French Port Cybersecurity Initiative

Slides:



Advertisements
Similar presentations
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Advertisements

Transport EU Maritime Security Policy and legislation Christian DUPONT Deputy Head of Unit for Maritime & Land Transport Security DG Mobility and Transport.
SECURITY RESEARCH SEVENTH FRAMEWORK PROGRAMME Mark Stroud Home Office Scientific Development Branch UK Security Programme Committee Member.
Identification of Critical Infrastructures in the Mediterranean Sea context and communications’ criticalities Irene Fiorucci Cesidio Bianchi Istituto Nazionale.
The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.
Speaker: Tamar Shapatava
An Ocean of Opportunity: An integrated maritime policy for the EU 1 Places of refuge: General legal framework and developments within IMO and the EU Alexandros.
David Halldearn, ERGEG Conference on Implementing the 3 rd Package 11 th December 2008 Implementating the 3rd Package: An ERGEG Consultation paper.
IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.
1 “Summary results of the comparative survey on the transposition of Directive 2009/81” Col. Paolo LIZZA IT MoD SGD-DNA Rome, 12 july 2011”
Ship Recycling Facility Management System IMO Guideline A.962
IAEA International Atomic Energy Agency Overview of legal framework Regional Workshop - School for Drafting Regulations 3-14 November 2014 Abdelmadjid.
Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.
1 ACCREDITATION – BG situation April 2014, Prague STATE AGENCY STATE AGENCY FOR METROLOGICAL AND TECHNICAL SURVEILLANCE TECHNICAL SURVEILLANCE 1.
Environmental Management System Definitions
JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.
THE REPUBLIC OF SLOVENIA MINISTRY OF HIGHER EDUCATION, SCIENCE AND TECHNOLOGY e: Kotnikova 38, 1000 Ljubljana p:
THE FINAL ACTS OF THE ITU PLENIPOTENTIARY CONFERENCE, MARRAKESH, MOROCCO 2002 PRESENTATION TO SELECT COMMITTEE ON LABOUR AND PUBLIC ENTERPRISES.
The New EU Legislative Framework for Harmonisation Legislation for products Richard Lawson Deputy Director, Technical Regulations Sustainable Development.
The EU Directive on "Services in the internal market", COM(2004) 2 final/3 Agnese Knabe Project coordinator European Public Health Alliance Civic Alliance.
Pilot Project on implementation of SEA for regional planning in Ukraine Prof. Dr. Michael Schmidt Dmitry Palekhov Brandenburg University of Technology.
EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.
ISACA Ireland Cyber Security Policy 9 February 2016.
Deconstructing the EU NIS Directive: model, architecture, interfaces, expressions Tony Rutkowski, 08.
Homeland Security, First Edition © 2012 Pearson Education, Inc. All rights reserved. Overview of National Infrastructure Protection CHAPTER 3.
1 M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 9 – Financial Services Bilateral.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 5 – Public Procurement Bilateral screening:
Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
Reports Sources & Documents in CYSM Digital Library Co-funded by the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
Leader Axis Rural Development Policy by Jean-Michel Courades AGRI-F3.
Cybersecurity Due Diligence an ISP Perspective
INSPIRE and the role of Spatial Data Interest Communities (SDIC)
The Tripartite Working Arrangement (TWA) of EFCA, EMSA and Frontex
The Citizen in the centre in EU, Bratislava November,2005
Žilinská univerzita v Žiline Fakulta špeciálneho inžinierstva
Nuclear and Treaty Law Section Office of Legal Affairs
Cybersecurity Due Diligence
Strengthening the foundations of ERA
PRESENTATION OF MONTENEGRO
European Common policies Prepared by Dr. Endre Domonkos (PhD)
PRESENTATION OF MONTENEGRO
About the NIS directive
Nuclear and Treaty Law Section Office of Legal Affairs
The Security of Network and Information Systems Directive
Critical Infrastructure Protection Policy Priorities
European Union Law Law 326.
Cyber Security coordination in Europe CERT-EU’s perspective
8 Building Blocks of National Cyber Strategies
Enhancing maritime domain awareness and responsiveness in Europe
NERC Critical Infrastructure Protection Advisory Group (CIP AG)
Trust and Security Unit
Animal Welfare EU Strategy
CYRAIL Final Conference ERA on cybersecurity
Importance of Law and Policies in the Environmental Management System
Ofcom’s role in cyber security
Art. 17 EGTC Indicators 13th Meeting of the Expert Group on Delegated and Implementing Acts for the ESI Funds 4th July 2013.
The European Union response to cyber threats
ISO management systems
Task Force on Target Setting and Reporting TFTSR
Community of Users.
The e-government Conference main issues
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Outline Background: development of the Commission’s position
European Programme for Critical Infrastructure Protection (EPCIP)
Deborah Housen-Couriel, ADV.
THE EU LEGAL FRAMEWORK ON EMPLOYEE INVOLVEMENT
Presentation transcript:

French Port Cybersecurity Initiative PROTECT Group Rotterdam 23, March 2017 Jerome Besancenot

MPL Principles Military Program Law (MPL) Item 22 –December 18, 2013 : Measures to strengthen the security of Vital Operators’IS in the objective to protect vital national infrastructures from cyber attacks. article 22 : On behalf of the Prime Minister, Security on Information System Agency (ANSSI) may impose security measures and controls on VO information systems. In addition, Article 22 makes it obligatory to declare incidents detected by VOs on their information systems.

MPL WorkGroups During the year 2015, ANSSI organized by sectors working groups especially involving maritime ports and river organizations Specify the scope of ISVI (Information Systems of Vital Importance) Systems that could adversely affect the war or economic potential, security or survivability of the Nation Specify the timeframe and expected timeframe for strengthening SIIV measures Evaluate with ports the costs and difficulties of the project Orders specifying the law are issued in August with a date of application from October 1, 2016

Order of August 11, 2016 Chapter 1: Security rules Chapter 2: ISVIs Declaration (3 months) Chapter 3: Security Incident Reporting (1 year) Chapter 4: Final provisions -> contact details of the person mentioned in Article R.1332-41-20 of the Defense Code (3 months)

MPL Main rules Information Systems Security Policy Rule relating to security approval Rule on cartography Rule on safekeeping Logging rule Rule Relating to the Correlation and Analysis of logs Detection Rule Rule on the handling of security incidents Alert processing rule Crisis management rule Identification rule Authentication rule Access Rights Rule Administrative Account Rules Rule relating to administrative information systems Rule on network partitioning Filtering rule Rule for remote access Rule relating to the installation of services and equipment Rule on indicators

cybersecurity incidents Planning : main steps Governance of cybersecurity Protecting systems Managing cybersecurity incidents Homologation of our ISVI y1 y2 y3 Order enforcement Checking our ISVI Risk management

NIS Directive DIRECTIVE (EU) 2016/1148 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning measures for a high common level of security of network and information systems across the Union adopted by the European Parliament and the Council on 6 July 2016 will apply in the Union Member States from 10 May 2018 Implementation evaluation will be done every 2 years

Operator of essential services Legal definition of the essential services operator (OSE). It is any "public or private entity" in one of the sectors or sub-sectors described below, which meets the three criteria for identifying Article 5 (2) of the Directive, namely: The entity provides a service that is essential to maintaining critical social and economic activities; The provision of this service depends on networks and information systems; An incident would have a significant disruptive effect on the provision of said service.

The sectors or sub-sectors concerned The sectors in which operators of essential services provide services dependent on networks and information systems number 7. These are the energy sectors, transport, banks, financial market infrastructures , Health, the supply and distribution of drinking water, and digital infrastructure. There are two sub-sectors, energy (sub-sectors of electricity, oil and gas) and transport (sub-sectors of air transport, rail transport, water transport, truck transport). France has identified 12 sectors, as well as several sub-sectors.

Water transport sector (10) In the water transport sector, security requirements for companies, ships, port facilities, ports and vessel traffic services under Union legal acts cover all operations, including radio and telecommunication systems, computer systems and networks. Part of the mandatory procedures to be followed includes the reporting of all incidents and should therefore be considered as lex specialis, in so far as those requirements are at least equivalent to the corresponding provisions of this Directive.   (11) When identifying operators in the water transport sector, Member States should take into account existing and future international codes and guidelines developed in particular by the International Maritime organisation, with a view to providing individual maritime operators with a coherent approach.

Minimum content of any national strategy of a MS : The objectives and priorities of the national strategy; The governance framework to achieve the objectives and priorities and the roles and responsibilities of public bodies and private actors; The inventory of preparedness, response and recovery measures including measures of cooperation between public and private actors; An overview of education programs and, above all, awareness and training in relation to the objectives of the national strategy; An overview of research and development plans; A risk assessment plan; A list of actors responsible for implementing the national strategy.

Group of strategy cooperation between MS Establishment of a group for strategic cooperation and exchange of information between Member States of the Establishment of computer security incident response centers (CSIRTs) and the CSIRT network National authorities and single point of contact The development of security and incident reporting requirements for operators of essential services Establishing security and incident reporting requirements for digital service providers The impact of the NIS Directive on our current legal framework

Conclusion & Proposal Conclusion PCS, CCS, MSW are mainly concerned by such European strategy IMO matters Increasing concerns related to ships and ports, MSC & FAL Committees probably should converge on a global issue Proposal for PROTECT Data sensitivity identification How to secure in an harmonized way EDI exchanges BtoG, GtoG SW interoperability To build a european Protect « Cyber circle » Recognized Think Tank Possibility to arrange a meeting with Cyber community The future begins immediatly After the end of this sentence

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.