Upload
nicanorcu
View
213
Download
0
Embed Size (px)
Citation preview
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 1/37
Industrial Control System Security
Workshop-Update of EU NIS & CIIP policy
16 September 2011
Alejandro PINTO
European Commission
Directorate GeneralInformation Society and Media - DG INFSO
Unit A3 – Internet Governance; Network andInformation Security
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 2/37
NIS & CIIPThe EU Policy Framework
• 2004: Establishment of the European Network and Information SecurityAgency - ENISA
• 2006: European Commission Strategy for a Secure Information Society -COM(2006)251
• 2006: COM on European Programme for Critical Infrastructure Protection• 2007: Council Resolution on a Strategy for a Secure Information Society
in Europe [2007/C 68/01]
• 2008: Directive on Identification and Designation of European CriticalInfrastructures
• Mar 2009: COM on Action Plan on Critical Information Infrastructure
Protection - CIIP -• Dec 2009: Council resolution on a collaborative European approach
to NIS [2009/C 321/01]
• May 2010: Adoption of the European Digital Agenda
• Mar 2011: COM on CIIP: achievements and next steps
• April 2011: COM on SmartGrids:From innovation to deployment
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 3/37
EU policies on NIS and CIIP
NIS has never been so high on the EU politicalagenda
President Barroso “Political guidelines for thenext Commission”, 3 September 2009:
• “The next Commission will develop a EuropeanDigital Agenda [] to tackle the main obstacles to agenuine digital single market, promote investment inhigh-speed Internet and avert an unacceptable digital divide. Because of the increasing dependence of our economies and societies on the Internet, amajor initiative to boost network security will also be proposed .”
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 4/37
• Increasing economic and social dependency on ICT vsgrowing sophistication of threats
• Network and Information Security (NIS) is a key enabler
for trust and is a shared responsibility.
• Global interconnection vs lack of transnationalcooperation
•
Operational responsibility with private sector whilepublic policy responsibility lies with governments
• Limited incentives for wide NIS uptake
• Fragmentation of NIS regimes and market maturity in
MS
Network & Information Security (NIS)Facts
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 5/37
• Make security and resilience the front line of defence of critical ICT infrastructures
• Develop a risk management culture in the EU
• Identify socio-economic incentives
• Promote openness, diversity, interoperability,usability, competition
• Boost policy and operational cooperation(e.g. pan-European security incident exercises)
Network and Information SecurityChallenges
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 6/37
Recent policy developments
• May 2010, Digital Agenda
• 20 November 2010: Establishment of the EU-U.S.
Working Group on Cybersecurity and Cybercrime – EU-U.S. Summit – Lisbon
• 22 November 2010: Adoption of EU Internal SecurityStrategy
• CIIP COM(2011)163“Achievements and next steps: towards global cyber - security”
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 7/37
A Digital Agenda for Europe - COM(2010)245 The Seven Priority areas for action -
1. Creating a Digital Single Market2. Improving the framework conditions for
interoperability between ICT products andservices
3. Boosting Internet trust and security4. Guaranteeing the provision of much faster
internet access5. Encouraging investment in research and
development6. Enhancing digital literacy, skills and inclusion7. Applying ICT to address social challenges such as
climate change, rising healthcare costs and theageing population.
“Every European Digital” N. Kroes – May 2010
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 8/37
KA 6 (28)NIS Policy
1
2
3
ENISA
EU institutions CERT
ToolBox
38 – Network of CERTs by 2012
33 – EU cyber-security
preparedness
39 –MSSimulation
exercises as of 2010
Regulation for mandateand duration
ENISA ………………………… EFMS ………………………….
EP3R ……………………….. Observer in Cyberstorm .EPCIP ……………………….. CIIP Conference
Expert Group
32–
Cooperation oncybersecurity
41 – Nationalalert platforms
by 2012
30 – EUplatform by
2012
31 – Create
EuropeanCybercrime
center
CybercrimeCybersecurity preparedness
37 –Dialogueand self-
regulationminors
36 – Supportfor reporting
of illegalcontent
40 –Harmfulcontent hotlinesand awareness
campaigns
Safety and privacy of online content and
services
Overview of Pillar 3 “Trust and Security”
35 – Implementationof privacy andpersonal data
protection
34 – Exploreextension of
personal data breach notification INFSO CdF
HOME CdF
Others COM CdF
Commission action
Member States action
KA 7 (29)– Measures on
cyberattacks
KA 6 (28)
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 9/37
EU-U.S. Working Group on Cybersecurityand Cybercrime
The EU-US Working Group on Cyber-security and Cyber-crime(EU-US WG) was established in the context of the EU-US summit of 20 November 2010 held in Lisbon to "tackle new threats to the global networks upon which the security and prosperity of our free societies
increasingly depend". The EU-US WG "will address a number of specific priority areas and will report progress within a year” .
• Cyber Incident Management (TTX exercise and a cooperation program)
In 2011, EC and US will develop a common programme and roadmaptowards joint/synchronised trans-continental cyber exercises in2012/2013
• Public Private Partnership
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 10/37
EU-U.S. Working Group on Cybersecurityand Cybercrime
The EU-US Expert Sub-Group on Public Private Partnerships:
Deliverables:
• Briefings/reports on specific topics of mutual interest including best practices and models to engage with the private sector; national approaches/programs for addressing botnets; private sector cybersecurity good practices; legislative developments; and others, as identified.
• A strategy and an action plan to engage the private sector in
cooperative activities with governments, on selected areas, includingdevelopment of agreed guidelines, principles, best practices, and/or standards.
• Common principles and guidelines on the resilience and stability of theInternet as well as on a reliable access to it .
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 11/37
EU-U.S. Working Group on Cybersecurityand Cybercrime
The EU-US Expert Sub-Group on Public Private Partnerships:
Initially, ESG focus will be maintained on achieving measurable and
beneficial outcomes in the following areas:
•EU and US coordinated efforts to fight botnets;
•Cyber Security of industrial control systems and Smart grids;
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 12/37
EU-U.S. Working Group on Cybersecurityand Cybercrime
CYBER SECURITY OF INDUSTRIAL CONTROL SYSTEMS AND SMART GRIDS
Proposed tasks:
Stock taking and comparative analysis of existing initiatives, pilots, good
practises and methods in particular addressing ICT risks (threats,vulnerabilities), privacy and security.
Input from EU side:
• Activities at national level (NL, DE, UK, SE…) as well as at European level(Euro-SCSIE, possibly via Member States experts in the ESG and during the
stock taking of the ENISA studies on ICS and Smart Grids)
• Ongoing ENISA studies on Industrial control systems and Interdependenciesof ICT sector to energy
• Activities of the Expert Group on the security and resilience of communication networks and information systems for Smart Grids,composed of European public and private stakeholders. The last meeting of
this Expert Group took place on 21 June 2011.
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 13/37
EU-U.S. Working Group on Cybersecurityand Cybercrime
CYBER SECURITY OF INDUSTRIAL CONTROL SYSTEMS AND SMART GRIDS
Input from US side:
Experiences in international public-private coordination to mature acceptance of
voluntary security standards.
Specific methodology and mechanisms to engage with the private sector toachieve cooperation and mutual engagement in public-private control systemsecurity coordination.
Deliverables:
• Strategy for EU and US engagement on the control system/smart gridpriority area;
• Plan of Action for EU and US public private engagement on cyber security of industrial control systems and Smart grids; this will also draw on an analysisof existing coordination bodies for security of industrial control systems andhighlighting best practices for voluntary participation developed within them.
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 14/37
CIP – European Context
Need for action at the European level to enhance the protectionand resilience of critical infrastructures : In June 2004, theEuropean Council asked for an overall strategy to protect criticalinfrastructures
On 12 December 2006, the Commission adopted the Communicationon a European Programme on Critical Infrastructure ProtectionEPCIP (COM(2006)786) with the objective of improving theprotection of critical infrastructures in the EU.
EPCIP framework:
• A procedure for the identification and designation of ECI
• Measures: Critical Infrastructure Warning Information Network(CIWIN), use of CIP expert groups, CIP information sharing,identification and analysis of interdependencies.
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 15/37
C(I)IP – European Context
Because of their horizontal nature with inter-linkages
into many other critical infrastructures, the
protection of communication and information
infrastructure is a priority
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 16/37
Communication on CIIP - COM(2009)149
Objectives and scope
• High level objectives– Protect Europe from large scale cyber attacks and disruptions– Promote security and resilience culture (first line of defence)
& strategy– Tackle cyber attacks & disruptions from a systemic
perspective
• Means– Enhance the CIIP preparedness and response capability in EU– Promote the adoption of adequate and consistent levels of
preventive, detection, emergency and recovery measures
– Foster International cooperation, in particular on Internetstability and resilience
• Approach– Build on national and private sector initiatives– Engage public and private sectors
– Adopt an all-hazards approach– Be multilateral, open and all inclusive
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 17/37
Communication on CIIP“Protecting Europe from large scale cyber-attacks
and disruptions: enhancing preparedness, security
and resilience” - COM(2009)149
The five pillars of the CIIP Action Plan:
1. Preparedness and prevention
2. Detection and response
3. Mitigation and recovery
4. International Cooperation
5. Criteria for European CriticalInfrastructures in the ICT sector
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 18/37
CIIP COM(2011)163“Achievements and next steps: towards
global cyber- security”
• Adopted on 31 March 2011
• Takes stock of results achieved since 2009
CIIP action plan
• Builds on existing policy initiatives, inparticular Digital Agenda, Stockholm
Action Plan and ISS
• Describes next steps at European andInternational level
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 19/37
CIIP COM(2011)163“Achievements and next steps: towards
global cyber- security”
• Threats and risks
– exploitation purposes (e.g. GhostNet, ETS,
recent attacks against government systems and EUInstitutions)
– disruption purposes (e.g. Conficker, StuxNet,submarine cable breaks)
– destruction purposes. This is a scenario that has
not yet materialised but, given the increasingpervasiveness of ICT in Critical Infrastructures(e.g. smart grids and water systems), it cannot beruled out for the years to come”
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 20/37
CIIP COM(2011)163“Achievements and next steps: towards
global cyber- security”
• EU and the global context
– A purely European approach is not sufficient andneeds to be embedded into a global coordination
strategy
– The DAE calls for the “cooperation of relevant actors […] to be organised at global level to beeffectively able to fight and mitigate security
threats" and sets out the goal to “work with global stakeholders notably to strengthen global risk management in the digital and in the physical
sphere and conduct internationally coordinated targeted actions against computer-based crimeand security attacks”
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 21/37
CIIP COM(2011)163
“Achievements and next steps: towards global cyber- security”
Preparedness and prevention (1/3)
• European Forum for Member States(EFMS) Achievements
- Progress on ICT criteria for ECIs, identificationof priorities for Internet resilience and stability,exchange of policy practises.
Next steps
- To finalise discussion on ICT criteria forECIs;
- To be further involved in discussions onInternational priorities on security andresilience (e.g. EU-US WG);
- To focus on CERTs cooperation, securityincentives, driving pan-European exercises.
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 22/37
CIIP COM(2011)163“ Achievements and next steps: towards global
cyber- security” Preparedness and prevention (2/3)
• European Public-private Partnership forResilience (EP3R) Achievements
- 2010: ENISA Three WGs launched within EP3R;
- A modernised ENISA would provide a long-termand sustainable framework for EP3R.
Next steps
- WGs to deliver first results;- EP3R to be leveraged in support of the EU-US
WG on Cyber-security and Cyber-crime.
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 23/37
CIIP COM(2011)163“ Achievements and next steps: towards
global cyber- security” Preparedness and prevention (3/3)
• Baseline of capabilities and services for pan-European cooperation Achievements
- 2010: ENISA gave recommendations on baseline
capabilities for Nat/Gov CERTs;- 20 MS with Nat/Gov CERTs in place*.
Next steps
- ENISA to continue support MS – towards well-functioning network of CERTs at national level by
2012 (DAE);- ENISA to cooperate with Nat/Gov CERTs towards
EISAS by 2013 (ISS).
* Based on information provided to ENISA by MS
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 24/37
CIIP COM(2011)163“Achievements and next steps: towards
global cyber- security” Detection and response
• European Information Sharing and AlertSystem (EISAS) Achievements
- FISHA and NEISAS currently producing results
- ENISA devised a high-level roadmap fordevelopment of EISAS by 2013
Next steps
- 2011: ENISA to support MS by developing basicservices needed for national ISAS
- 2012: ENISA to develop “interoperabilityservices”
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 25/37
CIIP COM(2011)163
“Achievements and next steps: towards global cyber- security”
Mitigation and Recovery (1/2)
• National contingency planning and exercises
Achievements
- To date, 12 MS* have carried out cyber-exercises atnational level
Next steps- ENISA to continue support MS in developing national
contingency plans
* Based on information provided to ENISA by MS
( )
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 26/37
CIIP COM(2011)163
“Achievements and next steps: towards global cyber- security”
Mitigation and Recovery (2/2)
• Pan-European exercise on large-scale
network security incidents
Achievements- Cyber Europe 2010 carried out on 4th November
2010
Next steps
- Eurocybex project- MS to work on future pan-European exercise totake place in 2012
- ENISA to work with MS on a EU cyber-incidentcontingency plan by 2012
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 27/37
CIIP COM(2011) 163“Achievements and next steps: towards global
cyber- security”
ICT sector criteria for ECIs
• Sector specific criteria for identifyingEuropean Critical Infrastructures in theICT sector
Achievements
- Development within EFMS of draft criteria of fixed/mobile communications and the internet
Next steps
- EFMS to complete discussions by 2011- EC to discuss with MS on ICT-sector elements for
review of Directive 2008/114/EC
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 28/37
• Smart Grids concept brings improvement in operations and services,
but at the cost of exposing the entire electricity network to new
challenges, in particular in the field of cyber security.
• ICT infrastructures, as underpinning platform, have become critical
to the energy sector, without which some services (e.g. in electricity
transmission and distribution) could come to an abrupt halt. At the
extreme, vulnerabilities of communication networks and information
systems of Smart Grids may be exploited for financial or political
motivation to shut off power to large areas or directing cyber-
attacks against power generation plants.
Cyber security and resilience Smart GridsProblem Statement
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 29/37
I. Better understand of the views and objectives of the private and public sectors on the ICT securityand resilience challenges for the smart grids.
II. Identification and discussion about the relatedpolicy at EU level.
Expert Group on Security and Resilience of communication networks and information systems forthe Smart Grid
The European Commission (EC), with the support of theEuropean Network and Information Security Agency(ENISA), convened an Expert Group for:
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 30/37
COM(2011) 163 on Critical Information InfrastructureProtection
“destruction purposes. This is a scenario that has not yet materialised but,
given the increasing pervasiveness of ICT in Critical Infrastructures (e.g.smart grids and water systems), it cannot be ruled out for the years tocome”
COM(2011) 202 on Smart Grids “The Commission will continue bringing together the energy and ICTcommunities within an expert group to assess the network and informationsecurity and resilience of Smart Grids as well as to support relatedinternational cooperation.”
The Policy Context for the Expert Group
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 31/37
The Expert Group is discussing how to strengthen at European
Level the security and resilience of communication networks and
information systems for Smart Grids.
Objective 1
Identify European priority areas for which action should be undertaken to
address the security and resilience of communication networks and
information systems for Smart Grids. The Expert Group is also expected to
define recommendations on how to progress on each priority
area at European level.
Expert Group: Concrete objectives
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 32/37
Objective 2
Identify which elements of the smart grid should be addressed by the
Expert Group (e.g. smart appliances, smart metering, smart distribution,
smart (local) generation, smart transmission) and to what level. The use
of an existing common concept model should be considered.
The Expert Group will:• Identify key strategic and high level requirements
• Identify a good practices guideline based on lessons learned
• Propose mechanisms/messages to raise awareness of decision makers
Expert Group: Concrete objectives
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 33/37
Sub-Working Group 1: ICT security and resilience of Smart Grids: High LevelRisk Analysis and Security RequirementsObjective: Identify and explore policy issues related to risk analysis; and formulation of high level security requirements and measures to reduce risk levels to acceptable levelsand to improve the resilience of the network.Policy issues will include (but not limited to): objectives of risk analysis, enumeration of levels at which stakeholders should conduct risk analysis, process for prioritizing risk,
categories of security requirements, attributes of security measures, and phases andstages for risk mitigation.
Sub-Working Group 2: Challenges and recommendations for ICT security andresilience of Smart Grids Objective: To identify European challenges of ICT security and resilience of Smart Gridsand propose actions to be undertaken.Challenges for securing the communication networks and information systems that will becentral to the performance and availability of the Smart Grid. Exploring and setting theroad ahead to address these challenges, and indentify the European stakeholders whichare affected by these challenges and therefore should be involved in the development of measures to address them.
Moreover, a small group of experts will work on a Work Program for the Expert Group taking into consideration, among others, the activities of the two sub-Working Groups
Expert Group: How to achieve objectives- State of Play
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 34/37
Networking of initiatives
The Expert Group is also well engaged with related initiativesat EU and international level:
• Task Force Smart Grid (Expert Group 2)
• CEN/CENELEC/ETSI Smart Grids Co-ordination Group and itssubgroup on Smart Grid Information Security
• EuroScsie
• US NIST- Cyber security Working Group
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 35/37
EU Policy on NIS and CIIP
Thanks!
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 36/37
Web Sites
• EU policy on Critical Information Infrastructure Protection– CIIPhttp://ec.europa.eu/information_society/policy/nis/strat
egy/activities/ciip/index_en.htm
• A Digital Agenda for Europehttp://ec.europa.eu/information_society/digital-agenda/index_en.htm
• EU policy on promoting a secure Information Societyhttp://ec.europa.eu/information_society/policy/nis/index _en.htm
7/28/2019 2. Alejandro Pinto - EC Policy Context 16 Sept 2011
http://slidepdf.com/reader/full/2-alejandro-pinto-ec-policy-context-16-sept-2011 37/37
Links to policy documents
• Commission Communication on Critical Information InfrastructureProtection – "Achievements and next steps: towards global cyber-security" - COM(2011) 163http://ec.europa.eu/information_society/policy/nis/docs/comm_ 2011/comm_163_en.pdf
•
Digital Agenda for Europe - COM(2010)245 of 19 May 2010http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2010:0245:FIN:EN:PDF
• The EU Internal Security Strategy in Action: Five steps towards amore secure Europe COM(2010)673http://ec.europa.eu/commission_2010-
2014/malmstrom/archive/internal_security_strategy_in_action_en.pdf
• Commission Communication on Critical Information InfrastructureProtection – "Protecting Europe from large scale cyber-attacks anddisruptions: enhancing preparedness, security and resilience" -COM(2009) 149http://eur-le e opa e /Le U iSe /Le U iSe do? i COM 2009 0149 FIN