ENISA: EU-perspektivet på nätverk- & IT-säkerhet 2 Februari 2007 Linköping

1.ENISA –Europeiskt sammanhang 2.ENISA aktiviteter inom nätverks- & IT-säkerhet (NIS) 3.ENISAs arbetsprogram 2007

CIIP Informationssäkerhets- paradigmer Cyber crime Network and Information Security Driver: Information Society and Digital Economy Driver: Law Enforcement Driver: National Security and Defence CERT Risk Management for SMEs High-Tech Crime Units Counter-eTerrorism Awareness Raising and Promotion of Best Practices Europol Eurojust MS ENISA

Secure application blocks in EU ePassports bridgeCA Data basesRights mgt eSignatures eInvoice eCommerce Common Criteria Fishing Registries EDI Data Protection Privacy eHealth Digital Tacho Public eProcurement

ENISA - sammanhang eEurope 2005 i2010: säkerhet - nyckelroll EU kommissionens lagstiftning Kommissionens forskningsprogram Informationssamhället & den Digitala Ekonomin

Management Board Executive Director (and staff) Permanent Stakeholders Group Ad hoc Working Groups ENISA Approve Working Programme Approve budget “Run the Agency” Reports to Management Board Input for Working Programme and WG-work Advice to Executive Director Technical advice on specific questions/tasks Report to ED 3 WG in 2005, 4 in 2006 ENISAs organisationsstruktur

ENISAs regleringsbrev To provide assistance and deliver advice to the Commission and the MS on issues related to NIS falling within its competencies as set out in this Regulation To enhance the capability of the Commission, other EU bodies and the Member States to prevent, address and to respond to NIS problems To develop a high level of expertise and use this expertise to stimulate broad cooperation between actors from the public and private sectors To assist the Commission, where called upon, in the technical preparatory work for updating and developing Community legislation in the field of NIS. ENISAs aktiviteter inom NIS (1)

ENISA’s Tasks Giving advice and assistance to Commission and Member States Risk assessment and risk management Promote CERTs Information exchange and cooperation Track standardisation Promote best practices Awareness raising Becoming a centre of expertise 2. ENISAs aktiviteter inom NIS (2)

–Step-by-step plan on how to set-up a CERT (Sept ’06) –Updated ENISA inventory of CERT activities in Europe –Users’ guide on how to raise information security awareness –EU overview of awareness raising programmes in EU –1 st European RMRA inventory of methods and tools –Study on Security & anti-spam measures by ISPs –Information security certificates inventory –WG RANIS (Regulatory aspects of NIS) Axplock av ENISA aktiviteter inom NIS (3) The Agency is working for ensuring the NIS public and private environments The Agency is working for ensuring the NIS public and private environments

Raising Awareness & confidence building –Fokus på ‘ end users’ Boost e-Communication of Internal Market –Fokus på ‘business’ (i2010 initiative) –Identify hurdles/incentives and provide independent advice Mastering emerging/future technologies & services –Fokus på teknologi Bridging security gaps in Europe –Bridging the gaps in security tools & procedures –Measure security status Collaboration with Stakeholders –EU Member States, EU bodies, industry, 3rd countries, int. institutions Communication & outreach –Action Plan, conferences, workshops 3. ENISAs Arbetsprogram 2007

Permanent Stakeholders’ Group in 2007 New Call for Experts for PSG Establish Knowledge Pool of experts not chosen to PSG, connecting them to ENISA’s work Introduce outside speakers to provide briefings on sector development relevant for PSG and other ENISA stakeholders: – NIS Market Foresight – Current Research & Development on NIS in FP7 – European policy development update in relevant NIS themes – Introduction on NIS Agenda in Third Countries.

–ENISA Award Fostering NIS Culture in Europe –Foresight Forum –Relations with NIS Academia –Establishing ENISA Industry and Academia Multiplier Network in member states –Cooperation with 3rd countries & International institutions Industri, universitets- och internationella kontakter 2007

ENISA Foresight Forum Annual Foresight Forum(s) producing Briefing Papers on upcoming NIS threats/opportunities in technology evolution and applications development in specific sectors of internal market

Relations with NIS Academia in EU Initial focus on academic educational programs (enhancing expert skills) 1: Map of NIS Postgraduate Programs in EU Universities –Inventory/database/online access 2: Curriculum Guidelines for Postgraduate Degree Programs in NIS –Thematic Workshop(s)

Cooperation with 3rd Countries & International Institutions Third Countries Presentation of “Case ENISA” (China) 1. Lessons learned (NIS-Russia, Emerging Economies e.g. SA, Brazil) 2. Technology follow-up, global NIS culture promotion (US, Canada, Japan…) 2. International institutions: bevaka Policy (OECD, ITU/WSIS IGF): Issue follow-up, information sharing Standardisation (ETSI etc.): Issue follow-up, awareness raising, industry view Implementation (UN ECA etc.): Sharing Lessons Learned from Europe

Stocktaking 2006 Setting up & Cooperation 2007 Support operation (+ broaden focus!) - Quality assurance - Advanced Training Prepare to contribute to “NIS brokerage” 2008 Finalise basic work The FUTURE: Extensively collect good practices and contribute to NIS brokerage ENISA and CERTs The Big Picture

ENISA & CERTs: The Big Picture (II) INVOLVEMENT IN THE SECURITY COMMUNITIES (Horizon ongoing) …? […]

Analysing NIS Barriers / Incentives in e-Communication Internal Market Report on NIS Barriers and Incentives at the Internal Market for e-Communication. Workshop on Barriers & Incentives for NIS /e-Communication

Working Group on Regulatory NIS Scope: Overview of existing EU legislation e.g. data authentication, cybercrime, corporate governance & financial services To outline potential issues of regulatory interest with regard to NIS

Tack &…välkommen att hålla kontakt med ENISA To subscribe to the ENISA Quarterly, please mail to with “SUBSCRIBE” as subject Prenumera på The ENISA Quarterly Newsletter:

Requests ENISA was called upon by