Presentation is loading. Please wait.

Presentation is loading. Please wait.

About the NIS directive

Published byMolly Pearson Modified over 6 years ago

Similar presentations

Presentation on theme: "About the NIS directive"— Presentation transcript:

1 About the NIS directive
Dan Tofan | NIS ENISA Bucharest CERT-RO

2 NIS directive – the context
About the NIS Directive

3 NIS directive Scope: to achieve a high common level of security of NIS within the Union (first EU regulatory act at this level). Status: ADOPTED August Deadline: 9 May 2018 (21 months). Provisions: Improved cybersecurity capabilities at national level Increased EU-level cooperation Obligations for operators of essential services (OES) and digital service providers (DSP) Additional info and deadlines: Q&A: Press release: _en.htm About the NIS Directive

4 Improved cybersecurity capabilities at national level
adopt a national NIS strategies to include: Strategic objectives, priorities and governance framework Measures on preparedness, response and recovery Cooperation methods between the public and private sectors Awareness raising, training and education designate one or more national competent authorities. designate one or more Computer Security Incident Response Teams (CSIRTs): Monitoring incidents at a national level Providing early warning, alerts Incident reponse About the NIS Directive

5 Increased EU-level cooperation
Creates first EU Cooperation Group on NIS, for the following: Provide guidance for CSIRTs Network Assist Member States in NIS capacity building Support Member States in the identification of operators of essential services Evaluate national NIS strategies and CSIRTs (on voluntary basis) Creates a EU National CSIRTs Network, to do the following: Information sharing Coordinated incident response Cross-border incident handling About the NIS Directive

6 Obligations for MS on OES
Assess the provision of essential services taking into account sector specific, cross sectoral and cross border factors dependent on network and information systems, for the maintenance of critical societal and economic activities. Establish objective quantifiable criteria and thresholds to identify and list critical services, that will allow the identification of operators of essential services. Review and update the list regularly (at least every two years). Adopt risk management measures to identify, prevent, detect, handle and mitigate incidents. Adopt national guidelines determining the circumstances to report incidents. Notes: NIS directive applicable only to large and medium enterprises! About the NIS Directive

7 Obligations for MS on DSP
Preventing risks: Technical and organizational measures that are appropriate and proportionate to the risk. Minimum security measures. Mandatory incident notification: The measures should prevent and minimize the impact of incidents on the IT systems used to provide the services. Notes: Light touch approach to be applied for DSPs! NIS directive applicable only to large and medium enterprises! About the NIS Directive

8 The NIS Directive EU IMPLEMENTING ACTS NATIONAL LEGISLATION National
Cyber Security Strategies The NIS Directive Transport Strategic Cooperation Group Digital Service Providers Operators of Essential Services Cloud Computing Services Energy and Drinking water supply and distribution Incident Reporting EU IMPLEMENTING ACTS NATIONAL LEGISLATION Online Marketplaces Healthcare Security Requirements Search Engines In terms of incident reporting and security measures provisions these are going to be enforced at national level through EU implementing acts for DSPs and through national legislation for OES. Banking and Financial market infrastructures Tactical/Operational CSIRT Network Digital Infrastructure About the NIS Directive (DNS, IXPs, TLD)

9 NIS directive - TIMELINE
August 2016 - Entry into force February 2017 6 months Cooperation Group begins tasks August 2017 12 months Adoption of implementing on security and notification requirements for DSPs February 2018 18 months Cooperation Group establishes work programme 9 May 2018 21 months Transposition into national law November 2018 27 months Member States to identify operators of essential services May 2019 33 months (i.e. 1 year after transposition) Commission report - consistency of Member States' identification of OES May 2021 57 months (i.e. 3 years after transposition) Commission review About the NIS Directive

10 CII sectors covered by ENISA
Telecom/Internet Infrastructures Energy NCSS ALL COVERED BY THE NIS DIRECTIVE !!! Transport eHealth and Smart Hospitals Finance Perfect match of the NIS directive with ENISA’s activities!!! Even though the NIS directive does not cover the TELECOM sector, certain services offered by telecoms are covered by NIS: DNS, cloud, IXPs. In most of the cases they will have to follow both Telekom Framework and NIS directive. About the NIS Directive

11 General role of ENISA Assistance for MS and the EU Comm by providing its expertise and advice and by facilitating exchange of best practices. Assistance for MS in developing national NIS strategies. Participation within the EU NIS Cooperation Group (CG). Support EU Comm in developing security and notification requirements for ESP and DSP. Assistance for MS in developing national CSIRTs. Elaborate advices and guidelines regarding standardization in NIS security, together with MS. About the NIS Directive

12 ENISA projects 2016 Guidelines for implementing incident notification – DSPs. - Assist EC (by providing input for the implementing acts) and MS (by providing guidelines) in incident notification requirements for DSPs. Guidelines for implementing security measures – DSPs. - Assist EC (by providing input for the implementing acts) and MS (by providing guidelines) in implementing minimum security measures for DSPs. 3) Identification of OES Preparatory work on approaches taken by MS in identifying ESOs. About the NIS Directive

13 ENISA projects 2016 Security requirements for Electricity power supply operators Stock taking of existing security good practices in the energy sector across EU 5) Preparatory work for CSIRT network secretariat Guidelines for national CSIRTs on physical security, business continuity and staffing. CSIRT network maturity guidelines About the NIS Directive

14 Some facts for MS EU will go from voluntary (over 60%) incident reporting to mandatory. Almost 50% of the MS have difficulties in identifying their operators; support is needed. More than 70% consider that significant investments are needed. About the NIS Directive

15 Thank you

Download ppt "About the NIS directive"

Similar presentations

December 2005 EuP Directive : A Framework for setting eco-design requirements for energy-using products European Commission.

December 2005 EuP Directive : A Framework for setting eco-design requirements for energy-using products European Commission.
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.

The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.
Speaker: Tamar Shapatava

Speaker: Tamar Shapatava
European Investment Bank Group

European Investment Bank Group
NIS Directive and NIS Platform

NIS Directive and NIS Platform
World Meteorological Organization Working together in weather, climate and water WMO OMM WMO www.wmo.int Survey on Institutional Arrangements for NMHSs.

World Meteorological Organization Working together in weather, climate and water WMO OMM WMO Survey on Institutional Arrangements for NMHSs.
1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.
|Date 13-05-2011 faculty of law groningen centre of energy law 1 Security of Supply – EU Perspective and Legal Framework First EU-Russia Energy Law Conference,30.

|Date faculty of law groningen centre of energy law 1 Security of Supply – EU Perspective and Legal Framework First EU-Russia Energy Law Conference,30.
Isdefe ISXXXX-090000-1XX 5.10.2010 Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
The 3rd package for the internal energy market Key proposals EUROPEAN COMMISSION Heinz Hilbrecht Directorate C - Security of supply and energy markets.

The 3rd package for the internal energy market Key proposals EUROPEAN COMMISSION Heinz Hilbrecht Directorate C - Security of supply and energy markets.
JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.

JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.
13 February 2007, Brussels Electricity Infrastructure Workshop Shaun Kent, co-chair Electricity Regional Initiative TF.

13 February 2007, Brussels Electricity Infrastructure Workshop Shaun Kent, co-chair Electricity Regional Initiative TF.
Regional Policy EU Cohesion Policy 2014 – 2020 Proposals from the European Commission.

Regional Policy EU Cohesion Policy 2014 – 2020 Proposals from the European Commission.
Directorate General for Energy and Transport European Commission Directorate General for Energy and Transport Regulation of electricity markets in the.

Directorate General for Energy and Transport European Commission Directorate General for Energy and Transport Regulation of electricity markets in the.
CARTAGENA PROTOCOL ON BIOSAFETY NDA- DEAT BILATERAL MEETING 1 August 2003 Presenter : M. Mbengashe.

CARTAGENA PROTOCOL ON BIOSAFETY NDA- DEAT BILATERAL MEETING 1 August 2003 Presenter : M. Mbengashe.
European Union Agency For Network And Information Security Security and resilience for eHealth Infrastructures and Service – ENISA study Dimitra Liveri.

European Union Agency For Network And Information Security Security and resilience for eHealth Infrastructures and Service – ENISA study Dimitra Liveri.
The New EU Legislative Framework for Harmonisation Legislation for products Richard Lawson Deputy Director, Technical Regulations Sustainable Development.

The New EU Legislative Framework for Harmonisation Legislation for products Richard Lawson Deputy Director, Technical Regulations Sustainable Development.
Andrea SERVIDA European Commission DG INFSO.A3 Update on EU policy on Network and Information Security & Critical Information.

Andrea SERVIDA European Commission DG INFSO.A3 Update on EU policy on Network and Information Security & Critical Information.

Similar presentations

Ads by Google