Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March

Slides:

Advertisements

Similar presentations

Capacity Building Mandate We, the participants…recognize the need to support: …A coordinated effort to involve and assist developing countries in improving.

Advertisements

Philippine Cybercrime Efforts

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

European Consumer Summit 2014 On-line and mobile payments Dr Florent Frederix Trust & Security Unit, DG CONNECT, European Commission 1 th of April 2014.

1 Moderated by Gordon Gillerman National Institute of Standards & Technology November 10, 2010 Ninth Annual ANSI-HSSP Plenary: U.S. European Collaboration.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Security Controls – What Works

ENISA and Cloud Security

National Cybersecurity Management System

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.

Approaches and Mainstreaming of Ecosystem-based Adaptation in Europe International workshop “Mainstreaming an ecosystem based approach to climate change.

Geneva, Switzerland, 14 November 2014 ENISA and Cloud Certification Dimitra Liveri Security and Resilience of Communication Networks Officer ENISA ITU.

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.

Improving NIS in the EU Dr

ISACA Ireland Cyber Security Policy 9 February 2016.

LSEC H2020-DS - & CIP Ulrich Seldeslachts, Brussels, January 27th, 2016.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

Economics of Policing Shared Forward Agenda Economics of Policing Shared Forward Agenda.

SIMONA MURRONI Bruxelles - June 27th 2013 Bridging lessons learned from the past with new planning and delivery approaches in the energy sector.

Orientations towards the Scoping Paper H2020 Transport Programme Committee Brussels, 22 June 2016 SMART, GREEN and INTEGRATED TRANSPORT.

United 4 Smart Sustainable Cities: Working Group 3 Kari Aina Eik OIER Organization for International Economic Relations July 2016, Geneva First Meeting.

Security and resilience for Smart Hospitals Key findings

Law Firm Data Security: What In-house Counsel Need to Know

Cloud Security for eHealth – Study Validation

Horizon 2020 Secure Societies European Info Day and Brokerage Event

INSPIRE and the role of Spatial Data Interest Communities (SDIC)

General presentation of the initiative May 2017 Presented by: Name Lastname, Role – Organisation’s.

MEM Cybersecurity Working Group Update to PCD Technical Committee

Attention CFOs How to tighten your belt and still survive May 18, 2017.

Regional Research-driven clusters as a tool for strenghthening regional economic development: the FP7 Regions of Knowledge Programme and its synergies.

Observatory, Service catalogue, Marketplace and SME end-user club

Bringing EU Cybersecurity & privacy research results closer to the market Cybersecurity.

About the NIS directive

ServiceNow Implementation Knowledge Management

Gender statistics in Information and Communication Technology for Women’s Empowerment and Gender Equality Dorothy Okello, Annual.

Critical Infrastructure Protection Policy Priorities

GENDER STATISTICS IN INFORMATION AND COMMUNICATION

Cyber Security coordination in Europe CERT-EU’s perspective

LEGAL & ETHICAL ISSUES InsurTech & Health Insurance Providers

HOSTED BY IN PARTNERSHIP WITH SUPPORTED BY Barcelona iCapital 2015.

8 Building Blocks of National Cyber Strategies

Cyber attacks on Democratic processes

Telco related activities in ENISA

Presentation of the ICT4Water cluster

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

UNLV Data Governance Executive Sponsors Meeting

Alignment of COBIT to Botswana IT Audit Methodology

Trust and Security Unit

Presentation for information days Units involved:

Cyber Risk & Cyber Insurance - Overview

Opportunities for Cybersecurity and Privacy clusters

CYRAIL Final Conference ERA on cybersecurity

The European Union response to cyber threats

Community of Users.

Standardisation Coordination

NATIONAL AND INTERNATIONAL MEASURES OF CYBERSECURITY

Juan Gonzalez eGovernment & CIP operations

Managing IT Risk in a digital Transformation AGE

DSC Contract Management Committee Meeting

Data Governance & Management Skills and Experience

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Conclusions from the Review of REACH

ISACA IN 2019 Robin Lyons WHAT’S NEXT, NOW Technical Research Manager

Presentation transcript:

Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March The NIS Directive and the Digital Single Market- what does the cloud need? Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March

Positioning ENISA activities CAPACITY Hands on activities POLICY Support MS & COM in Policy implementation Harmonisation across EU Mobilizing EU communities COMMUNITY EXPERTISE Recommendations Independent Advice

ENISA’s work in the area of Cloud 2009 Cloud computing risk assessment 2009 Cloud security Assurance framework 2012 Procure secure (Security in SLAs) 2013 Critical cloud computing 2013 Incident reporting for cloud computing 2013 Securely deploying GovClouds 2013 Support EU Cloud Strategy 2014 Cloud Certification Meta-Framework 2014 Procurement security in GovClouds 2015 Cloud Security guide for SMEs 2016 Exploring Cloud Incidents http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing This is an overview of the work we did in the past and are doing. Our early papers from 2009 are still widely downloaded and quoted. They basically give an overview of the main risks and benefits when moving to the cloud. Let me go over some of them quickly. Put in about “ENISA’s work on Cloud Computing, but concentrating on how we have helped industry secure a developing business model (work with CSA, support for the EU Cloud strategy). Here we can stress the fact that we look for security solutions that are economically viable and provide a reasonable trade-off between opportunity and risk. This is ENISA supporting economic growth.” All SecureCloud events are coorganized with CSA

First comprehensive EU cybersecurity legislation adopted! 06 July 2016 First comprehensive EU cybersecurity legislation adopted!

Obligations for MS on DSPs Minimum security measures: Technical and organizational measures proportionate to the risk (Implementing act by the COM, August 2017) Incident notification: prevent and minimize the impact of incidents on the IT systems which provide the services (Implementing act by the COM, August 2017) Notes: Light touch approach to be applied for DSPs NIS directive applicable only to large and medium enterprises Define DPS: cloud providers, online market places, search engines Implementing acts: legal texts which ensure uniform conditions for implementing legally binding Union legislative documents Light touch approach means: - security requirements for DSPs should be lighter than those for OESs, - DSPs are not subject to identification - MS are not allowed to impose any further security and notification requirements on DSPs - The criterion of main establishment of the DSP is applied vis a vis the applicable law to avoid multiple parallel jurisdictions - Security measures relevant, ONLY, to the following domains 1. Security of systems and facilities 2. Incident handling 3. Business continuity 4. Monitoring, auditing and testing 5. Compliance with international standards

ENISA’s role in supporting MSs on DSPs ENISA supported COM and the MSs with the following projects in 2016 Guidelines for implementing incident notification – DSPs - Assist COM(by providing input for the implementing acts) and MS (by providing guidelines) in incident notification requirements for DSPs Guidelines for implementing security measures – DSPs - Assist COM (by providing input for the implementing acts) and MS (by providing guidelines) in implementing minimum security measures for DSPs MSs discussed the provisions on DSPs in an informal group created by COM 2 meetings of the informal group took place in 2016 next meeting, 15 March 2017, Brussels: discussion on the draft implementing acts Our input is discussed with an informal group, created by COM, with representatives from MS Its role is to prepare the implementing acts and the ToRs for the Cooperation Group The implementing acts will pass through the comitology procedure. Main challenge is the identification of the DSPs

ENISA supporting the NISD

EC implementing acts ENISA input A non exhaustive list of 29 security measures which fall under the article 16(1) elements. (a) the security of systems and facilities; (b) incident handling; (c) business continuity management; (d) monitoring, auditing and testing; (e) compliance with international standards. Examples of implementation for all these 29 measures A list of definitions which accompanies the list of security measures The process Deadline for the adoption: 9 August 2017 First comitology meeting: 15 March 2017

The DSM and the Cybersecurity Industry Opportunities and tools for growth Supports the DSM

How NIS Products and Services can benefit from the DSM? NIS Products and services are used to: Protect digital and physical assets from cyber threats; Enhance the awareness and preparedness level; Ensure availability, privacy and integrity… Non-exhaustive list of NIS Products and Services: Software (e.g. antivirus, firewall, SIEM) Hardware (e.g. network probe) Information exchange (e.g. ISAC) Service (e.g. cloud storage, threat intelligence, certification) Awareness (e.g. education, training) Support (e.g. product maintenance, CERT) etc.

Current and Emerging Trends & the Evolution of the Demand Side Common requirements in NIS products and services across all sectors. Prioritization based on specific business context. Need for enhanced intelligence, analytics, automation etc. (AI?) Investment in NIS and ease of use are key issues Landscape is changing due to evolving threats Trend Online Banking Online Marketplaces Cloud Storage Wireless Telecommunications Online Media Cloud  IoT Mobile SDN/NFV AI Big Data Business Models / Use Cases / Application Areas Vulnerabilities / Attack Surface NIS Tools

Recommendation Highlights Raise awareness on the user side to increase demand (educate the market, Cyber-Insurance, regulatory impact on NIS investment, SME policy, NIS training and education, pursue board-level involvement etc.) Foster innovation and support EU NIS start-ups to bridge the gap from prototyping to industrialization/commercialization (focused R&D planning, link research to NIS industry, preferential procurement policy, innovation clusters etc.) Address market fragmentation (harmonized certification, standards etc.) Build NIS ecosystem (industrial clusters, added value chain positioning etc.)

Thank you