Www.enisa.europa.eu European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

Slides:

Advertisements

Similar presentations

A strategy for a Secure Information Society –

Advertisements

NISSG Open Meeting, 28/06/ ENISA. NISSG Open Meeting, 28/06/ The Agency ENISA: European Network and Information Security Agency Headquarters:

1 European Standardisation and the Identification of ICT Technical Specifications 13th XBRL Europe Day Rome, 6 May 2014 Antonio Conte, Project Manager.

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

Geneva, Switzerland, September 2014 ETSI TC Cyber Charles Brookson Chairman ETSI TC Cyber Zeata Security Ltd and Azenby Ltd ITU.

Summary of ETSI/ESI activities Andrea Caccia ETSI/ESI TB member Note: This document expresses only the views of its author.

Standards and Innovation NSAI Standards Development Elizabeth O’Ferrall Seminar – Universal Design in Legislation, Policy and Practice 3 rd June 2010 This.

Depth and diversity of a competitive EDTIB: SMEs in defence The European Defence Agency Pieter Taal Assistant Director, Industry & Market Directorate Berlin.

1 Reform of the EU regulatory framework for electronic communications What it means for Access to Emergency Services Reform of the EU regulatory framework.

SMART GRID DEVICES SECURITY CERTIFICATION

Strategy and Policy Unit: Current Activities and Future Tasks

ITU-T Forum Geneva, 13 October 2014 Monica Ibido,

NIS Directive and NIS Platform

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

National Cybersecurity Management System

Common recommendations and next steps for improving local delivery of climate finance Bangkok, October 31, 2012.

1 ENISA: Fostering the European Cooperation on Network & Information Security Dr. Panagiotis Trimintzios, CISSP European Network &

A Common Immigration Policy for Europe Principles, actions and tools June 2008.

1 EU Collaboration in Network and Information Security Baltic IT&T Forum 2006 Riga, 6 April 2006 Dr. Ronald de Bruin ENISA.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

Local authorities’ role in implementing European Employment Strategy - case Finland Mr. Lauri Lamminmäki, Senior Adviser Association of Finnish Local and.

Innovation in the Rural Development Networks Directorate General for Agriculture and Rural Development Matthias Langemeyer & Iman Boot.

Terezia Sinkova EFSA The new EU Food Safety Agency.

Gzim Ocakoglu European Commission, DG MOVE World Bank Transport Knowledge and Learning Program on Intelligent Transportation Systems (ITS), 24/06/2010.

Cloud services security Prof. Manel Medina Head of Unit CERT Operations support ENISA

Ensuring Food Safety in Europe through Scientific Cooperation and Networking The Role of EFSA Carola Sondermann EFSA Polish Focal Point – Annual Experts.

Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.

-The Association for the Advancement of Assistive Technology in Europe -The AT European approach and future trends International initiatives.

The 3rd package for the internal energy market Key proposals EUROPEAN COMMISSION Heinz Hilbrecht Directorate C - Security of supply and energy markets.

IEC SG 3 - Smart Grid Strategic Group CEN/CENELEC - Focus Group activities on standards for the Smart Grid P. Boss, Geneva (CH)

Expert group meeting on draft delegated act on the European code of conduct on partnership (ECCP) under cohesion policy

JRC - IRMM – 17/18 June 2008 – EAQC-WISE project workshop – Held1 The EAQC-WISE blueprint: Recommendations for a quality control system for chemical monitoring.

Risk and Crisis Management Building OECD Principles on Country Crisis Management.

The partnership principle and the European Code of Conduct on Partnership.

International Atomic Energy Agency Roles and responsibilities for development of disposal facilities Phil Metcalf Workshop on Strategy and Methodologies.

Andrea SERVIDA European Commission DG INFSO.A3 Update on EU policy on Network and Information Security & Critical Information.

Geneva, Switzerland, 14 November 2014 ENISA and Cloud Certification Dimitra Liveri Security and Resilience of Communication Networks Officer ENISA ITU.

A project implemented by the HTSPE consortium This project is funded by the European Union SMART AND INCLUSIVE GROWTH CUSTOMS

International Telecommunication Union ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004 Infrastructure Security: The impact on Telecommunications.

19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.

Improving NIS in the EU Dr

ISACA Ireland Cyber Security Policy 9 February 2016.

The 7th Framework Programme for Research: Strategy of international cooperation activities Robert Burmanjer Head of Unit, “International Scientific Cooperation.

Deconstructing the EU NIS Directive: model, architecture, interfaces, expressions Tony Rutkowski, 08.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

Workshop on “EU Enlargement: Regulatory Convergence in Non-acceding Countries” Athens 7 – 8 November 2003 Regulatory Convergence and Technical Standards.

Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,

Jeju, 13 – 16 May 2013Standards for Shared ICT Smart Grids activities in ETSI Presenter: Adrian Scrase ETSI Chief Technical Officer (CTO) Document No:

The European Transport Research Alliance - ETRA Prof. G. A. Giannopoulos Chairman, ETRA.

University of Piraeus Research Centre (UPRC) Assistant Professor Nineta Polemi “PREVENTION, PREPAREDENESS AND CONSEQUENCE MANAGEMENT OF.

EUB Brazil: IoT Pilots HORIZON 2020 WP EUB Brazil: IoT Pilots DG CONNECT European Commission.

ANSI – ESOs meeting Washington February 2017

The 3rd package for the internal energy market

Panel Discussion on KPIs and Standardisation Dr. Bernard GINDROZ

Session 2 European Regulatory Environment (just a part!)

The Role of European Standards in Support of the Cybersecurity Act

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

European Regulatory Environment (just a part!)

Nick Bonvoisin Secretary to the Convention on the

Trust and Security Unit

The role of the ECCP (1) The involvement of all relevant stakeholders – public authorities, economic and social partners and civil society bodies – at.

Smart Grids activities in ETSI

The European Union response to cyber threats

Community of Users.

ETSI Standardization Activities on Smart Grids

The Fundamental Importance of Youth Work Recommendation CM/Rec(2017)4 of the Committee of Ministers to Member States on Youth Work Ms Antje Rothemund,

European Commission, DG Environment, Marine Unit

Presentation transcript:

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency for Network and Information Security ITU SG17 meeting Geneva, 17 th September 2014

2 European Union Agency for Network and Information Security Established in 2004 Centre of expertise: Writing reports that analyse data on security practices in Europe and on emerging risks (e.g. cloud computing, exercises, national contingency plans) Supporting the European Commission & Member States in their policy initiatives (e.g. setting up and training CERTs, seminars for national exercises) Facilitating cross-border cooperation (e.g. supporting cyber security exercises) Ensuring a coherent pan-European approach (e.g. supporting the implementation of article 13a)

ENISA activities Hands on Policy Implementation Recommendations Mobilising Communities

4 ENISA efforts Identification of risks associated with new technologies affecting the daily life of citizens Cyber crisis cooperation at EU and international level and development of capabilities Facilitating Public-Private cooperation Improving transparency of security incidents Enabling communities to improve NIS: capacity building with regard to the CERT community and application of good practice for CERTs Ensuring a strong EU response to cybercrime Supporting R&D investments and strengthen the competitiveness of EU’s security industry Promote personal data protection

5 ENISA and standards Regulation (EC) 460/2004 –Art. 3 – In order to ensure that the scope and objectives set out in Articles 1 and 2 are complied with and met, the Agency shall perform the following tasks: (g): to track the development of standards for products and services on network and information security However –(12) The exercise of the Agency's tasks should not interfere with the competencies and should not pre-empt, impede or overlap with the relevant powers and tasks conferred on: the European standardisation bodies, the national standardisation bodies and the Standing Committee as set out in Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on Information Society Services(14),

ENISA and standards Regulation 526/2013, Art.3.1d Support research and development and standardisation, by: –(i) facilitating the establishment and take-up of European and international standards for risk management and for the security of electronic products, networks and services; –(ii) advising the Union and the Member States on research needs in the area of network and information security with a view to enabling effective responses to current and emerging network and information security risks and threats, including with respect to new and emerging information and communications technologies, and to using risk-prevention technologies effectively;

ENISA approach to standards Aim: promotion of best practices through SDOs ENISA role: interface between private sector, public sector, SDOs Short- and mid-term goals –Formal cooperation with SDOs and specific WGs –Working collaboration with SDOs Long-term goal –Review of and participation in NIS standardisation activities –Proposal of standards, via means of proposals for standardisation mandates.

ENISA and SDOs Established collaboration agreements with: –ISO SC27 (Liaison) –ETSI (MoU) Exchange of information of mutual interest Organisation of joint meetings and workshops ENISA to channel standardisation activities to ETSI, if appropriate Exchange of working documents, within well defined frames ENISA to nominate observers for ETSI Technical Bodies –CEN CENELEC (MoU) –ITU (MoU started!) ENISA aligns key activities with the work of SDOs –ETSI TISPAN on CIIP, ESI on eID, CLOUD on cloud certification –CEN CENELEC on smart grids; –ISO SC 27 in the area of privacy;

Challenges from EU perspective Lack of consistent strategy towards standards Recognized shortcomings of the current approach Need establishing a small number of key initiatives at EU level Improve coordination between EU funded R&D and SDOs Possible ‘vehicles’ for such a coordination: –ETSI CEN CENELEC CSCG –Horizon 2020

ETSI CEN-CENELEC Cyber Security Coordination Group (CSCG) Give strategic advice to the technical committees of CEN, CENELEC and ETSI Develop a gap analysis of European and International Standards on cyber security Define of joint European requirements for European and International Standards on cyber security Establish a European roadmap on standardization of cyber security Act as contact point for all questions of EU institutions relating to standardization of cyber security Suggest a joint US and European strategy for the establishment of a framework of International standards on cyber security

11 CSCG Action Plan #1 – Governance Framework #2 – Common Understanding Of “Cyber Security” #3 – Trust In The European Digital Environment #4 – European Pki And Cryptographic Capabilities #5 – European Cyber Security Label #6 – European Cyber Security Requirements #7 – European Cyber Security Research #8 – Eu Industrial Forum On Cyber Security Standards #9 – Eu Global Initiative On Cyber Security Standards

12 Governance framework Strategic options General recommendations –Lack of consideration from stakeholders Recommendations targeting organisations –Examples: ISO 27k, 31k –Regulated environment –EU framework for requiring a lot of resources (research, following-up activities) Recommendations for products and services –Similarities: Common Criteria –Problem in definition of ‘products’ and ‘services’ in the converging world Recommendations targeted on (classes of) functions, products or services –“Mash-up" approach – “ad hoc” solution –Functions, products, services to be selected following an appropriate process

13 European Cyber-Security Label

14 Example: ETSI ESI “Algo paper” ETSI TR –Business Guidance on Cryptographic Suites ETSI TS –Cryptographic suites ENISA reports 2013 –Recommended cryptographic measures –Algorithms, Key Sizes and Parameters Collaboration 2014 –>

Example: Security measures for smart grids - conceptual model Milestones: –1 st version, ENISA publication, Dec 2012 –2 nd version, EG2 security measures, April 2014 –Mapping between security measures and M/490 SGIS security levels Approach –Risk instead of compliance based approach –Three level approach Risk assessment (by operators) Appropriate measures (baseline) 3 Sophistication levels per each measure (implementation sophistication) 11 control domains 42 measures

16 European Union Agency for Network and Information Security Science and Technology Park of Crete P.O. Box Heraklion Crete Greece Follow ENISA