Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Alejandro Pinto - EC Policy Context 16 Sept 2011
Alejandro Pinto - EC Policy Context 16 Sept 2011
2004: Establishment of the European Network and Information Security Agency - ENISA 2006: European Commission Strategy for a Secure Information Society COM(2006)251 2006: COM on European Programme for Critical Infrastructure Protection 2007: Council Resolution on a Strategy for a Secure Information Society in Europe [2007/C 68/01] 2008: Directive on Identification and Designation of European Critical Infrastructures Mar 2009: COM on Action Plan on Critical Information Infrastructure Protection - CIIP Dec 2009: Council resolution on a collaborative European approach to NIS [2009/C 321/01] May 2010: Adoption of the European Digital Agenda Mar 2011: COM on CIIP: achievements and next steps April 2011: COM on SmartGrids:From innovation to deployment
May 2010, Digital Agenda 20 November 2010: Establishment of the EU-U.S. Working Group on Cybersecurity and Cybercrime EU-U.S. Summit Lisbon 22 November 2010: Adoption of EU Internal Security Strategy
6. 7.
32 Cooperation on cybersecurity
33 EU cybersecurity preparedness
30 EU platform by 2012
Expert Group
INFSO CdF
HOME CdF
Others COM CdF Commission action Member States action
Protect Europe from large scale cyber attacks and disruptions Promote security and resilience culture (first line of defence) & strategy Tackle cyber attacks & disruptions from a systemic perspective Enhance the CIIP preparedness and response capability in EU Promote the adoption of adequate and consistent levels of preventive, detection, emergency and recovery measures Foster International cooperation, in particular on Internet stability and resilience Build on national and private sector initiatives Engage public and private sectors Adopt an all-hazards approach Be multilateral, open and all inclusive
Means
Approach
Communication on CIIP Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience - COM(2009)149
CIIP COM(2011)163
CIIP COM(2011)163
Threats and risks exploitation purposes (e.g. GhostNet, ETS, recent attacks against government systems and EU Institutions) disruption purposes (e.g. Conficker, StuxNet, submarine cable breaks) destruction purposes. This is a scenario that has not yet materialised but, given the increasing pervasiveness of ICT in Critical Infrastructures (e.g. smart grids and water systems), it cannot be ruled out for the years to come
Achievements and next steps: towards global cyber-security EU and the global context
A purely European approach is not sufficient and needs to be embedded into a global coordination strategy
The DAE calls for the cooperation of relevant actors [] to be organised at global level to be effectively able to fight and mitigate security threats" and sets out the goal to work with global stakeholders notably to strengthen global risk management in the digital and in the physical sphere and conduct internationally coordinated targeted actions against computer-based crime and security attacks
CIIP COM(2011)163
Achievements and next steps: towards global cyber-security Preparedness and prevention (1/3) European Forum for Member States (EFMS)
Achievements
- Progress on ICT criteria for ECIs, identification of priorities for Internet resilience and stability, exchange of policy practises.
CIIP COM(2011)163
Next steps
- To finalise discussion on ICT criteria for ECIs; - To be further involved in discussions on International priorities on security and resilience (e.g. EU-US WG); - To focus on CERTs cooperation, security incentives, driving pan-European exercises.
CIIP COM(2011)163
CIIP COM(2011)163
Achievements and next steps: towards global cyber-security Detection and response European Information Sharing and Alert System (EISAS)
Achievements - FISHA and NEISAS currently producing results - ENISA devised a high-level roadmap for development of EISAS by 2013 Next steps - 2011: ENISA to support MS by developing basic services needed for national ISAS - 2012: ENISA to develop interoperability services
CIIP COM(2011)163
Achievements and next steps: towards global cyber-security Mitigation and Recovery (1/2) National contingency planning and exercises
Achievements - To date, 12 MS* have carried out cyber-exercises at national level Next steps - ENISA to continue support MS in developing national contingency plans
* Based on information provided to ENISA by MS
CIIP COM(2011)163
Achievements and next steps: towards global cyber-security Mitigation and Recovery (2/2) Pan-European exercise on large-scale network security incidents
Achievements - Cyber Europe 2010 carried out on 4th November 2010 Next steps - Eurocybex project - MS to work on future pan-European exercise to take place in 2012 - ENISA to work with MS on a EU cyber-incident contingency plan by 2012
CIIP COM(2011)163
Sector specific criteria for identifying European Critical Infrastructures in the ICT sector
Achievements - Development within EFMS of draft criteria of fixed/mobile communications and the internet Next steps - EFMS to complete discussions by 2011 - EC to discuss with MS on ICT-sector elements for review of Directive 2008/114/EC
Expert Group on Security and Resilience of communication networks and information systems for the Smart Grid The European Commission (EC), with the support of the European Network and Information Security Agency (ENISA), convened an Expert Group for:
I.
Better understand of the views and objectives of the private and public sectors on the ICT security and resilience challenges for the smart grids.
Objective 1
Identify European priority areas for which action should be undertaken to
address the security and resilience of communication networks and information systems for Smart Grids. The Expert Group is also expected to define recommendations on how to progress on each priority area at European level.
The Expert Group will: Identify key strategic and high level requirements
Sub-Working Group 1: ICT security and resilience of Smart Grids: High Level Risk Analysis and Security Requirements Objective: Identify and explore policy issues related to risk analysis; and formulation of high level security requirements and measures to reduce risk levels to acceptable levels and to improve the resilience of the network. Policy issues will include (but not limited to): objectives of risk analysis, enumeration of levels at which stakeholders should conduct risk analysis, process for prioritizing risk, categories of security requirements, attributes of security measures, and phases and stages for risk mitigation.
Sub-Working Group 2: Challenges and recommendations for ICT security and resilience of Smart Grids Objective: To identify European challenges of ICT security and resilience of Smart Grids and propose actions to be undertaken. Challenges for securing the communication networks and information systems that will be central to the performance and availability of the Smart Grid. Exploring and setting the road ahead to address these challenges, and indentify the European stakeholders which are affected by these challenges and therefore should be involved in the development of measures to address them.
Moreover, a small group of experts will work on a Work Program for the Expert Group taking into consideration, among others, the activities of the two sub-Working Groups
Networking of initiatives
The Expert Group is also well engaged with related initiatives at EU and international level:
Task Force Smart Grid (Expert Group 2) CEN/CENELEC/ETSI Smart Grids Co-ordination Group and its subgroup on Smart Grid Information Security EuroScsie US NIST- Cyber security Working Group
Thanks!
Web Sites
EU policy on Critical Information Infrastructure Protection CIIP http://ec.europa.eu/information_society/policy/nis/strat egy/activities/ciip/index_en.htm A Digital Agenda for Europe http://ec.europa.eu/information_society/digitalagenda/index_en.htm EU policy on promoting a secure Information Society http://ec.europa.eu/information_society/policy/nis/index _en.htm
Commission Communication on Critical Information Infrastructure Protection "Achievements and next steps: towards global cybersecurity" - COM(2011) 163 http://ec.europa.eu/information_society/policy/nis/docs/comm_ 2011/comm_163_en.pdf Digital Agenda for Europe - COM(2010)245 of 19 May 2010 http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0245:FIN: EN:PDF
The EU Internal Security Strategy in Action: Five steps towards a more secure Europe COM(2010)673 http://ec.europa.eu/commission_20102014/malmstrom/archive/internal_security_strategy_in_action_e n.pdf
Commission Communication on Critical Information Infrastructure Protection "Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience" COM(2009) 149 http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2009:0149:FIN: