EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment Forum, 21 May 2014 Raffaele Di Giovanni Bezzi Policy Officer Trust and Security Unit DG Communications Networks, Content and Technology
Cybersecurity The need for further EU action Economic and social benefits of the digital world and open Internet Risks, incidents and cybercrime on the rise Cross-border/global issue Need for a comprehensive EU vision 2
Capabilities: Common NIS requirements at national level NIS strategy and cooperation plan NIS competent authority Computer Emergency Response Team (CERT) Proposal for a Directive on NIS Key elements (1/3) 3
Cooperation: NIS competent authorities to cooperate within a network at EU level Early warnings and coordinated response Capacity building NIS exercises at EU level ENISA to assist Proposal for a Directive on Network and Information Security (NIS) – Article 114 TFEU Key elements (2/3) 4
Risk management and incident reporting for: Energy – electricity, gas and oil Credit institutions and stock exchanges Transport – air, maritime, rail Healthcare Internet enablers Public administrations Proposal for a Directive on Network and Information Security (NIS) – Article 114 TFEU Key elements (3/3) 5
Proposal for NIS Directive State of play, legislative process Council European Council Oct 2013: NIS essential for completion of Digital Single Market by 2015 Progress Report was adopted at Telecom Council December 5, 2013; Telecom Council June 6, 2014 European Parliament Lead committee IMCO (ITRE and LIBE associated) voted on draft legislative resolution in January 2014 Plenary vote took place in March 2014
EU Cybersecurity Strategy The NIS Public-Private Platform An inclusive and multi-stakeholder platform Driven by the participants Identify and facilitate the up-take of risk management best practices Draw from international standards and best practices Cross-cutting / horizontal approach No imposition of standards Secure ICT research and innovation
The NIS Public-Private Platform Organisation of work and expected outcome Consistent implementation of the NIS Directive WG1: risk management WG2: information exchange and incident coordination First set of guidance presented in April 2014 Provide input to the secure ICT R&I agenda at EU, national and industry level WG3 on secure ICT research and innovation Will produce view on secure ICT landscape and strategic research agenda in 2014
The NIS Public-Private Platform State of Play and next steps First plenary meeting in June 2013 Second plenary meeting in December 2013 Third plenary meeting 30 April 2014 Over 200 organisations represented
EU Cybersecurity Strategy Achieving cyber resilience Awareness raising: common responsibility Cybersecurity month – October 2014 Cybersecurity championship – ENISA guidelines Q NIS education and training Roadmap for NIS driving licence – ENISA roadmap and self-assessment pilot in
Thanks! 11
EU Cybersecurity Strategy High-Level Conference 2014: cybersecurity-strategy-high-level-conference-0 cybersecurity-strategy-high-level-conference-0 Trust and Security: agenda/en/our-goals/pillar-iii-trust-securityhttp://ec.europa.eu/digital- agenda/en/our-goals/pillar-iii-trust-security Cybersecurity: agenda/en/cybersecurityhttp://ec.europa.eu/digital- agenda/en/cybersecurity Digital Futures: agenda/en/digital-futures-objectives-and-scopehttps://ec.europa.eu/digital- agenda/en/digital-futures-objectives-and-scope Help up improve our analysis and measurement: analysis-measurement analysis-measurement Useful links 12
Commission proposal for a Directive on Network and Information Security: cument.cfm?doc_id= cument.cfm?doc_id=1666 Impact Assessment: cument.cfm?doc_id= cument.cfm?doc_id=1669 Cybersecurity Strategy of the European Union: cument.cfm?doc_id= cument.cfm?doc_id=1667 Press release: 94_en.htmhttp://europa.eu/rapid/press-release_IP _en.htm MEMO: 71_en.htmhttp://europa.eu/rapid/press-release_MEMO _en.htm Useful links 13