Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dirk Weiler, chairman of the board, ETSI

Published byJewel Campbell Modified over 5 years ago

Similar presentations

Presentation on theme: "Dirk Weiler, chairman of the board, ETSI"— Presentation transcript:

1 Dirk Weiler, chairman of the board, ETSI
European Economic and Social Committee EESC Public Hearing “Cybersecurity act” Standards in support of the EU Cyber Security agenda Dirk Weiler, chairman of the board, ETSI Brussels, 9 January 2018 © ETSI All rights reserved

2 Standards in support of the EU Cyber Security agenda
Questions and clarifications on the Cybersecurity Act Security in ETSI © ETSI All rights reserved

3 A series of questions, calls for clarification
I. LEGAL ASPECTS Standards, technical specifications, Harmonised European Standards? Presumption of Conformity by certification? Impact on European Standardisation and market access system? Role ENISA in standardization? II. POLITICAL AND ECONOMIC ISSUES Articulation EU/national level ? Coherence with EU programmes and policies? Cost for business (SMEs in particular)? CONCLUSION Can one size fit all? © ETSI All rights reserved

4 Standards in support of the EU Cyber Security agenda
Questions and clarifications on the Cybersecurity Act Security in ETSI © ETSI All rights reserved

5 2016 security standardization white paper
Security standardization, sometimes in support of legislative actions, has a key role to play in protecting the Internet, the communications and business it carries and both the private and corporate users who rely on it. The timing of the standardization of new technologies, products and services is particularly important; we need to make our ICT secure from the start, as well as throughout their lifetime. There are many organizations worldwide working on Cyber Security, and co-ordination and liaison is important to ensure that we all pull together and do not duplicate our efforts. Security White Paper 2016 © ETSI All rights reserved

6 Areas of security standardization (I)
Privacy by Design Privacy by Design - protecting privacy by building protection in up front rather than trying to ‘bolt it on’ as an afterthought. ETSI (together with CEN and CENELEC) is responding to the European Commission (EC) Mandate on Privacy by Design (M/530). Up to 11 standards are expected , e.g. TC CYBER works on a practical introductory guide to privacy and a Technical Report (TR) outlining a high-level structured ecosystem of security design requirements for communication and IT networks and attached devices. TC CYBER is working on Protection and retention of Personally Identifiable Information (PII) Defining the technical means to enable the assurance of privacy and the verification of that assurance Addressing identity management and naming schema protection mechanisms to prevent identity theft and resultant crime. © ETSI All rights reserved

7 Areas of security standardization (II)
The Sharing of Cyber Threat Intelligence The sharing of information is a crucial weapon in our armoury against cyber-attack. TC CYBER is preparing a TR on the means for describing and exchanging cyber threat information in a standardized and structured manner. TC CYBER also provides and regularly maintains a global overview of Cyber Security activities in technical fora. Securing Technologies and Systems One of ETSI’s key strengths is in the securing of overall systems and technologies such as mobile communications, NFV, Future Networks, Intelligent Transport Systems, Digital Enhanced Cordless Telecommunications (DECT™), M2M communications and emergency telecommunications (including Terrestrial Trunked Radio (TETRA)). The security standards required by these technologies are dealt with primarily within dedicated technology-focused technical committees. © ETSI All rights reserved

8 Areas of security standardization (III)
TC DECT is implementing security architecture enhancements in the core technology to better protect end-user privacy and the confidentiality of communications. Reconfigurable Radio Systems (TC RRS) is protecting the integrity of reconfigurable radio communications. It is important to guarantee the integrity of radio applications and prevent their use as attack vectors against either individual devices or the network itself TC CYBER embarks on new work to support the Network and Information Security Directive, intended to increase consumer confidence and maintain the smooth functioning of the European internal market. TC CYBER started new work on network gateway cyber defence, aimed at improving Cyber Security by identifying and then advancing changes to technology standards. © ETSI All rights reserved

9 Areas of security standardization (IV)
The Internet of Things The IoT is at the edge of cyber-space. As such, Cyber Security must be embedded and ready-to-use by the consumer without any previous specialist technical knowledge. In order to achieve this, we need greater co-operation between producers and operators of technical systems, as well as society and service providers. Work in oneM2M is focused on three aspects of security: protecting the oneM2M service layer; providing security as a service to IoT applications, and leveraging communication network security services, where available. eHealth Our eHealth Project (EP eHEALTH ) is looking at eHealth in general and in particular its relation to the IoT and M2M, including concerns surrounding security and privacy. From a Cyber Security viewpoint, requirements for the protection of privacy make eHealth a particularly difficult M2M/IoT use case. © ETSI All rights reserved

10 Areas of security standardization (V)
Trust Service Providers We support EU Regulation N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (the ‘eIDAS Regulation’), and are developing standards to meet the needs of the international community for trust and confidence in electronic transactions. Our Electronic Signatures and Infrastructures committee (TC ESI) is building on its standards for trust services providers (TSPs), electronic signatures, electronic seals and electronic time-stamps, including the definition of security and policy requirements for TSPs providing public key certificates and electronic time-stamps. We are now defining the security and policy requirements for TSPs providing registered eDelivery services, remote signature creation and remote signature validation. © ETSI All rights reserved

11 Areas of security standardization (VI)
Secure Cards and Elements Work is underway to address the embedded UICC (eUICC) and the definition of test cases related to the support of multiple secure elements for mobile contactless communication over the Near Field Communication interface. As the convergence of different market segments such as banking, identity services and fixed line communication with the mobile market is leading to new requirements, we are also considering the future of the secure element. We are looking at improving the existing physical/electrical interface and/or logical interface or defining new ones for removable and non-removable secure elements. Cryptography Strong (and efficient) cryptography is a central building block for security in a huge range of products and systems. © ETSI All rights reserved

12 Areas of security standardization (VII)
Security Algorithms ETSI’s Security Algorithms Group of Experts (SAGE) provides both ETSI and 3GPP with cryptographic algorithms and protocols specific to fraud prevention, unauthorized access to public and private telecommunications networks and user data privacy. Principle in 3GPP security is nowadays that systems should support two different algorithms from day one, providing ‘belt and braces’ security against the possibility that either algorithm may be broken in the future. Currently working on new algorithms for GPRS, 128-bit encryption algorithm (GEA5) and new 128-bit integrity algorithms (GIA4 and GIA5). These are being developed primarily for EC-GSM-IoT, a radio interface solution for use in the IoT. © ETSI All rights reserved

13 Areas of security standardization (VIII)
The Impact of the Quantum Computer TC CYBER has published an ETSI Guide (EG ) on the impact of quantum computing on ICT security that reinforces the notion of having cryptographic agility as a root capability of products and services, and also advises that business management, including business continuity, takes due account of the role of cryptography in the business process. Quantum-Safe Cryptographic Algorithms TC CYBER started identifying cryptographic primitives that are resistant to both conventional and quantum-computing attacks. Six specifications including a quantum-safe algorithmic framework and a threat and risk assessment for real-world use cases soon to be completed. Further work concern the characterization of cryptographic primitives, benchmarking their performance and their suitability to a variety of applications. © ETSI All rights reserved

14 Areas of security standardization (VIII)
Quantum Cryptography Quantum cryptography provides primitives that are intrinsically quantum-safe, as they are based on the laws of nature rather than computation complexity. It allows keys and digital signatures to be shared over optical fibre or free space links and can be used in a general Cyber Security framework, and to complement algorithmic methods for specific applications. Apart from resilience from every possible attack on a quantum computer, quantum cryptography also provides forward secrecy in that recorded communications cannot be decrypted in future when more powerful supercomputers will be available. Our ISG on Quantum Key Distribution (QKD) is developing specifications that will allow this radically new technology to be adopted in communication networks. We are addressing best-practice security guidance for implementation security. We are also specifying measurement protocols for characterising optical components and complete QKD transmitter modules. © ETSI All rights reserved

15 Areas of security standardization (IX)
Network Functions Virtualisation Detailed specifications are being developed in support of trusted platforms, remote attestation, public key infrastructure in the NFV environment and others. Lawful Interception and Data Retention TC LI develops Lawful Interception and Retained Data (RD) capability, these standards are being adopted around the world. LI implementation is required by the EU which allows for LI to prevent crime, including fraud and terrorism. Current work: Dynamic triggering of interception, security for LI and RD systems as those are increasingly IP service-centric, globally distributed and, frequently, software-based. Guidance on LI and RD standards and concepts, and on LI for LTE™. Further aspects: Assurance of the integrity and originator of approvals/authorisations, the security aspects of internal interfaces for LI, and security issues around global, trusted-third-party components of law enforcement equipment © ETSI All rights reserved

16 3GPP / GSMA work on security assurance for network equipment
Joint 3GPP and GSMA activity to create a security assurance scheme for network equipment Processes and requirements defined for security accreditation of: Product development lifecycles of equipment vendors Product lifecycles of equipment vendors Test activities for network equipment of test labs Conflict resolution Technical security requirements for particular classes of network equipment (MME, HSS, PCRF, eNodeB, …) Benefits Raised security quality of network equipment (standard products) Standardised set of minimum security requirements for network equipment Simplified quotation/contract negotiation process Liaison with regulators of local governments to unify legislation © ETSI All rights reserved

17 Joint 3GPP and GSMA Security Activity
3GPP SA3 Launched SECAM activity in 2012 3GPP specifications cover interfaces and protocol security SECAM adds test cases for 3GPP network equipment security assurance GSMA SECAG (formerly NESAG until end of 2014) Established in Feb 2014 Defines and governs security accreditation scheme for network equipment evaluation and conflict resolution Operates accreditation supported by third parties © ETSI All rights reserved

18 Standards in support of the EU Cyber Security agenda
Thank you for your attention! © ETSI All rights reserved

Download ppt "Dirk Weiler, chairman of the board, ETSI"

Similar presentations

Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI 2010. All rights reserved.

Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.
Fostering worldwide interoperabilityGeneva, 13-16 July 2009 Overview of Security work in ETSI Presenter: Mike Sharpe, VP ETSI ESP Source: Charles Brookson,

Fostering worldwide interoperabilityGeneva, July 2009 Overview of Security work in ETSI Presenter: Mike Sharpe, VP ETSI ESP Source: Charles Brookson,
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Geneva, Switzerland, 15-16 September 2014 ETSI TC Cyber Charles Brookson Chairman ETSI TC Cyber Zeata Security Ltd and Azenby Ltd ITU.

Geneva, Switzerland, September 2014 ETSI TC Cyber Charles Brookson Chairman ETSI TC Cyber Zeata Security Ltd and Azenby Ltd ITU.
ETSI Security activities Charles Brookson Chairman OCG Security Source: ETSI GTSC-1 Agenda item 7.1.6 For: Information GSC-8 060.

ETSI Security activities Charles Brookson Chairman OCG Security Source: ETSI GTSC-1 Agenda item For: Information GSC
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
EMC Proven Professional. Copyright © 2012 EMC Corporation. All Rights Reserved. EMC Proven Professional INFORMATION STORAGE AND MANAGEMENT V2 Course Introduction.

EMC Proven Professional. Copyright © 2012 EMC Corporation. All Rights Reserved. EMC Proven Professional INFORMATION STORAGE AND MANAGEMENT V2 Course Introduction.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Security and LI; ETSI’s role in standards

Security and LI; ETSI’s role in standards
PRESENTATION OF ETSI © ETSI 2014. All rights reserved Sophia Antipolis, 22 May 2014 Luis Jorge Romero Director General, ETSI.

PRESENTATION OF ETSI © ETSI All rights reserved Sophia Antipolis, 22 May 2014 Luis Jorge Romero Director General, ETSI.
DOCUMENT #:GSC15-PLEN-53 FOR:Presentation SOURCE:ETSI AGENDA ITEM:PLEN 6.11 CONTACT(S):Emmanuel Darmois, Board Member Marylin Arndt, TC M2M chair Smart.

DOCUMENT #:GSC15-PLEN-53 FOR:Presentation SOURCE:ETSI AGENDA ITEM:PLEN 6.11 CONTACT(S):Emmanuel Darmois, Board Member Marylin Arndt, TC M2M chair Smart.
Slide 1 E-commerce strategies: The basic elements of an enabling environment for e-commerce Geneva 11 July 2002 EU Perspectives on Electronic Commerce.

Slide 1 E-commerce strategies: The basic elements of an enabling environment for e-commerce Geneva 11 July 2002 EU Perspectives on Electronic Commerce.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester 2008-2009.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
ETSI SECURITY WORK UPDATE Dr. Carmine Rizzo CISA, CISM, CMP, ITIL, PRINCE2 © ETSI 2015 All rights reserved ITU-T SG17 Meeting – 8 April 2015.

ETSI SECURITY WORK UPDATE Dr. Carmine Rizzo CISA, CISM, CMP, ITIL, PRINCE2 © ETSI 2015 All rights reserved ITU-T SG17 Meeting – 8 April 2015.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Security activities in ETSI Presenter: Mike Sharpe, ETSI VP ESP (ETSI Standardization Projects) Document.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Security activities in ETSI Presenter: Mike Sharpe, ETSI VP ESP (ETSI Standardization Projects) Document.
1 Content IP-SECOQC – Consortium, Funding What is Quantum Cryptography? Project Goals / Project Structure Standard Related Issues: –In Quantum Key Distribution.

1 Content IP-SECOQC – Consortium, Funding What is Quantum Cryptography? Project Goals / Project Structure Standard Related Issues: –In Quantum Key Distribution.
Cybersecurity Presented by Charles Brookson OBE CEng FIET FRSA

Cybersecurity Presented by Charles Brookson OBE CEng FIET FRSA
International Telecommunication Union ETSI Security Standardization Dr. Carmine Rizzo CISA, CISM, CISSP, ITIL, PRINCE2 ITU-T Workshop on “New challenges.

International Telecommunication Union ETSI Security Standardization Dr. Carmine Rizzo CISA, CISM, CISSP, ITIL, PRINCE2 ITU-T Workshop on “New challenges.

Similar presentations

Ads by Google