Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

Slides:



Advertisements
Similar presentations
The role of ACER In the Regional Initiatives Steve Gordon Head Of the Gas Department North West Regional Initiatives 2011.
Advertisements

Rule-Making Book II EU Administrative Procedures – The ReNEUAL Draft Model Rules 2014 Brussels, May th Herwig C.H. Hofmann University of Luxembourg.
Public Procurement in Albania in the framework of recent reforms PUBLIC PROCUREMENT AGENCY 1.
1 Reform of the EU regulatory framework for electronic communications What it means for Access to Emergency Services Reform of the EU regulatory framework.
Horizontal Research Activities involving SMEs Joachim Ball, European Commission, DG RTD B3 n Co-operative Research n Collective Research General Introduction.
Workshop on registered electronic mail policies and implementation Ankara, March 2015 Davide Mula REM country practice in legal infrastructure,
© OECD A joint initiative of the OECD and the European Union, principally financed by the EU. CENTRAL PUBLIC PROCUREMENT STRUCTURES Recent developments.
Consumer Law: Protection and Compliance UCC 11 December 2014 Consumer Law: the European Agenda.
The European Railway Agency in development
1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.
EFSA MANAGEMENT PLAN 2008 The Management Plan
Asta Sihvonen-Punkka Director General of EMA Vice-Chair of ERGEG Baltic Electricity Mini-Forum 24 th of April, 2009 Riga The 3 rd Package – implied changes.
EUROPEAN COMMISSION - DG Internal Market 1 "Reviewing the Review: The European Commission's Third Review of the Product Liability Directive"
Media Projects Marija Gaćeša and Violeta Ćorić Belgrade, 1 st October Ministry of Finance.
The 3rd package for the internal energy market Key proposals EUROPEAN COMMISSION Heinz Hilbrecht Directorate C - Security of supply and energy markets.
TRANSPARENCY AGENDA FOR EUROPE
European Commission Rita L’ABBATE Legal aspects linked to internal market DG Enterprise and Industry MARKET SURVEILLANCE COMMUNITY FRAMEWORK UNECE “MARS”
EUNetPaS is a project supported by a grant from the EAHC. The sole responsibility for the content of this presentation lies with the author(s). The EAHC.
IRG/ERG Gabrielle Gauthey Member of the Board of ART.
DETERMINE Working document # 4 'Economic arguments for addressing social determinants of health inequalities' December 2009 Owen Metcalfe & Teresa Lavin.
European Telecommunications Network Operators’ Association Alfredo Acebal Executive Board Chairman EPP Hearing on the Telecom Reform Brussels, 5 March.
ISACA Ireland Cyber Security Policy 9 February 2016.
TAIEX Workshop on Agricultural Advisory Services in the EU Kiev, Ukraine February 2016 Peculiarities of legal regulation of the advisory service.
Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.
Week 12. Lecture 2. Health Law & the EU Cross-border healthcare: patients’ rights.
Developing National Capability for Integrated Border Management (IBM) in Lebanon Project Funded by the European Union Implemented by the International.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
The 3rd package for the internal energy market
PRESENTATION OF MONTENEGRO
Data Protection: EU & International
European Labour Law Jean Monnet Chair of EU Labour Law Academic Year Silvia Borelli: Please, check the web site for.
Microsoft 365 Get help with regulatory compliance
Exchange of information between Member States
European Insurance and Occupational Pensions Authority Introduction
Co-operating with the European Aviation safety Agency
PRESENTATION OF MONTENEGRO
Vesa Tanner European Commission Directorate-General Energy
About the NIS directive
Gunnar Vaht Head of the Estonian ENIC/NARI Baku, 2017
EU Cybersecurity Act Towards a reformed
Telco related activities in ENISA
Meeting of the WG on Rail Transport Statistics 2-3 April 2009
EU Reference Centres for Animal Welfare
Review of the Telecom Framework – Security rules Security rules in the proposed European Electronic Communications Code (EECC) Lisbon, 8 March 2017.
European Commission Initiatives for eGovernment
Setting up an ERIC 11 May 2012 Richard Derksen
Signalling System No 7 (SS7) Introduction and state of play
Trust and Security Unit
Updated Inventory of national practices
ECVAM as EU-RL according to 2010/63
The role of the ECCP (1) The involvement of all relevant stakeholders – public authorities, economic and social partners and civil society bodies – at.
The activity of Art. 29. Working Party György Halmos
Securing free and fair European elections
Key obligations of the MS in CAP
European judicial training
CAP decision making process
European Labour Law Jean Monnet Chair of EU Labour Law Academic Year Silvia Borelli: Please, check the web site for.
The European Union response to cyber threats
Culture Statistics: policy needs
The evaluation process
General Data Protection regulation (GDPR)
Juan Gonzalez eGovernment & CIP operations
The Treaty of Lisbon and Administrative Cooperation
PRESENTATION OF MONTENEGRO
Ad hoc Group of Experts on Better Regulation
Outline Background: development of the Commission’s position
DG Environment, Unit D.2 Marine Environment and Water Industry
Roles and Responsibilities
DG Environment, Unit D.2 Marine Environment and Water Industry
PUBLIC PROCUREMENTS IN THE REPUBLIC OF SERBIA
Presentation transcript:

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON | 08.03.2017 Mandatory incident reporting in EU. Particularities for telecom (Art. 13a). Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON | 08.03.2017

Summary 01 02 03 04 05 General info about ENISA Incident reporting activities in EU 03 About Art. 13a 04 Art. 13a Expert Group 05 Art. 13a Annual Incident Report Incident reporting in EU | Dan Tofan

Securing Europe’s Information Society Operational Office in Athens The European Union Agency for Network & Information Security (ENISA) was formed in 2004. The Agency is a Centre of Expertise that supports the Commission and the EU Member States in the area of information security. We facilitate the exchange of information between EU institutions, the public sector and the private sector ENISA is as a body of expertise, set up by the EU to carry out very specific technical, scientific tasks in the field of Information Security, working as a "European Agency". EU agencies are distinct bodies from the EU institutions – separate legal entities set up to perform specific tasks under EU law The Agency also assists the European Commission in the technical preparatory work for updating and developing Community legislation in the field of Network and Information Security.

Positioning ENISA activities CAPACITY Hands on activities POLICY Support MS & COM in policy implementation Harmonisation across EU Mobilizing EU communities COMMUNITY EXPERTISE Recommendations Independent Advice Incident reporting in EU | Dan Tofan

Summary 01 02 03 04 05 General info about ENISA Mandatory incident reporting in EU 03 About Art. 13a 04 Art. 13a Expert Group 05 Art. 13a Annual Incident Report Incident reporting in EU | Dan Tofan

Mandatory incident reporting in EU 01 Article 19 of the trust services and e-ID regulation: “Security requirements” 02 Article 4 of the e-Privacy directive: “Security of processing” 03 Articles 30, 31 and 32 of the Data Protection regulation 04 The NIS Directive (OES and DSP) 05 Article 13a of the Telecom Framework directive “Security and Integrity” Incident reporting in EU | Dan Tofan

Summary 01 02 03 04 05 General info about ENISA Mandatory incident reporting in EU 03 About Art. 13a 04 Art. 13a Expert Group 05 Art. 13a Annual Incident Report Incident reporting in EU | Dan Tofan

Art. 13a and the telecom package Article 13a of the Framework Directive (2009/140/EC), is a new article introduced in the 2009 reform of the EU regulatory framework for electronic communications. The reform was transposed by most EU countries around May 2011. Article 13a addresses the security and integrity of public electronic communications networks and services (availability of the service). It concerns National Regulatory Authorities (NRAs) and providers of public electronic communications networks and services (providers). Incident reporting in EU | Dan Tofan

Art. 13a content Providers of public communication networks and services should take measures to guarantee security and integrity (i.e. availability) of their networks. Providers must report to competent national authorities about significant security breaches. National authorities should inform ENISA and authorities abroad when necessary, for example in case of incidents with impact across borders. National authorities should report to ENISA and the EC about the incident reports annually (February). Incident reporting in EU | Dan Tofan

ENISA’s role within the context As requested by the directive, every country submits yearly to EC and ENISA a report with significant incidents that had an impact on their networks and services. Where appropriate, the NRA concerned shall inform the national regulatory authorities in other Member States and the ENISA. To achieve a harmonised implementation, in 2010, ENISA, Ministries and NRAs initiated a series of meetings (the Article 13a Expert Group). Developed an online platform for incident reporting (CIRAS). Incident reporting in EU | Dan Tofan

Art. 13a incident reporting process Incident reporting in EU | Dan Tofan

Art. 13a incident reporting procedure Reporting interval: between January 1st and December 31st the previous year. Deadline: end of February. Reporting modality: Online: CIRAS platform. Alternate means: email. Incident reporting in EU | Dan Tofan

Art. 13a incident reporting procedure (thresholds) Relative thresholds (relative to user base and duration) Absolute thresholds: 60 Million user minutes, or 1 Million user hours. Incident reporting in EU | Dan Tofan

Art. 13a incident reporting procedure STEP 1: Determine causes STEP 2: Determine the impact STEP 3: Identify actions taken Incident reporting in EU | Dan Tofan

Art. 13a incident reporting procedure STEP 1: Determine causes STEP 2: Determine the impact STEP 3: Identify actions taken Incident reporting in EU | Dan Tofan

Art. 13a incident reporting procedure STEP 1: Determine causes STEP 2: Determine the impact STEP 3: Identify actions taken Incident reporting in EU | Dan Tofan

Art. 13a incidents examples Incident reporting in EU | Dan Tofan

Art. 13a incidents examples Incident reporting in EU | Dan Tofan

Summary 01 02 03 04 05 General info about ENISA Mandatory incident reporting in EU 03 About Art. 13a 04 Art. 13a Expert Group 05 Art. 13a Annual Incident Report Incident reporting in EU | Dan Tofan

Art. 13a Expert group To achieve a harmonised implementation, in 2010, ENISA, Ministries and NRAs initiated a series of meetings (the Article 13a Expert Group). They reached agreement on three non-binding technical documents providing guidance to the NRAs in the EU Member States: Technical Guideline on Incident Reporting Technical Guideline on Security Measures Technical Guideline on Threats and Assets The Article 13a Expert Group continues to meet three times a year to develop guidelines, to discuss the implementation of Article 13a (for example, on how to supervise the electronic communications sector) and to share knowledge and views about past incidents, and how to address them. Other work: Impact evaluation on the implementation of Article 13a incident reporting scheme within EU Analysis of security measures deployed by e-communication providers Security incidents indicators - measuring the impact of incidents affecting electronic communications Incident reporting in EU | Dan Tofan

Summary 01 02 03 04 05 General info about ENISA Mandatory incident reporting in EU 03 About Art. 13a 04 Art. 13a Expert Group 05 Art. 13a Annual Incident Report 2011-2015 Incident reporting in EU | Dan Tofan

Annual Incident Reports Annual Reports 2011-2015 available ENISA web. 2016 available by the end of May 2017. Incident reporting in EU | Dan Tofan

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.