1. Trust and Security Unit
EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final}
Trust and Security Unit
DG Communications Networks, Content and Technology
Digital Enlightenment Forum, 21 May 2014
Raffaele Di Giovanni Bezzi
Policy Officer

2. Cybersecurity The need for further EU action
Economic and social benefits of the digital world and open Internet
Risks, incidents and cybercrime on the rise
Cross-border/global issue
Need for a comprehensive EU vision
Overall aim: make use of the economic and social benefits of an open Internet, but protect from threats, vulnerabilities, risks and incidents – while promoting and protecting fundamental rights and EU core values.
In view of many different activities in the past, the Cyber Security Strategy follows the idea to have more comprehensive approach.

3. Proposal for a Directive on NIS Key elements (1/3)
Capabilities: Common NIS requirements at national level
NIS strategy
and cooperation plan
NIS competent authority
Computer Emergency
Response Team (CERT)

4. NIS exercises at EU level ENISA to assist
Proposal for a Directive on Network and Information Security (NIS) – Article 114 TFEU Key elements (2/3)
Cooperation: NIS competent authorities to cooperate within a network at EU level
Early warnings and
coordinated response
Capacity building
NIS exercises at EU level
ENISA to assist

5. Risk management and incident reporting for:
Proposal for a Directive on Network and Information Security (NIS) – Article 114 TFEU Key elements (3/3)
Risk management and incident reporting for:
Energy – electricity, gas and oil
Credit institutions and stock exchanges
Transport – air, maritime, rail
Healthcare
Internet enablers
Public administrations

6. Progress Report was adopted at Telecom Council December 5, 2013;
Proposal for NIS Directive
State of play, legislative process
Council
European Council Oct 2013: NIS essential for completion of Digital Single Market by 2015
Progress Report was adopted at Telecom Council December 5, 2013;
Telecom Council June 6, 2014
European Parliament
Lead committee IMCO (ITRE and LIBE associated) voted on draft legislative resolution in January 2014
Plenary vote took place in March 2014

7. EU Cybersecurity Strategy
The NIS Public-Private Platform
An inclusive and multi-stakeholder platform
Driven by the participants
Identify and facilitate the up-take of risk management best practices
Draw from international standards and best practices
Cross-cutting / horizontal approach
No imposition of standards
Secure ICT research and innovation

8. Consistent implementation of the NIS Directive
The NIS Public-Private Platform Organisation of work and expected outcome
Consistent implementation of the NIS Directive
WG1: risk management
WG2: information exchange and incident coordination
First set of guidance presented in April 2014
Provide input to the secure ICT R&I agenda at EU, national and industry level
WG3 on secure ICT research and innovation
Will produce view on secure ICT landscape and strategic research agenda in 2014

9. The NIS Public-Private Platform State of Play and next steps
First plenary meeting in June 2013
Second plenary meeting in December 2013
Third plenary meeting 30 April 2014
Over 200 organisations represented

10. Awareness raising: common responsibility
EU Cybersecurity Strategy
Achieving cyber resilience
Awareness raising: common responsibility
Cybersecurity month – October 2014
Cybersecurity championship – ENISA guidelines Q4 2014
NIS education and training
Roadmap for NIS driving licence – ENISA roadmap and self-assessment pilot in 2014

11. Thanks! 11

12. Useful links
EU Cybersecurity Strategy High-Level Conference 2014:
Trust and Security:
Cybersecurity:
Digital Futures:
Help up improve our analysis and measurement:

13. Useful links
Commission proposal for a Directive on Network and Information Security:
Impact Assessment:
Cybersecurity Strategy of the European Union:
Press release:
MEMO: