ENISA efforts for securing European Internet Infrastructure

Slides:

Advertisements

Similar presentations

Session 3: Safer Services in a Digital Society Security with RFID Gérald Santucci European Commission Head of Unit DG INFSO/D4.

Advertisements

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

From e-Government to e-Governance: The OECD Experience Elizabeth Muller E-Government Project OECD SitExpo February 1004, Casablanca - Morocco.

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

National Infrastructure Protection Plan

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

DHS, National Cyber Security Division Overview

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

International Telecommunication Union Committed to connecting the world 4 th ITU Green Standards Week Mike Wood & Jack Rowley EMF Technical Group Leaders,

(Geneva, Switzerland, September 2014)

Strategy and Policy Unit: Current Activities and Future Tasks

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Networks ∙ Services ∙ People John DYER TF-MSP Video Conference Community Procurement Support Building on the SPOT-ON Proposal Smart Procurement,

Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.

Overview of ITU-T Study Group 5 “Environment and Climate Change” Cristina Bueti, Adviser, ITU.

1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Information Asset Classification

Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security ISO / BS7799.

1 EU Collaboration in Network and Information Security Baltic IT&T Forum 2006 Riga, 6 April 2006 Dr. Ronald de Bruin ENISA.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

7th International Forum on Tourism Statistics

Critical Role of ICT in Parliament Fulfill legislative, oversight, and representative responsibilities Achieve the goals of transparency, openness, accessibility,

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.

International Telecommunication Union ICTs and Climate Change Adaptation Angelica V Ospina, University of Manchester, UK Cristina Bueti, International.

Network of Excellence in Internet Science Network of Excellence in Internet Science (EINS) Joint Workshop and 4 th Plenary Meeting Bologna June 13, 2014.

A General Overview of Information Security Senior advisor Mona Naomi Lintvedt

EISAS Pilot Collaborative Awareness Information Dissemination to EU Citizens & SMEs 1.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Association of Defense Communities June 23, 2015

Critical Infrastructure Protection: Program Overview

Adaptation knowledge needs and response under the UNFCCC process Adaptation Knowledge Day V Session 1: Knowledge Gaps Bonn, Germany 09 June 2014 Rojina.

Mission An alliance of individuals, NGOs, regions and corporations working to provide Europe with easy-to-use, resilient, and ubiquitous communications.

Benoît ESNAULT Commission de Régulation de l’Energie 17th Madrid Forum Madrid, 15 January year network development plan ERGEG recommendations.

Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Engineering Essential Characteristics Security Engineering Process Overview.

DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input 2.

Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.

Project: CAPACITY BUILDING FOR VIETNAMESE CIVIL SOCIETY ORGANISATIONS ON CLIMATE CHANGE Presented by: Ms. Pham Thi Bich Ngoc CC Project Coordinator, The.

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.

AC Workshop _ Bratislava - March 2011 UNDP BRC, capacity development for prevention of corruption Francesco Checchi, Anti-Corruption Programme Coordinator.

European Union Agency For Network And Information Security Security and resilience for eHealth Infrastructures and Service – ENISA study Dimitra Liveri.

EU activities against cyber crime Radomír Janský Unit - Fight against Organised Crime Directorate-General Justice, Freedom and Security (DG JLS) European.

SecSDLC Chapter 2.

Geneva, Switzerland, 14 November 2014 ENISA and Cloud Certification Dimitra Liveri Security and Resilience of Communication Networks Officer ENISA ITU.

Public Sector Duty: Putting Equality and Human Rights at the Heart of the National Drugs Strategy NIALL CROWLEY.

.……………………………………………………………………………………………………………... Presentation to the Paris Event Parallel session on EO-2 PCP call - 28 octobre

International Telecommunication Union ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004 Infrastructure Security: The impact on Telecommunications.

Arindam Bose, Moses Moreri, Thari Pheko1 ICT INDICATORS Botswana Case Study Joint ITU/ECA regional workshop on Information and Communication Technologies.

Improving NIS in the EU Dr

European Union Agency For Network And Information Security Enhancing the security of CIIPs in Europe – eHealth and ENISA Dr. Evangelos Ouzounis, Head of.

International Telecommunication Union Committed to connecting the world Overview of ITU-T/SG5 “Environment and climate change” Ahmed Zeddam Chairman of.

Overview July 2011 INMM Nuclear Security and Physical Protection Technical Division.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.

Digital Security Focus Area & Critical Infrastructure Protection in H2020 SC7 WP Aristotelis Tzafalias Trust and Security Unit DG Communications.

Business Continuity Planning 101

March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.

Security and resilience for Smart Hospitals Key findings

Inter-American Telecommunication Commission

Inter-American Telecommunication Commission

Critical Infrastructure Protection Policy Priorities

GENDER STATISTICS IN INFORMATION AND COMMUNICATION

ITU an Overview Combined International SNO and 8th African SNO

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

ISO/IEC 27001:2005 A brief introduction Kaushik Majumder

Economic and social cohesion in the Western Balkans - cybersecurity

Presentation transcript:

ENISA efforts for securing European Internet Infrastructure Rossella Mattioli Security and Resilience of Communication Networks Officer

Securing Europe’s Information Society Operational Office in Athens The European Union Agency for Network & Information Security (ENISA) was formed in 2004. The Agency is a Centre of Expertise that supports the Commission and the EU Member States in the area of information security. We facilitate the exchange of information between EU institutions, the public sector and the private sector ENISA is as a body of expertise, set up by the EU to carry out very specific technical, scientific tasks in the field of Information Security, working as a "European Agency". EU agencies are distinct bodies from the EU institutions – separate legal entities set up to perform specific tasks under EU law The Agency also assists the European Commission in the technical preparatory work for updating and developing Community legislation in the field of Network and Information Security.

Positioning ENISA activities POLICY IMPLEMENTATION HANDS ON MOBILISING COMMUNITIES RECOMMENDATIONS

Increasing reliance on communication networks Today’s challenges Increasing reliance on communication networks Emerging threat environment hampering the availability, integrity and confidentiality of networks based on: Infrastructure vulnerabilities Interdependencies Privacy concerns The Internet infrastructure is the backbone of the information society but as it has become clear in the recent news, different threats, both technical and geopolitical, can hamper its availability. Citizens expect national authorities to be fully aware of the possible interdependencies and put in place all possible measures to ensure the security and resilience of their communications. 11 http://www.enisa.europa.eu/internetcii

Internet Infrastructure assets

ENISA Threat Landscape Report http://www.enisa.europa.eu/internetcii

Current Internet infrastructure threats

Routing threats - good practices

DNS threats - good practices

DDoS - good practices

Internet Threat Landscape - recommendations Evaluate your current level of security by understanding the assets covered (and not covered) by existing security measures Evaluate the application of adapted good practices in a focused manner Cooperate with the community to exchange on threats and promote the application of good practices as mitigation measures For users deploying good practices guides: report on their implementations, assets covered and gaps found Words matter: Ensure the right use of terms and definitions

Internet Threat Landscape - recommendations Use proper risk assessment methods to understand vulnerable assets in your infrastructure and prioritise your protection actions Build an information and communication technology security awareness and training program Infrastructure owners shall commit third-party vendors to apply security measures Infrastructure owners should stay current on any updates

Latest ENISA activities regarding electronic communications “Protection of Underground Electronic Communications Infrastructure” to prevent damages caused by civil work to buried cables “Secure ICT Procurement in Electronic Communications” regarding risks associated with 3rd party ICT products and outsourced services “Methodologies for identification of Critical Information Infrastructures assets and services “to identify which specific assets and services in communication networks are critical for a a particular Member State Annual report regarding the most severe outages of electronic communication networks or services that are reported to the communication authorities of each Member State every year.

Participate in our activities

Studies and community engagement Ideas for upcoming studies/papers Surveys Interviews Previews of our studies Feedback Validation sessions

Workshops 2013 - Before RIPE 67 in Athens 2014 - After Internet Security Days in Cologne 2015 - Q4 TBD - focus on connectivity interdependencies for smart grids

INFRASEC - Internet infrastructure security and resilience reference group Gathering of technical experts Discuss the progress of ENISA projects Info exchange on latest threats Periodic conf-calls Dedicate webpage 1st physical meeting @RIPE69 Validation of ENISA studies List of good practices

Protect Cooperate Exchange

Thank you Rossella Mattioli