Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

Published byNathaniel Thornton Modified over 5 years ago

Similar presentations

Presentation on theme: "Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |"— Presentation transcript:

1 Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON | 08.03.2017
Mandatory incident reporting in EU. Particularities for telecom (Art. 13a). Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

2 Summary 01 02 03 04 05 General info about ENISA
Incident reporting activities in EU 03 About Art. 13a 04 Art. 13a Expert Group 05 Art. 13a Annual Incident Report Incident reporting in EU | Dan Tofan

3 Securing Europe’s Information Society
Operational Office in Athens The European Union Agency for Network & Information Security (ENISA) was formed in 2004. The Agency is a Centre of Expertise that supports the Commission and the EU Member States in the area of information security. We facilitate the exchange of information between EU institutions, the public sector and the private sector ENISA is as a body of expertise, set up by the EU to carry out very specific technical, scientific tasks in the field of Information Security, working as a "European Agency". EU agencies are distinct bodies from the EU institutions – separate legal entities set up to perform specific tasks under EU law The Agency also assists the European Commission in the technical preparatory work for updating and developing Community legislation in the field of Network and Information Security.

4 Positioning ENISA activities
CAPACITY Hands on activities POLICY Support MS & COM in policy implementation Harmonisation across EU Mobilizing EU communities COMMUNITY EXPERTISE Recommendations Independent Advice Incident reporting in EU | Dan Tofan

5 Summary 01 02 03 04 05 General info about ENISA
Mandatory incident reporting in EU 03 About Art. 13a 04 Art. 13a Expert Group 05 Art. 13a Annual Incident Report Incident reporting in EU | Dan Tofan

6 Mandatory incident reporting in EU
01 Article 19 of the trust services and e-ID regulation: “Security requirements” 02 Article 4 of the e-Privacy directive: “Security of processing” 03 Articles 30, 31 and 32 of the Data Protection regulation 04 The NIS Directive (OES and DSP) 05 Article 13a of the Telecom Framework directive “Security and Integrity” Incident reporting in EU | Dan Tofan

7 Summary 01 02 03 04 05 General info about ENISA
Mandatory incident reporting in EU 03 About Art. 13a 04 Art. 13a Expert Group 05 Art. 13a Annual Incident Report Incident reporting in EU | Dan Tofan

8 Art. 13a and the telecom package
Article 13a of the Framework Directive (2009/140/EC), is a new article introduced in the 2009 reform of the EU regulatory framework for electronic communications. The reform was transposed by most EU countries around May Article 13a addresses the security and integrity of public electronic communications networks and services (availability of the service). It concerns National Regulatory Authorities (NRAs) and providers of public electronic communications networks and services (providers). Incident reporting in EU | Dan Tofan

9 Art. 13a content Providers of public communication networks and services should take measures to guarantee security and integrity (i.e. availability) of their networks. Providers must report to competent national authorities about significant security breaches. National authorities should inform ENISA and authorities abroad when necessary, for example in case of incidents with impact across borders. National authorities should report to ENISA and the EC about the incident reports annually (February). Incident reporting in EU | Dan Tofan

10 ENISA’s role within the context
As requested by the directive, every country submits yearly to EC and ENISA a report with significant incidents that had an impact on their networks and services. Where appropriate, the NRA concerned shall inform the national regulatory authorities in other Member States and the ENISA. To achieve a harmonised implementation, in 2010, ENISA, Ministries and NRAs initiated a series of meetings (the Article 13a Expert Group). Developed an online platform for incident reporting (CIRAS). Incident reporting in EU | Dan Tofan

11 Art. 13a incident reporting process
Incident reporting in EU | Dan Tofan

12 Art. 13a incident reporting procedure
Reporting interval: between January 1st and December 31st the previous year. Deadline: end of February. Reporting modality: Online: CIRAS platform. Alternate means: . Incident reporting in EU | Dan Tofan

13 Art. 13a incident reporting procedure (thresholds)
Relative thresholds (relative to user base and duration) Absolute thresholds: 60 Million user minutes, or 1 Million user hours. Incident reporting in EU | Dan Tofan

14 Art. 13a incident reporting procedure
STEP 1: Determine causes STEP 2: Determine the impact STEP 3: Identify actions taken Incident reporting in EU | Dan Tofan

15 Art. 13a incident reporting procedure
STEP 1: Determine causes STEP 2: Determine the impact STEP 3: Identify actions taken Incident reporting in EU | Dan Tofan

16 Art. 13a incident reporting procedure
STEP 1: Determine causes STEP 2: Determine the impact STEP 3: Identify actions taken Incident reporting in EU | Dan Tofan

17 Art. 13a incidents examples
Incident reporting in EU | Dan Tofan

18 Art. 13a incidents examples
Incident reporting in EU | Dan Tofan

19 Summary 01 02 03 04 05 General info about ENISA
Mandatory incident reporting in EU 03 About Art. 13a 04 Art. 13a Expert Group 05 Art. 13a Annual Incident Report Incident reporting in EU | Dan Tofan

20 Art. 13a Expert group To achieve a harmonised implementation, in 2010, ENISA, Ministries and NRAs initiated a series of meetings (the Article 13a Expert Group). They reached agreement on three non-binding technical documents providing guidance to the NRAs in the EU Member States: Technical Guideline on Incident Reporting Technical Guideline on Security Measures Technical Guideline on Threats and Assets The Article 13a Expert Group continues to meet three times a year to develop guidelines, to discuss the implementation of Article 13a (for example, on how to supervise the electronic communications sector) and to share knowledge and views about past incidents, and how to address them. Other work: Impact evaluation on the implementation of Article 13a incident reporting scheme within EU Analysis of security measures deployed by e-communication providers Security incidents indicators - measuring the impact of incidents affecting electronic communications Incident reporting in EU | Dan Tofan

21 Summary 01 02 03 04 05 General info about ENISA
Mandatory incident reporting in EU 03 About Art. 13a 04 Art. 13a Expert Group 05 Art. 13a Annual Incident Report Incident reporting in EU | Dan Tofan

22 Annual Incident Reports
Annual Reports available ENISA web. 2016 available by the end of May 2017. Incident reporting in EU | Dan Tofan

23 Thank you

Download ppt "Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |"

Similar presentations

The role of ACER In the Regional Initiatives Steve Gordon Head Of the Gas Department North West Regional Initiatives 2011.

The role of ACER In the Regional Initiatives Steve Gordon Head Of the Gas Department North West Regional Initiatives 2011.
Rule-Making Book II EU Administrative Procedures – The ReNEUAL Draft Model Rules 2014 Brussels, May 19-20 th 2014 1 Herwig C.H. Hofmann University of Luxembourg.

Rule-Making Book II EU Administrative Procedures – The ReNEUAL Draft Model Rules 2014 Brussels, May th Herwig C.H. Hofmann University of Luxembourg.
Public Procurement in Albania in the framework of recent reforms PUBLIC PROCUREMENT AGENCY 1.

Public Procurement in Albania in the framework of recent reforms PUBLIC PROCUREMENT AGENCY 1.
1 Reform of the EU regulatory framework for electronic communications What it means for Access to Emergency Services Reform of the EU regulatory framework.

1 Reform of the EU regulatory framework for electronic communications What it means for Access to Emergency Services Reform of the EU regulatory framework.
Horizontal Research Activities involving SMEs Joachim Ball, European Commission, DG RTD B3 n Co-operative Research n Collective Research General Introduction.

Horizontal Research Activities involving SMEs Joachim Ball, European Commission, DG RTD B3 n Co-operative Research n Collective Research General Introduction.
Workshop on registered electronic mail policies and implementation Ankara, 16-17 March 2015 Davide Mula REM country practice in legal infrastructure,

Workshop on registered electronic mail policies and implementation Ankara, March 2015 Davide Mula REM country practice in legal infrastructure,
© OECD A joint initiative of the OECD and the European Union, principally financed by the EU. CENTRAL PUBLIC PROCUREMENT STRUCTURES Recent developments.

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU. CENTRAL PUBLIC PROCUREMENT STRUCTURES Recent developments.
Consumer Law: Protection and Compliance UCC 11 December 2014 Consumer Law: the European Agenda.

Consumer Law: Protection and Compliance UCC 11 December 2014 Consumer Law: the European Agenda.
The European Railway Agency in development

The European Railway Agency in development
1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.
EFSA MANAGEMENT PLAN 2008 The Management Plan

EFSA MANAGEMENT PLAN 2008 The Management Plan
Asta Sihvonen-Punkka Director General of EMA Vice-Chair of ERGEG Baltic Electricity Mini-Forum 24 th of April, 2009 Riga The 3 rd Package – implied changes.

Asta Sihvonen-Punkka Director General of EMA Vice-Chair of ERGEG Baltic Electricity Mini-Forum 24 th of April, 2009 Riga The 3 rd Package – implied changes.
EUROPEAN COMMISSION - DG Internal Market 1 Reviewing the Review: The European Commission's Third Review of the Product Liability Directive

EUROPEAN COMMISSION - DG Internal Market 1 "Reviewing the Review: The European Commission's Third Review of the Product Liability Directive"
Media Projects Marija Gaćeša and Violeta Ćorić Belgrade, 1 st October 2007. Ministry of Finance.

Media Projects Marija Gaćeša and Violeta Ćorić Belgrade, 1 st October Ministry of Finance.
The 3rd package for the internal energy market Key proposals EUROPEAN COMMISSION Heinz Hilbrecht Directorate C - Security of supply and energy markets.

The 3rd package for the internal energy market Key proposals EUROPEAN COMMISSION Heinz Hilbrecht Directorate C - Security of supply and energy markets.
TRANSPARENCY AGENDA FOR EUROPE

TRANSPARENCY AGENDA FOR EUROPE
European Commission Rita L’ABBATE Legal aspects linked to internal market DG Enterprise and Industry MARKET SURVEILLANCE COMMUNITY FRAMEWORK UNECE “MARS”

European Commission Rita L’ABBATE Legal aspects linked to internal market DG Enterprise and Industry MARKET SURVEILLANCE COMMUNITY FRAMEWORK UNECE “MARS”
EUNetPaS is a project supported by a grant from the EAHC. The sole responsibility for the content of this presentation lies with the author(s). The EAHC.

EUNetPaS is a project supported by a grant from the EAHC. The sole responsibility for the content of this presentation lies with the author(s). The EAHC.
IRG/ERG Gabrielle Gauthey Member of the Board of ART.

IRG/ERG Gabrielle Gauthey Member of the Board of ART.
DETERMINE Working document # 4 'Economic arguments for addressing social determinants of health inequalities' December 2009 Owen Metcalfe & Teresa Lavin.

DETERMINE Working document # 4 'Economic arguments for addressing social determinants of health inequalities' December 2009 Owen Metcalfe & Teresa Lavin.

Similar presentations

Ads by Google