2002 Symantec Corporation, All Rights Reserved The EU Regulations and IT security An industry perspective Ilias Chantzos, Government Relations EMEA Terena.

Slides:

Advertisements

Similar presentations

4th Poverty Reduction Strategies Forum Athens, June 27 th, 2007 Regional Energy market in Southeast Europe: Prospects and challenges for the SEE countries.

Advertisements

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

UN Comprehensive Study on Cybercrime

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

By Joke SWIEBEL Joke SWIEBEL (Former MEP and former Chair of the EP Intergroup on gay and lesbian rights) with the help of Christine Loudes (Policy officer.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

EMAS III: A mature instrument for new challenges Soledad BLANCO Director, Directorate Industry DG Environment.

Europol’s tailor-made data protection framework

EU: Bilateral Agreements of Member States

Privacy and security: Is Europe going banana? Jean-Marc Van Gyseghem Head of Unit « Liberties in the information society » CRID – University.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

MINISTRY OF FINANCE Counsellor, docent, Dr Tuomas Pöysti1 The Constitutionalisation and Evolution of Penal Law and Control Policy in the European.

European Commission Enterprise and Industry Market surveillance and automotive type-approval legislation - 28/06/2012 | ‹#› WP.29 Enforcement Working Group.

Conférence Permanente de la Probation An introduction by Leo Tigges, Secretary General.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

TAMARA ĆAPETA JEAN MONNET PROFESSOR OF EU LAW UNIVERSITY OF ZAGREB, FACULTY OF LAW 2014 New systematization of EU legal instruments in the Lisbon Treaty.

EU Criminal Law Introduction, Lisbon Treaty. EU criminal legislation EU cannot adopt a general EU criminal code EU cannot adopt a general EU criminal.

David Halldearn, ERGEG Conference on Implementing the 3 rd Package 11 th December 2008 Implementating the 3rd Package: An ERGEG Consultation paper.

Legal Framework on Information Security Ministry of Trade, Tourism and Telecommunication Nebojša Vasiljević.

2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference,

22 February 2007 ERGEG approach to the internal energy market Nick Thompson – Ofgem IFIEC Europe Energy Forum, 22 February 2007.

Course: European Criminal Law SS 2009 Hubert Hinterhofer.

Tackling IT crime in a global context: the Convention on Cybercrime 3 years after Julio Pérez Gil University of Burgos, Spain.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.

Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.

Moving Forward With the African Dialogue Cross-Border Principles By Mary Gurure Manager, Legal Services and Compliance COMESA Competition Commission Lilongwe,

The 3rd package for the internal energy market Key proposals EUROPEAN COMMISSION Heinz Hilbrecht Directorate C - Security of supply and energy markets.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.

Jerzy Jendrośka Energy security and legal requirements for environmental protection, public involvement and transboundary co-operation Scientific support.

European Commission 1 TSM Regulation: Spectrum Briefing on Telecoms Single Market Package Anthony Whelan Head of Unit – Spectrum Electronic Communications.

June 1, st Asia Pacific Privacy Authorities (APPA) Forum – PHAEDRA Workshop Nr. 3: The EU Data Protection Regulation and regional perspectives.

Course: European Criminal Law SS 2009 Hubert Hinterhofer.

Directorate General for Energy and Transport European Commission Directorate General for Energy and Transport Regulation of electricity markets in the.

Capacity building workshop on environment and health Public participation and the right to know: Aarhus Convention and PRTR Protocol Monica Guarinoni Sofia,

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

1 The Challenges of Globalization of Criminal Investigations Countries need to: Enact sufficient laws to criminalize computer abuses; Commit adequate personnel.

New Regulation on Plant Reproductive Material: main elements of the upcoming Commission proposal Yannis Karamitsios European Commission, DG SANCO.

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

Directorate General for Enterprise and Industry European Commission The New Legislative Framework - Market Surveillance UNECE “MARS” Group meeting Bratislava,

EU activities against cyber crime Radomír Janský Unit - Fight against Organised Crime Directorate-General Justice, Freedom and Security (DG JLS) European.

DG Information Society The EU and Data Retention Data Retention Meeting London, 14 May 2003 Philippe GERARD, DG Information Society The positions.

Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor.

The Energy Package:– The New Regulatory Framework for Europe International Energy Conference, 12 March 2008 David Halldearn Senior Advisor European Affairs.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

VoIP Regulation Klaus Nieminen TKK Table of Contents Background EU Regulatory Framework Objectives, PATS and ECS definitions VoIP Classification.

Network Reliability and Interoperability Council VII NRIC Council Meeting Focus Group 1B Network Architectures for Emergency Communications in 2010 September.

Article 28(2) USD Introduction. The Problem Fraud and Misuse scale Evolving risks Impact on end users –Direct financial impact –Direct inconvenience Indirect.

CRIMINAL LAW OF THE EUROPEAN UNION 1 April 2015 THE LISBON TREATY AND CRIMINAL LAW Dr. sc. Zoran Burić Department of Criminal Procedural Law University.

The New Legislative Framework

European Labour Law Institutions and their Competencies JUDr. Jana Komendová, Ph.D.

First ARF Inter-sessional Meeting on non proliferation Beijing, China 1-3 July 2009 First ARF Inter-sessional Meeting on non proliferation Beijing, China.

The Institute of International and European Affairs Dublin, 2 March 2010 Kunio Mikuriya Secretary General World Customs Organization.

The legal aspects of eHealth: the specific case of telemedicine Céline Deswarte ICT for Health Unit, European Commission TAIEX Multi-country seminar on.

TAIEX-REGIO Workshop on Applying the Partnership Principle in the European Structural and Investment Funds Bratislava, 20/05/2016 Involvement of Partners.

TAIEX INTERNAL MARKET WEEK IN BUDAPEST November 2004 Co-operation of Customs Administrations Presentation by: Sandro Le Noci – Italian Customs.

7th ASEAN COMPETITION CONFERENCE 8-9 March 2017, Malaysia “ASEAN’s Young Competition Agencies – The Tough Get Going” Dato’ Ahmad Hisham Kamaruddin Member.

GDPR (General Data Protection Regulation)

The 3rd package for the internal energy market

Data Protection: EU & International

Critical Infrastructure Protection Policy Priorities

U.S. Department of Justice

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

Review of the Telecom Framework – Security rules Security rules in the proposed European Electronic Communications Code (EECC) Lisbon, 8 March 2017.

Protection of Personal Information Bill: An International Perspective

The activity of Art. 29. Working Party György Halmos

Is Data Protection a Fundamental Right Protecting the Individual?

EU Data Protection Legislation

Presentation transcript:

2002 Symantec Corporation, All Rights Reserved The EU Regulations and IT security An industry perspective Ilias Chantzos, Government Relations EMEA Terena Conference, May 2006

2 – 2002 Symantec Corporation, All Rights Reserved Some EU terminology  Directive –Not directly applicable, aims to achieve an objective  First Pillar vs Third Pillar  Framework Decision –As opposed to a Directive  Co-decision Process –As opposed to unanimity

3 – 2002 Symantec Corporation, All Rights Reserved Has the EU been looking at IT security?  For a very long time –OECD Guidelines 1986 –SOGIS –Council Resolution on NetSec –Cybercrime Communication –Network Security Communication –eEurope 2002 and 2005 –ENISA –i2010

4 – 2002 Symantec Corporation, All Rights Reserved Does the EU have security competence? NO!! Well, maybe it gradually starts getting one Originally limited, no operational capabilities yet  Some legislation in place –Data protection Directives  Third Pillar initiatives –Anti-terrorism package –De Hague framework –Framework Decision on attacks against information systems –CoE Cybercrime Convention –Data retention  ECJ challenged the decision-making structure

5 – 2002 Symantec Corporation, All Rights Reserved Data protection  Directives 95/46/EC (generic) and 2002/58/EC (specific)  Generic Directive covers all activities related to processing of personal data  Specific Directive covers only electronic communications  Create independent authorities responsible for supervision and enforcement  Very interesting from a security standpoint

6 – 2002 Symantec Corporation, All Rights Reserved The Generic Directive  Defines data categories  Requires information collection fairly and lawfully subject to consent  Requires information security and availability for the storage of data  Requires access to data subject and rectification of the data  Forbids cross-border transfer of personal data  Determines jurisdiction

7 – 2002 Symantec Corporation, All Rights Reserved Specific Directive  Defines traffic data  Requires network security  Obliges eCommunication providers to notify users of the services for eminent threats  Obliges the destruction of traffic data if no excluded specific business is applicable  Forbids spam distribution  Leaves the door open for data retention

8 – 2002 Symantec Corporation, All Rights Reserved Data retention  Commission proposal under serious discussion among the European institutions –What is the scope of retention? –What data? –How much? –How long?  Security requirements for data holders  Diverging implementation in MS

9 – 2002 Symantec Corporation, All Rights Reserved The political landscape of data retention  Too early to say what will happen in every country  Some retention regime already to several jurisdictions  Difficult to argue against the need for security of the retained data  Depending on the implementation there will be issue of costs, technological complexity and compliance  Law enforcement authorities need the appropriate tools to do their job  Privacy law is challenged in Europe

10 – 2002 Symantec Corporation, All Rights Reserved What does this mean for Service Providers?  Service providers are faced with numerous information integrity challenges by creating huge traffic data vaults  Traffic data will need to be: –Available –Secure –Authentic beyond reasonable doubt –Constantly collected over a wide geographical region and over a variety of services –Achievable –Searchable –Retrievable/Extractable –Securely communicated upon request –Resilient –Auditable  Cost, complexity and compliance (legal and technical)

11 – 2002 Symantec Corporation, All Rights Reserved Third pillar legislation  Framework Decision on Attacks Against InfoSystems –Hacking, viruses, DoS is a crime –Uniform definitions, incriminations, sanctions  Council of Europe Convention on Cybercrime –Everything that the Framework Decision has and more… –More offences, such as misuse of devices, or childporn –Procedural rules  Preservation  Warrants –Mutual legal assistance  EU cooperation –SIS2, VIS, Eurodac

12 – 2002 Symantec Corporation, All Rights Reserved Down the pipeline  Traffic data retention has arrived –Applicable to all 25 Countries, albeit with divergences  I2010 –Expected Commission communication on network security –Initiatives expected to be announced –Review of 2002/58/EC  Revision of the legal basis as result of ECJ –Framework Decision on cybercrime is effected  ENISA gradually defining a role  CIP consultation completed

13 – 2002 Symantec Corporation, All Rights Reserved Critical Infrastructure Protection  EU Program aiming at developing policy to protect CIP across Europe  All hazards approach with a terrorism focus  Covers cross-border infrastructure  Several industries affected –Communications/Internet –Chemicals –Energy –Etc  Opportunities for funding but also for government intervention

14 – 2002 Symantec Corporation, All Rights Reserved So what is the impact?  More regulation increases –Cost –Complexity –Compliance  More harmonisation across Europe –Easier to do business cross-border –Higher standards at Member States level –A higher level of security  A lot depends on how this will cascade to Member States

15 – 2002 Symantec Corporation, All Rights Reserved What does the future hold?  Security is very high on the political agenda  Information security will continue to attract political interest as an element of the wider security package  Regulation on other topics will add new security-related rules (for example, corporate governance)  Expect more regulatory intervention from Brussels

2002 Symantec Corporation, All Rights Reserved Thank You!