European Union Agency for Network and Information Security www.enisa.europa.eu
European priorities in
information security...
European Union Agency for Network and Information Security www.enisa.europa.eu 2
EU Cubersecurity Strategy - essential poi...
European Union Agency for Network and Information Security www.enisa.europa.eu 3
Economic Arguments
• By completing the Di...
European Union Agency for Network and Information Security www.enisa.europa.eu 4
The Principles
• The strategy proposes ke...
European Union Agency for Network and Information Security www.enisa.europa.eu 5
Strategic Priorities
• The Five strategic...
European Union Agency for Network and Information Security www.enisa.europa.eu 6
Achieving Cyber Resilience
• Introduces E...
European Union Agency for Network and Information Security www.enisa.europa.eu 7
The Legislative Proposal
• Key points:
– ...
European Union Agency for Network and Information Security www.enisa.europa.eu 8
Achieving Cyber Resilience (1 of 2)
• In ...
European Union Agency for Network and Information Security www.enisa.europa.eu 9
Achieving Cyber Resilience (2 of 2)
• Spe...
European Union Agency for Network and Information Security www.enisa.europa.eu 10
European Cybersecurity Month 2013
http:/...
European Union Agency for Network and Information Security www.enisa.europa.eu 11
Developing Resources
• There is a risk t...
European Union Agency for Network and Information Security www.enisa.europa.eu 12
Single Market for Products
• A high leve...
European Union Agency for Network and Information Security www.enisa.europa.eu 13
R&D and Innovation
• R&D should fill tec...
European Union Agency for Network and Information Security www.enisa.europa.eu 14
Developing Resources
• The Commission as...
European Union Agency for Network and Information Security www.enisa.europa.eu 15
Further Involvement of ENISA
• Although ...
European Union Agency for Network and Information Security www.enisa.europa.eu 16
Concluding Remarks
• Complex ICT systems...
www.enisa.europa.eu
Follow ENISA:
European Union Agency for Network and Information Security
Thank you.
Graeme Cooper, Hea...
Upcoming SlideShare
Loading in...5
×

European priorities in information security

282

Published on

© European Union Agency for Network and Information Security (ENISA), 2013
http://enisa.europa.eu

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
282
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

European priorities in information security

  1. 1. European Union Agency for Network and Information Security www.enisa.europa.eu European priorities in information security Graeme Cooper Head of Public Affairs Unit, ENISA 12th International InfoSec and Data Storage Conference, 26th September 2013, Sheraton Hotel, Sofia, Bulgaria
  2. 2. European Union Agency for Network and Information Security www.enisa.europa.eu 2 EU Cubersecurity Strategy - essential points “An Open, Safe and Secure Cyberspace” • The norms, principles and values that the EU upholds offline, should also apply online. • Cyberspace must be correctly protected: – Governments have a significant role in ensuring a free and safe cyberspace. – The private sector owns and operates significant parts of cyberspace and has a leading role. • Outside the EU, governments may misuse cyberspace for surveillance and control. – The EU can counter this situation by promoting freedom online and ensuring respect of fundamental rights online.
  3. 3. European Union Agency for Network and Information Security www.enisa.europa.eu 3 Economic Arguments • By completing the Digital Single Market, Europe could boost its GDP by almost €500 billion a year. • For new connected technologies to take off citizens will need trust and confidence. – Currently, Europeans are not confident in their ability to use the Internet for banking or purchases. – They are also reluctant to disclose personal information. – Across the EU, more than one in ten Internet users has been a victim of online fraud. • The EU economy is already affected by cybercrime activities, economic espionage and state-sponsored activities are new threats.
  4. 4. European Union Agency for Network and Information Security www.enisa.europa.eu 4 The Principles • The strategy proposes key principles to guide the EU and international approach: – The EU's core values apply as much in the digital as in the physical world. – Fundamental rights, freedom of expression, personal data and privacy should be protected. – The Internet should be accessible to all citizens. – The digital world must be subject to democratic and efficient multi-stakeholder governance. – Ensuring security is a shared responsibility.
  5. 5. European Union Agency for Network and Information Security www.enisa.europa.eu 5 Strategic Priorities • The Five strategic objectives of the strategy are as follows: – Achieving cyber resilience – Drastically reducing cybercrime – Developing cyberdefence policy and capabilities related to the Common Security and Defence Policy (CSDP) – Developing the industrial and technological resources for cybersecurity – Establishing a coherent international cyberspace policy for the European Union and promoting core EU values ENISA explicitly called upon.
  6. 6. European Union Agency for Network and Information Security www.enisa.europa.eu 6 Achieving Cyber Resilience • Introduces ENISA and explains the policy on NIS. • Makes reference to articles 13a & 13b. • Introduces the legislative proposal. • Stresses the importance of the following: – The establishment of a cybersecurity culture to enhance business opportunities and competitiveness. – Reporting significant incidents to the national NIS competent authorities. – Exchange of information between National NIS competent authorities and other regulatory bodies. – Recognises that exercises at EU level are essential to stimulate cooperation among the MS and the private sector.
  7. 7. European Union Agency for Network and Information Security www.enisa.europa.eu 7 The Legislative Proposal • Key points: – Will help establish common minimum requirements for NIS at national level. – Requires Member States to designate national competent authorities for NIS, set up a competent CERT and adopt a national NIS strategy and a national NIS cooperation plan. – Explains the role of the CERT EU regarding the EU institutions, agencies and bodies. – Requires the establishment of coordinated prevention, detection, mitigation and response mechanisms. – Requires the private sector to develop, at a technical level, its own cyber resilience capacities and share best practices across sectors.
  8. 8. European Union Agency for Network and Information Security www.enisa.europa.eu 8 Achieving Cyber Resilience (1 of 2) • In the area of cyber resilience, the EC asks ENISA to: – Assist the Member States in developing strong national cyber resilience capabilities. – Examine in 2013 the feasibility of Computer Security Incident Response Team(s) for Industrial Control Systems (ICS-CSIRTs) for the EU. – Continue supporting the Member States and the EU institutions in carrying out regular pan-European cyber incident exercises.
  9. 9. European Union Agency for Network and Information Security www.enisa.europa.eu 9 Achieving Cyber Resilience (2 of 2) • Specifically in terms of raising awareness, the Commission asks ENISA to: – Propose in 2013 a roadmap for a "Network and Information Security driving licence". – Support a cybersecurity championship in 2014, where university students will compete in proposing NIS solutions.
  10. 10. European Union Agency for Network and Information Security www.enisa.europa.eu 10 European Cybersecurity Month 2013 http://cybersecuritymonth.eu/
  11. 11. European Union Agency for Network and Information Security www.enisa.europa.eu 11 Developing Resources • There is a risk that Europe becomes excessively dependent on ICT and on security solutions developed outside its frontiers. • Hardware and software components used in critical services and infrastructure must be trustworthy, secure and guarantee the protection of personal data. • In order to mitigate this risk, the strategy proposes two action areas: – Promoting a Single Market for cybersecurity products – Fostering R&D investments and innovation
  12. 12. European Union Agency for Network and Information Security www.enisa.europa.eu 12 Single Market for Products • A high level of security can only be ensured if all in the value chain make security a priority. • The strategy aims to increase cooperation and transparency about security in ICT products: – It calls for the establishment of a platform to identify good cybersecurity practices across the value chain. • COM will support the development of security standards and assist with EU-wide voluntary certification schemes. – Cloud computing and data protection. – critical economic sectors - Industrial Control Systems, energy and transport infrastructure.
  13. 13. European Union Agency for Network and Information Security www.enisa.europa.eu 13 R&D and Innovation • R&D should fill technology gaps in ICT security and prepare for the next generation of security. • The Horizon 2020 Framework Programme for Research and Innovation will be launched in 2014: – There are specific objectives for trustworthy ICT as well as for combating cyber-crime. • Specific attention will be drawn at EU level to optimising and better coordinating various funding programmes
  14. 14. European Union Agency for Network and Information Security www.enisa.europa.eu 14 Developing Resources • The Commission asks ENISA to: – Develop, in cooperation with relevant stakeholders, technical guidelines and recommendations for the adoption of NIS standards and good practices in the public and private sectors. – Collaborate with Europol to identify emerging trends and needs in view of evolving cybercrime and cybersecurity patterns so as to develop adequate digital forensic tools and technologies.
  15. 15. European Union Agency for Network and Information Security www.enisa.europa.eu 15 Further Involvement of ENISA • Although ENISA is not explicitly mentioned in the other strategic priorities, there is clearly a role for the Agency. • The EU Internal Security Strategy explains how ENISA should collaborate with the recently established EU Cyber Crime Centre. • We have a role in creating a strong culture of NIS throughout the EU. • This can only be achieved by bringing communities together and ensuring that information on NIS is shared between such communities in an appropriate manner.
  16. 16. European Union Agency for Network and Information Security www.enisa.europa.eu 16 Concluding Remarks • Complex ICT systems keep our economies running in key sectors such as finance, health, energy, etc. • Many business models are built on the uninterrupted availability of the Internet and the smooth functioning of information systems • EC Recognises the importance of ICT in contributing to EUs economic growth and its role as a critical resource for all economic sectors • ENISA is already well established and contributing in many of the areas described in the EU proposal for an EU cybersecurity strategy.
  17. 17. www.enisa.europa.eu Follow ENISA: European Union Agency for Network and Information Security Thank you. Graeme Cooper, Head of Public Affairs Unit, ENISA ENISA European Union Agency for Network and Information Security Science and Technology Park of Crete (ITE) Vassilika Vouton, 700 13, Heraklion, Greece Athens Office 1 Vass. Sofias & Meg. Alexandrou Marousi 151 24, Athens, Greece

×