DG CONNECT NIPS Study – CONSULTATION CONFERENCE 13 November 2013

Slides:

Advertisements

Similar presentations

ICT research priorities and recommendations for strategy development in the WBC Ulrike Kunze / PT-DLR, Germany Consultation session on recommendations.

Advertisements

Bring every citizen, school, business and administration on-line - quickly create a digitally literate and entrepreneurial Europe ensure an inclusive information.

A centre of expertise in data curation and preservation DCC Workshop: Curating sApril 24 – 25, 2006 Funded by: This work is licensed under the Creative.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Architecture Decision Group Group Organization & Processes April 7, 2015 | Tuesday.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Public Procurement in Albania in the framework of recent reforms PUBLIC PROCUREMENT AGENCY 1.

New technologies and disaster information resources Part 2. The right information, at the right time, the right way.

PenalNet Secure e-communications in Criminal Law Practice Antonio Ruiz-Giménez de Aguilar, CEO of PenalNet.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Mark van Stiphout – DG TREN – C2 Internal market for electricity and gas The role of TSOs in the third package EUROPEAN COMMISSION GIE conference 7 May.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

First Practice - Information Security Management System Implementation and ISO Certification.

Session 3 – Information Security Policies

Management of the Internet

Internal Auditing and Outsourcing

Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Strengthening the Strategic Cooperation between the EU and Western Balkan Region in the field of ICT Research Regional ICT R&D priorities, Jelena Pantelic,

Chinese-European Workshop on Digital Preservation, Beijing July 14 – Network of Expertise in Digital Preservation 1 Trusted Digital Repositories,

Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.

Protective Measures at NATO Headquarters Ian Davis Head, Information Systems Service NATO Headquarters Brussels, Belgium.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

ETF Conference, Building & Financing European Transport Infrastructure, Brussels, 23rd Oct Building & Financing European Transport Infrastructures.

Copyright © 2004 Pearson Education, Inc. Slide 5-1 Securing Channels of Communication Secure Sockets Layer (SSL): Most common form of securing channels.

6 April Research for a secure Europe Christiane BERNARD European Commission - DG Enterprise and Industry Athens.

Information Sharing Challenges, Trends and Opportunities

Judicial Cooperation in Civil and Commercial Matters Council Regulation (EC) No 1206/2001 of 28th May 2001 And Regulation (EC) No 1393/2007 of the European.

Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.

Technical Policy and Standards Andy Gorton – Senior Architect: Institutional Networks.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Identifying Application Impacts on Network Design Designing and Supporting.

process information Coordination of National Statistical Systems Seminar on the Implementation of Fundamental Principles Konrad Pesendorfer.

Environmental Management System Definitions

Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Deregulation to the Economy and removal of Administrative Barriers, Russian Federation EuropAid/114008/C/SV/RU Setting up of national accreditation system.

ICT-C Meeting, 25 July 2007 Jacques Bus Head of Unit, INFSO-F5 “Security” ICT and Security FP7 Themes Joint Call on Critical Infrastructure Protection.

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,

Eurostat ESS Security and Secure exchange of information Working Group (E4SWG) ITDG – Item 4 Security progress and issues Pascal Jacques ESTAT B0 Local.

ISSS/LORIS 2003 Hradec Kralove, March 24, European Cross-border Cooperation in eGovernment: the Role of the IDA Programme Gzim Ocakoglu European.

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

European Union Agency For Network And Information Security Security and resilience for eHealth Infrastructures and Service – ENISA study Dimitra Liveri.

Rafael Rodríguez Clemente. Coordinator* *Estación Biológica de Doñana, CSIC. Sevilla (Spain) MoCo Meeting, Casablanca (Morocco)

Internet Engineering Course Outline. Internet Engineering Course; Sharif University of Technology Aims and Contents To attain necessary skills for handling.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,

CISE TESTA Introduction November TESTA Introduction 2 TESTA – Trans European Services for Telematics between Administrations – is a data communication.

19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.

1 This project is supported by the European Union 3 rd MEDREG-IMME Seminar Reform and Opening of Maghreb Electricity Markets September 2013 MRA (Malta)

Eurostat Sharing data validation services Item 5.1 of the agenda.

Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.

18 January 2006 Copenhagen ERO - TISPAN WG4 meeting

INSPIRE and the role of Spatial Data Interest Communities (SDIC)

Unit 36: Internet Server Management

Paul Woods Chair, MITIGATION: Ensuring we procure cloud services taking into account of the risks involved Paul Woods Chair, ISNorthEast.

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

IS4680 Security Auditing for Compliance

IS4680 Security Auditing for Compliance

IS4680 Security Auditing for Compliance

TRAde Control and Expert System

European PPP Expertise Centre (EPEC)

Global One Communications

Presentation transcript:

DG CONNECT NIPS Study – CONSULTATION CONFERENCE 13 November 2013 TESTA NG Testa new generation a trans-European perspective DG CONNECT NIPS Study – CONSULTATION CONFERENCE 13 November 2013

Agenda Mission Challenges Experiences and concerns Collaborative process TESTA NG

Mission Facilitate cooperation between public administrations in various policy areas Consolidate existing networks by providing a secure, reliable and flexible communication service layer

Mission TESTA was born (Trans European Services for Telematics between Administrations)is a communication platform to exchange electronic data between European and Member States administrations in a secure, reliable and efficient way

Moving up the value chain

Challenges EU is a mix of different cultures and a different country specific handling of information makes a common agreement on classification of information difficult Different security approaches in EU counties push at EU level to apply the most strict security measures Technical security implementations are often driven by political sensitivity and not by risk assessment and risk management

Experiences and concerns Security = End to end TRUST By implementing measures and policies By auditing By having agreements Bilateral Legal agreements Concern of legal requirements with regard to the handling of EU Classified Information (EUCI) with Member States, Third countries and International organizations

Experiences and concerns: Security accreditation Step 1. Initial Demand TSO (Technical System Owner) sends a formal request to Commission SAA (Security Accreditation Authority) Creation of SAP (Security Accreditation Panel) Step 2. Pre-Certification TSO provides SSRS, SecOPs, Crypto documents (procedures) to SAP Accreditation Panel approves SSRS Step 3. Evaluation - Certification SAP assesses the conformity between deployed system and documents ( SSRS, SecOPs, …) SAP produces statement of conformity (+ residual risks) Step 4. Accreditation SAP takes decision on accreditation and informs Commission SAA Commission SAA notifies the CSPAG (Commission security policy advisory Group) Step 5. LDCP accreditation (statement of compliance by NSA)

Experiences and concerns: Security accreditation “Accrediting networks (or clouds) is neither necessary nor sufficient for the (obligatory) accreditation of the classified information system which uses such a network as transport layer” (dixit HR/DS)

Experiences and concerns Dedicated and/or public network? Availability Today a public network like the Internet cannot give the contractual availability guarantee. Some applications like Schengen Information system require high availability. This results in commercial agreements and redundant infrastructure.

Experiences and concerns Dedicated and/or public network? Security Although theoretically confidentiality and integrity can be achieved via the appropriate mechanisms over a public network, in practice application owners impose the implantation of private networks.

TESTA NG: Collaborative process TESTA is by concept based on a collaborative approach Consequences: Agreements like MoU, Statement of compliance etc… Setup of different working groups to prepare these documents (TESTA expert groups; Security Accreditation Panel) Difficulties: Achieve common agreement on the content of the agreements Signature at the same organisational level Lessons learned To have clear policies and measures understood and accepted by everybody before proceeding

TESTA NG: Requirements survey Information is requested to be protected from source to destination (End to End) From a security standpoint, the use of internet as an alternative transport network would be acceptable for a majority of the stakeholders. Data is often misclassified to be able to use sTESTA Additional security levels and services are highly desired. (security requirements in the future will be more stringent for some users). These additional security services should be on top of the current network security architecture. The usage of sTESTA is sometimes limited by the lack of common security policies and standards among countries.

TESTA NG: Requirements survey

TESTA NG: EuroDomain EuroDomain EU Institutions EFTA countries Security Operation centre EU Institutions EFTA countries EuroDomain EU Member States EU Agencies Central Services Ministries Ministries Restricted access Internet VPN National Ministries or agency directly connected

TESTA NG: EuroDomain Security based on risk assessment and management MPLS-based network Dedicated IP addressing IPSEC encryption Firewalling at all entry points IDS/IPS at all access points Dedicated security operations centre + Backup Dedicated central services domain + Backup DNS, mail relay, PKI, collaboration tool, web server, ftp … Tested BCP

91 applications on EuroDomain Criminal Records System Prüm FIUnet CECIS ECB EURODAC EESSI SIGL Tachonet EURAMIS

TESTA NG: multiple clouds 97 sites 58 sites TESTA NG/ EuroDomain TESTA NG/ VIS TESTA NG SOC TESTA NG/ SIS II 47 (44+3) sites TESTA NG/ EUROPOL 50 sites (40+10) TESTA NG/ Council 30 sites

Questions pieter.wellens@ec.europa.eu aldo.grech@ec.europa.eu