpin the technical feasibility of the cyber security policy and associated actions −Create partnerships in cyber-security

20 Elements of the future European Strategy for Internet Security (4/4) Preliminary ideas for further measures to improve security in networks and services: Appropriate measures in the area of cybercrime (in cooperation with DG HOME) Putting the EU in the lead of international discussions on Internet security matters - Promotion and engagement in multilateral cooperation - Leveraging EU-US activities towards broader international participation -Fighting Botnets -Cyber-security of Industrial Control Systems and Smart grids - Promotion of EU interests in global Internet security -Multi-stakeholder governance -Market access -European principles and guidelines for Internet resilience and stability -COMPACT for the Internet

21 European Strategy for Internet Security Consultation process Exchange of views held so far: Within INFSO and Commission-wide (ISG on Cyber- crime and cyber-security, discussions on specific issues with relevant services) Within EP (Roundtable on 30.11.2011; ITRE draft report on Critical Information Infrastructure Protection) With MS via EFMS (on 7.12.2011) – input received from 10 MSs With private sector via EP3R (on 16.02.2012) Informal discussions with MS and private stakeholders  General support for a EU framework and mechanisms to further enhance cooperation and coordination

22 Thanks!

23 Web Sites EU policy on Critical Information Infrastructure Protection – CIIP http://ec.europa.eu/information_society/policy/nis/strat egy/activities/ciip/index_en.htm http://ec.europa.eu/information_society/policy/nis/strat egy/activities/ciip/index_en.htm A Digital Agenda for Europe http://ec.europa.eu/information_society/digital- agenda/index_en.htm http://ec.europa.eu/information_society/digital- agenda/index_en.htm EU policy on promoting a secure Information Society http://ec.europa.eu/information_society/policy/nis/index _en.htm http://ec.europa.eu/information_society/policy/nis/index _en.htm European principles and guidelines for Internet resilience and stability http://ec.europa.eu/information_society/policy/nis/docs /principles_ciip/guidelines_internet_fin.pdf http://ec.europa.eu/information_society/policy/nis/docs /principles_ciip/guidelines_internet_fin.pdf

24 Links to policy documents Council conclusions on Critical Information Infrastructure Protection http://register.consilium.europa.eu/pdf/en/11/st10/st10299.en11.pdf Commission Communication on Critical Information Infrastructure Protection – "Achievements and next steps: towards global cyber-security" - COM(2011) 163 http://ec.europa.eu/information_society/policy/nis/docs/comm_2011/co mm_163_en.pdf http://ec.europa.eu/information_society/policy/nis/docs/comm_2011/co mm_163_en.pdf Digital Agenda for Europe - COM(2010)245 of 19 May 2010 http://eur- lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0245:FIN:EN:PDF http://eur- lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0245:FIN:EN:PDF The EU Internal Security Strategy in Action: Five steps towards a more secure Europe COM(2010)673 http://ec.europa.eu/commission_2010- 2014/malmstrom/archive/internal_security_strategy_in_action_en.pdf http://ec.europa.eu/commission_2010- 2014/malmstrom/archive/internal_security_strategy_in_action_en.pdf Commission Communication on Critical Information Infrastructure Protection – "Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience" - COM(2009) 149 http://eur- lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2009:0149:FIN:EN:PDF http://eur- lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2009:0149:FIN:EN:PDF

25 25 For more information on Research Projects FP7 http://cordis.europa.eu/fp7/ http://cordis.europa.eu/fp7/ict/ Trust & Security http://cordis.europa.eu/fp7/ict/security/ Future Internet http://ec.europa.eu/foi http://www.future-internet.eu/ E-mail INFSO-TRUST-SECURITY@ec.europa.eu

Download ppt "EU policy on Network and Information Security (NIS) and Critical Information Infrastructure Protection (CIIP) 15 March 2012 Valérie ANDRIANAVALY European."

Similar presentations

A strategy for a Secure Information Society –

A strategy for a Secure Information Society –
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
EAC HIGHER EDUCATION POLICY

EAC HIGHER EDUCATION POLICY
FP7 Preparations ISTC meeting 31 March 2004. Content FP7 preparation approach and timetable Context for FP7 and for ICT in FP7 Research in New Financial.

FP7 Preparations ISTC meeting 31 March Content FP7 preparation approach and timetable Context for FP7 and for ICT in FP7 Research in New Financial.
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
22 Feb 2007EU-Russia Co-operation1 Dr. Stephan Pascall Advisor to the Director Directorate G: Components and Systems DG Information Society and Media European.

22 Feb 2007EU-Russia Co-operation1 Dr. Stephan Pascall Advisor to the Director Directorate G: Components and Systems DG Information Society and Media European.
1 Ideas About the Future of HPC in Europe “The views expressed in this presentation are those of the author and do not necessarily reflect the views of.

1 Ideas About the Future of HPC in Europe “The views expressed in this presentation are those of the author and do not necessarily reflect the views of.
Strategy and Policy Unit: Current Activities and Future Tasks

Strategy and Policy Unit: Current Activities and Future Tasks
NIS Directive and NIS Platform

NIS Directive and NIS Platform
Geneva, Switzerland, 15-16 September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
Matteo Cavallini – ULS MEF/Consip Digital Agenda Assembly – Cybersecurity: barriers and incentives Matteo Cavallini Cybersecurity: State of the Art and.

Matteo Cavallini – ULS MEF/Consip Digital Agenda Assembly – Cybersecurity: barriers and incentives Matteo Cavallini Cybersecurity: State of the Art and.
Www.enisa.europa.eu European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.
Horizon 2020 Secure Societies Security Research and Industry DG Enterprise and Industry 2013.

Horizon 2020 Secure Societies Security Research and Industry DG Enterprise and Industry 2013.
A Common Immigration Policy for Europe Principles, actions and tools June 2008.

A Common Immigration Policy for Europe Principles, actions and tools June 2008.
Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Security and resilience in Information Society: towards.

Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Security and resilience in Information Society: towards.
Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.
Development and Cooperation Financial Instruments supporting civil society cooperation initiatives in the Black Sea region Black Sea NGO Forum, 6th Edition.

Development and Cooperation Financial Instruments supporting civil society cooperation initiatives in the Black Sea region Black Sea NGO Forum, 6th Edition.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Similar presentations

Ads by Google