Presentation is loading. Please wait.

Presentation is loading. Please wait.

French Port Cybersecurity Initiative

Published byMarilynn Ann Alexander Modified over 6 years ago

Similar presentations

Presentation on theme: "French Port Cybersecurity Initiative"— Presentation transcript:

1 French Port Cybersecurity Initiative
PROTECT Group Rotterdam 23, March 2017 Jerome Besancenot

2 MPL Principles Military Program Law (MPL)
Item 22 –December 18, 2013 : Measures to strengthen the security of Vital Operators’IS in the objective to protect vital national infrastructures from cyber attacks. article 22 : On behalf of the Prime Minister, Security on Information System Agency (ANSSI) may impose security measures and controls on VO information systems. In addition, Article 22 makes it obligatory to declare incidents detected by VOs on their information systems.

3 MPL WorkGroups During the year 2015, ANSSI organized by sectors working groups especially involving maritime ports and river organizations Specify the scope of ISVI (Information Systems of Vital Importance) Systems that could adversely affect the war or economic potential, security or survivability of the Nation Specify the timeframe and expected timeframe for strengthening SIIV measures Evaluate with ports the costs and difficulties of the project Orders specifying the law are issued in August with a date of application from October 1, 2016

4 Order of August 11, 2016 Chapter 1: Security rules
Chapter 2: ISVIs Declaration (3 months) Chapter 3: Security Incident Reporting (1 year) Chapter 4: Final provisions -> contact details of the person mentioned in Article R of the Defense Code (3 months)

5 MPL Main rules Information Systems Security Policy
Rule relating to security approval Rule on cartography Rule on safekeeping Logging rule Rule Relating to the Correlation and Analysis of logs Detection Rule Rule on the handling of security incidents Alert processing rule Crisis management rule Identification rule Authentication rule Access Rights Rule Administrative Account Rules Rule relating to administrative information systems Rule on network partitioning Filtering rule Rule for remote access Rule relating to the installation of services and equipment Rule on indicators

6 cybersecurity incidents
Planning : main steps Governance of cybersecurity Protecting systems Managing cybersecurity incidents Homologation of our ISVI y1 y2 y3 Order enforcement Checking our ISVI Risk management

7 NIS Directive DIRECTIVE (EU) 2016/1148 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning measures for a high common level of security of network and information systems across the Union adopted by the European Parliament and the Council on 6 July 2016 will apply in the Union Member States from 10 May 2018 Implementation evaluation will be done every 2 years

8 Operator of essential services
Legal definition of the essential services operator (OSE). It is any "public or private entity" in one of the sectors or sub-sectors described below, which meets the three criteria for identifying Article 5 (2) of the Directive, namely: The entity provides a service that is essential to maintaining critical social and economic activities; The provision of this service depends on networks and information systems; An incident would have a significant disruptive effect on the provision of said service.

9 The sectors or sub-sectors concerned
The sectors in which operators of essential services provide services dependent on networks and information systems number 7. These are the energy sectors, transport, banks, financial market infrastructures , Health, the supply and distribution of drinking water, and digital infrastructure. There are two sub-sectors, energy (sub-sectors of electricity, oil and gas) and transport (sub-sectors of air transport, rail transport, water transport, truck transport). France has identified 12 sectors, as well as several sub-sectors.

10 Water transport sector
(10) In the water transport sector, security requirements for companies, ships, port facilities, ports and vessel traffic services under Union legal acts cover all operations, including radio and telecommunication systems, computer systems and networks. Part of the mandatory procedures to be followed includes the reporting of all incidents and should therefore be considered as lex specialis, in so far as those requirements are at least equivalent to the corresponding provisions of this Directive. (11) When identifying operators in the water transport sector, Member States should take into account existing and future international codes and guidelines developed in particular by the International Maritime organisation, with a view to providing individual maritime operators with a coherent approach.

11 Minimum content of any national strategy of a MS :
The objectives and priorities of the national strategy; The governance framework to achieve the objectives and priorities and the roles and responsibilities of public bodies and private actors; The inventory of preparedness, response and recovery measures including measures of cooperation between public and private actors; An overview of education programs and, above all, awareness and training in relation to the objectives of the national strategy; An overview of research and development plans; A risk assessment plan; A list of actors responsible for implementing the national strategy.

12 Group of strategy cooperation between MS
Establishment of a group for strategic cooperation and exchange of information between Member States of the Establishment of computer security incident response centers (CSIRTs) and the CSIRT network National authorities and single point of contact The development of security and incident reporting requirements for operators of essential services Establishing security and incident reporting requirements for digital service providers The impact of the NIS Directive on our current legal framework

13 Conclusion & Proposal Conclusion
PCS, CCS, MSW are mainly concerned by such European strategy IMO matters Increasing concerns related to ships and ports, MSC & FAL Committees probably should converge on a global issue Proposal for PROTECT Data sensitivity identification How to secure in an harmonized way EDI exchanges BtoG, GtoG SW interoperability To build a european Protect « Cyber circle » Recognized Think Tank Possibility to arrange a meeting with Cyber community The future begins immediatly After the end of this sentence

Download ppt "French Port Cybersecurity Initiative"

Similar presentations

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Transport EU Maritime Security Policy and legislation Christian DUPONT Deputy Head of Unit for Maritime & Land Transport Security DG Mobility and Transport.

Transport EU Maritime Security Policy and legislation Christian DUPONT Deputy Head of Unit for Maritime & Land Transport Security DG Mobility and Transport.
SECURITY RESEARCH SEVENTH FRAMEWORK PROGRAMME 2007-2013 Mark Stroud Home Office Scientific Development Branch UK Security Programme Committee Member.

SECURITY RESEARCH SEVENTH FRAMEWORK PROGRAMME Mark Stroud Home Office Scientific Development Branch UK Security Programme Committee Member.
Identification of Critical Infrastructures in the Mediterranean Sea context and communications’ criticalities Irene Fiorucci Cesidio Bianchi Istituto Nazionale.

Identification of Critical Infrastructures in the Mediterranean Sea context and communications’ criticalities Irene Fiorucci Cesidio Bianchi Istituto Nazionale.
The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.

The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.
Speaker: Tamar Shapatava

Speaker: Tamar Shapatava
An Ocean of Opportunity: An integrated maritime policy for the EU 1 Places of refuge: General legal framework and developments within IMO and the EU Alexandros.

An Ocean of Opportunity: An integrated maritime policy for the EU 1 Places of refuge: General legal framework and developments within IMO and the EU Alexandros.
David Halldearn, ERGEG Conference on Implementing the 3 rd Package 11 th December 2008 Implementating the 3rd Package: An ERGEG Consultation paper.

David Halldearn, ERGEG Conference on Implementing the 3 rd Package 11 th December 2008 Implementating the 3rd Package: An ERGEG Consultation paper.
IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.

IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.
1 “Summary results of the comparative survey on the transposition of Directive 2009/81” Col. Paolo LIZZA IT MoD SGD-DNA Rome, 12 july 2011”

1 “Summary results of the comparative survey on the transposition of Directive 2009/81” Col. Paolo LIZZA IT MoD SGD-DNA Rome, 12 july 2011”
Ship Recycling Facility Management System IMO Guideline A.962

Ship Recycling Facility Management System IMO Guideline A.962
IAEA International Atomic Energy Agency Overview of legal framework Regional Workshop - School for Drafting Regulations 3-14 November 2014 Abdelmadjid.

IAEA International Atomic Energy Agency Overview of legal framework Regional Workshop - School for Drafting Regulations 3-14 November 2014 Abdelmadjid.
Isdefe ISXXXX-090000-1XX 5.10.2010 Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.

Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.
1 ACCREDITATION – BG situation 8 - 10 April 2014, Prague STATE AGENCY STATE AGENCY FOR METROLOGICAL AND TECHNICAL SURVEILLANCE TECHNICAL SURVEILLANCE 1.

1 ACCREDITATION – BG situation April 2014, Prague STATE AGENCY STATE AGENCY FOR METROLOGICAL AND TECHNICAL SURVEILLANCE TECHNICAL SURVEILLANCE 1.
Environmental Management System Definitions

Environmental Management System Definitions
JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.

JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.
THE REPUBLIC OF SLOVENIA MINISTRY OF HIGHER EDUCATION, SCIENCE AND TECHNOLOGY e: Kotnikova 38, 1000 Ljubljana p: 01 478.

THE REPUBLIC OF SLOVENIA MINISTRY OF HIGHER EDUCATION, SCIENCE AND TECHNOLOGY e: Kotnikova 38, 1000 Ljubljana p:
THE FINAL ACTS OF THE ITU PLENIPOTENTIARY CONFERENCE, MARRAKESH, MOROCCO 2002 PRESENTATION TO SELECT COMMITTEE ON LABOUR AND PUBLIC ENTERPRISES.

THE FINAL ACTS OF THE ITU PLENIPOTENTIARY CONFERENCE, MARRAKESH, MOROCCO 2002 PRESENTATION TO SELECT COMMITTEE ON LABOUR AND PUBLIC ENTERPRISES.

Similar presentations

Ads by Google