The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.

Slides:

Advertisements

Similar presentations

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

Advertisements

CIRAS PROJECT OVERVIEW

Ministry of Economic Affairs The process of transposition in France.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

Speaker: Tamar Shapatava

MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.

The Stabilisation and Association Agreement between Montenegro and the EU signed in October 2007, entered into force in May Montenegro has been.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

Strategy and Policy Unit: Current Activities and Future Tasks

NIS Directive and NIS Platform

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

Regulatory Body MODIFIED Day 8 – Lecture 3.

LOGO MIRJANA SEKULOVSKA, PhD, DEPUTY MINISTER OF INFORMATION SOCIETY Republic of Macedonia Ministry of Information Society.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Space Systems as Critical Infrastructure Iulia-Elena Jivanescu 1st Space Retreat, Tenerife, Spain, 8-22 January, 2013.

Making the Services Directive Work Dublin 6 March 2014 Services Directive and why it matters.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

IAEA International Atomic Energy Agency Overview of legal framework Regional Workshop - School for Drafting Regulations 3-14 November 2014 Abdelmadjid.

Japanese Government’s Efforts to Address Information Security Issues October, 2007 National Information Security Center (NISC)

IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

Overview of the Rotterdam Convention. Sub-regional Consultation for DNAs 2 Overview of the Rotterdam Convention Structure of the presentation Part 1 -Introduction.

Association of Defense Communities June 23, 2015

International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.

ECENA Exchange Programme First Plenary Meeting January, 2006 Zagreb, Croatia Update on strengthening the implementation and enforcement of EU environmental.

NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.

Briefing on Progress made with regard to Prevention and Management of Child Abuse and Neglect Especially Child Sexual Abuse Presentation at the Portfolio.

Greek experience on the enforcement of Product Safety legislation Community safety legislation and current situation in Greece.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Office of the President Office of the Chief of Staff Secretariat of Environment and Sustainable Development.

THE REPUBLIC OF SLOVENIA MINISTRY OF HIGHER EDUCATION, SCIENCE AND TECHNOLOGY e: Kotnikova 38, 1000 Ljubljana p:

Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Regulatory Authority.

IAEA International Atomic Energy Agency School of Drafting Regulations – November 2014 Government and Regulatory Body Functions and Responsibilities IAEA.

Technical Meeting on Milestones for nuclear power infrastructure development Radiation Protection Khammar Mrabit Head, Regulatory Infrastructure and Transport.

Exercise 3 What is Necessary to build a Framework NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and.

Experience of Moldova in implementing structural reforms Eugen Osmochescu Head, RIA Secretariat Geneva, 23 October 2007.

PPP Legal & Regulatory Framework. PPP Policy In July 2008 GOK approved the PPP policy directive through which: PPPs are identified as a method for investing.

EU activities against cyber crime Radomír Janský Unit - Fight against Organised Crime Directorate-General Justice, Freedom and Security (DG JLS) European.

State Emergency Management

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

International Atomic Energy Agency School for Drafting Regulations on Radiation Safety RER/9/096 Vienna, 3 May, 2010 Adriana Nicic, Regulatory Activities.

IAEA International Atomic Energy Agency TM/WS TOPICAL ISSUES ON INFRASTRUCTURE DEVELOPMENT: MANAGING THE DEVELOPMENT OF NATIONAL INFRASTRUCTURE FOR NUCLEAR.

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.

European Union Agency For Network And Information Security Enhancing the security of CIIPs in Europe – eHealth and ENISA Dr. Evangelos Ouzounis, Head of.

ISACA Ireland Cyber Security Policy 9 February 2016.

OAS Secretariat for Multidimensional Security CICTE Secretariat Disasters and Critical Infrastructure Protection.

Deconstructing the EU NIS Directive: model, architecture, interfaces, expressions Tony Rutkowski, 08.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Cybersecurity Strategy in Japan May 2016 Yasu TANIWAKI Deputy Director-General National center of Incident readiness and Strategy for Cybersecurity (NISC)

Some Considerations for Sustainable Development of RCARO 2009 RCARO Jeju Workshop John K Chung.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

Western Balkans Climate Resilience Workshop, Vienna, 11 – 12 May 2016.

Polish Critical Infrastructure Protection System.

International Law in Military Operations: a NATO practitioner’s views Mr. Vincent Roobaert Senior Legal Advisor NATO Communications and Information Agency.

National Cybersecurity Strategies: Global Trends in Cyberspace Online Paper Presentation 2016 AU Graduate Student Conference September 17 Regner Sabillon,

ANSI – ESOs meeting Washington February 2017

Cyber Security and Georgia. New Challenges

Cybersecurity Due Diligence

French Port Cybersecurity Initiative

About the NIS directive

Nuclear and Treaty Law Section Office of Legal Affairs

Establishing the Infrastructure for Radiation Safety Preparatory Actions and Initial Regulatory Activities.

8 Building Blocks of National Cyber Strategies

NERC Critical Infrastructure Protection Advisory Group (CIP AG)

CYRAIL Final Conference ERA on cybersecurity

The European Union response to cyber threats

Community of Users.

Ad hoc Group of Experts on Better Regulation

 The Executive President shall represent

Presentation transcript:

The French approach to CIIP ENISA workshop

Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National Security (SGDSN) assists the Prime Minister in matters of national defense and security. 12 critical sectors Energy, communications, healthcare and public health, financial services, transportation, water… A list of critical operators “An operator whose unavailability could strongly threaten the economical or military potential, the security or the resilience of the Nation”

The ANSSI ANSSI 3 An interministerial agency, responsible for prevention and reaction to cyber attacks. Originally focused on the protection of governmental networks. Extended its missions to cover critical operators. Reports to the SGDSN. CIIP issues are under ANSSI’s responsibility.

The initial CIIP framework ANSSI 4 A CIP framework originally focused on the physical protection of critical infrastructures. A relatively slow interministerial process, unsuited to IT security. IT security obligations only for the communications sector.

A new basis for CIIP : the military programming law ANSSI 5 Article 22 introduces specific provisions to enhance the cyber security of critical operators. The military programming law (LPM) is promulgated on December 18, 2013, following the measures announced by the 2013 White Paper. The 2013 White Paper on Defense and National Security recognizes the need to reinforce the security of critical infrastructures.

Secondary legislation will define all implementation measures ANSSI 6 Security rules Security rules ANSSI can set technical and organizational rules Network mapping, network segmentation, implementation of detection capabilities, homologation, IT administration rules, IT security policy... Incident notification ANSSI shall be notified of incidents occuring on critical systems  Types of incidents to be notified will be specified by sectorial orders.  Direct notification to ANSSI by the critical operators. Inspection ANSSI can trigger security inspections  Inspections done by ANSSI, an other governmental authority or a qualified provider.  On a regular basis or following an incident. Major crises ANSSI can impose measures in case of major crises  The threshold of what is a ”major crisis” is defined by the Prime Minister.  Legal basis for action in the framework of crises management plans.

2014 : three phases of experiment ANSSI 7 February – May 2014 First listing of the critical systems (all operators). March – June 2014 Applicability of ANSSI’s recommendations on industrial control systems cybersecurity (4 operators). June – October 2014 Incident notification (a dozen operators).

A work in progress : what’s next ? ANSSI 8 End 2014 : Legal implementation texts to be published.2014 – 2015 : Sectorial working groups leaded by the ANSSI : Sectorial orders to define identification criteria for critical systems, security rules and types of incidents to notify – 2020 : Feedback – possible upgrading of the sectorial orders.