• Home

  • Documents

  • The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security...
13
European Union Agency for Network and Information Security The Role of ENISA in the Implementation of the NIS Directive Anna Sarri | Officer in NIS CIP Workshop | Vienna | 19 th September 2017

The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security Strategies ... ENISA All 28 MS have a NCSS Challenges: Effective cooperation between public

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

Page 1: The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security Strategies ... ENISA All 28 MS have a NCSS Challenges: Effective cooperation between public

European Union Agency for Network and Information Security

The Role of ENISA in the Implementation of the NIS DirectiveAnna Sarri | Officer in NISCIP Workshop | Vienna | 19th September 2017

Page 2: The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security Strategies ... ENISA All 28 MS have a NCSS Challenges: Effective cooperation between public

2

Positioning ENISA activities

POLICY Support MS & COM in

Policy implementation Harmonisation across EU

CAPACITY Hands on activities

EXPERTISE Recommendations Independent Advice

Anna Sarri | Secure Infrastructure and Services Unit | ENISA

Page 3: The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security Strategies ... ENISA All 28 MS have a NCSS Challenges: Effective cooperation between public

3

The Network and Information Security Directive

Anna Sarri | Secure Infrastructure and Services Unit | ENISA

Page 4: The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security Strategies ... ENISA All 28 MS have a NCSS Challenges: Effective cooperation between public

44

Co-operation Group & ENISA

Cooperation Group

Identification Criteria Expert

group - DE

Security Measures Expert group - FR

Incident reporting Expert group – NL

Cross-border Interdependencies Expert group - EE

ENISA

EC

Study on Identification

Criteria for OES

Study on Security

Measures for OES

Study on Incident

Reporting for OES

Anna Sarri | Secure Infrastructure and Services Unit | ENISA

Study on Cross border Interdepend-

encies

Page 5: The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security Strategies ... ENISA All 28 MS have a NCSS Challenges: Effective cooperation between public

5

National Cyber Security Strategies

Anna Sarri | Secure Infrastructure and Services Unit | ENISA

All 28 MS have a NCSS

Challenges:

Effective cooperation between public stakeholders

Establish trust between public and private stakeholders

Lack of resources

Lack of common approach and awareness for privacy

The implementation of vulnerability and risk analysis

MS are considering reviewing their NCSS in the light of the NISD

Page 6: The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security Strategies ... ENISA All 28 MS have a NCSS Challenges: Effective cooperation between public

6

ENISA NCSS EU map

ENISA Supports the Member States

ENISA NCSS Expert Group

E-Learning

& Workshops

ENISA REPORTS

Anna Sarri | Secure Infrastructure and Services Unit | ENISA

Page 7: The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security Strategies ... ENISA All 28 MS have a NCSS Challenges: Effective cooperation between public

7

Identification criteria for OES

Main steps for MS to create and list OES:

• Identify the essential services that are critical for societal andeconomic activities.

• Identify operators of essential services: define specific criteriaand thresholds.

• Identify critical business processes and assets that supportthe provision of essential services.

• Create a list of OES.

• Review and update the list of OES every two years.

Anna Sarri | Secure Infrastructure and Services Unit | ENISA

Page 8: The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security Strategies ... ENISA All 28 MS have a NCSS Challenges: Effective cooperation between public

8

Key findings

The state-driven approach where the leading role is assumed by one or more governmental agencies/ministries that have the mandate to identify the Essential Services and OES - in most of the cases the responsible ministries.

The operator-driven approach where operators self-assess if specific criteria are met and then register to the list of OES. This approach does not require the national authorities to identify individual operators of critical infrastructures – it is the operators’ duty to notify the authorities when they fall under the predefined criteria.

Anna Sarri | Secure Infrastructure and Services Unit | ENISA

• For most MS, the identification process of essential services and OES is in an initial phase.

• Selected MS have different registration approaches for operators of essential services.

• Identified lists of essential services are characterised by significantly different levels of description.

• Most MS have developed methodologies to identify Critical Infrastructures, not services.

• The number of identified operators depend on the size of the country.

Page 9: The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security Strategies ... ENISA All 28 MS have a NCSS Challenges: Effective cooperation between public

9

• Adaptation of existing methodologies to NIS Directive requirements.

• Difficulty in matching the criteria of the NIS directive to the criteria that have already been developed.

• Challenges in threshold definition. Sometimes they are not at all necessary for small countries where only one operator exists in a given sector.

• Cooperation with the private sector

• Challenges regarding NIS Directive definitions.

Challenges

Anna Sarri | Secure Infrastructure and Services Unit | ENISA

Page 10: The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security Strategies ... ENISA All 28 MS have a NCSS Challenges: Effective cooperation between public

10

38

2281

33

8

1 1

Cross sector

Energy

Health Care

Water

Transport

Financial marketInfrastructures

Banking

Digital Infrastucture

Desktop Research on:

• Security standards & goodpractices per NISD sector

• Country specific standards,good practices, laws &regulations

• Risk assessment & RiskManagement methodologies

• 112 International standards& Good practices

Security Measures for OES

Anna Sarri | Secure Infrastructure and Services Unit | ENISA

Page 11: The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security Strategies ... ENISA All 28 MS have a NCSS Challenges: Effective cooperation between public

11

1. Information Security Governance & Risk Management

2. IT Reference Security Architecture & Management of third parties

3. Security Operations

4. Continuity of Operations

5. Logical and Physical Security

6. Computer Security Incident Management

7. Compliance and Reporting Framework

8. Systems Development and Acquisition

Cooperation group work stream on Security Measures for OES

Anna Sarri | Secure Infrastructure and Services Unit | ENISA

Page 12: The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security Strategies ... ENISA All 28 MS have a NCSS Challenges: Effective cooperation between public

12

Incident Reporting for OES

Anna Sarri | Secure Infrastructure and Services Unit | ENISA

Page 13: The Role of ENISA in the Implementation of the NIS Directive€¦ · National Cyber Security Strategies ... ENISA All 28 MS have a NCSS Challenges: Effective cooperation between public

PO Box 1309, 710 01 Heraklion, Greece

Tel: +30 28 14 40 9710

[email protected]

www.enisa.europa.eu

Thank you

https://www.facebook.com/ENISAEUAGENCY
https://www.linkedin.com/company/european-network-and-information-security-agency-enisa-
https://twitter.com/enisa_eu
mailto:[email protected]
http://www.enisa.europa.eu/

ENISA Security Through Collaboration€¦ · Dr. Steve Purser Head of Technical Competence Department, European Network & Information Security Agency (ENISA) 04 October 2011. ENISA

ENISA Security Through Collaboration€¦ · Dr. Steve Purser Head of Technical Competence Department, European Network & Information Security Agency (ENISA) 04 October 2011. ENISA

Documents
About ENISA

About ENISA

Documents
NCSS Members

NCSS Members

Documents
Enisa Secure USB

Enisa Secure USB

Documents
ENISA – NIS is people · ENISA – NIS is people Networks, people and technology In the 21st century, we take for granted innovations such as mobile phones, computers, the Internet,

ENISA – NIS is people · ENISA – NIS is people Networks, people and technology In the 21st century, we take for granted innovations such as mobile phones, computers, the Internet,

Documents
NCSS Primary Sources

NCSS Primary Sources

Education
NCSS DAILY - physics.usyd.edu.au

NCSS DAILY - physics.usyd.edu.au

Documents
NCSS 2008 Simulation

NCSS 2008 Simulation

Documents
ENISA – Cloud Computing Security Strategy - TERENA · ENISA – Cloud Computing ... What is cloud computing –ENISA’ s understanding. . ... benefits of cloud computing

ENISA – Cloud Computing Security Strategy - TERENA · ENISA – Cloud Computing ... What is cloud computing –ENISA’ s understanding. . ... benefits of cloud computing

Documents
ENISA – CERT Inventory

ENISA – CERT Inventory

Documents
Forensic analysis - ENISA

Forensic analysis - ENISA

Documents
NIS DIRECTIVE, THE EU PERSPECTIVE•EU-wide CSIRT Network ... ENISA Supports, by drafting papers, doing research, analysis, surveys, exercises, etc Article 13a EG eComms security (chaired

NIS DIRECTIVE, THE EU PERSPECTIVE•EU-wide CSIRT Network ... ENISA Supports, by drafting papers, doing research, analysis, surveys, exercises, etc Article 13a EG eComms security (chaired

Documents
ENISA’s roles and functions under the NIS Directive Art ... · 6 ENISA’s role in the Cooperation Group Dr. Dan Tofan | NIS Directive & Art. 19 - As part of the group, ENISA will

ENISA’s roles and functions under the NIS Directive Art ... · 6 ENISA’s role in the Cooperation Group Dr. Dan Tofan | NIS Directive & Art. 19 - As part of the group, ENISA will

Documents
ENISA NIS Threats & Prevention · Dr. Steve Purser Head of Technical Competence Department, European Network & Information Security Agency (ENISA) 31 August 2011 . Attack Trends The

ENISA NIS Threats & Prevention · Dr. Steve Purser Head of Technical Competence Department, European Network & Information Security Agency (ENISA) 31 August 2011 . Attack Trends The

Documents
NCSS Mapping Tools

NCSS Mapping Tools

Education
Towards a Digital Single Market for NIS products and services · Towards a Digital Single Market for NIS Products and Services| Athanasios Drougkas –Dimitra Liveri, ENISA SESSION

Towards a Digital Single Market for NIS products and services · Towards a Digital Single Market for NIS Products and Services| Athanasios Drougkas –Dimitra Liveri, ENISA SESSION

Documents
Presentation of ENISA

Presentation of ENISA

Documents
ENISA STRATEGY - Europa

ENISA STRATEGY - Europa

Documents
NCSS Procedure and Topic List (Categorized)€¦ · NCSS Statistical Software NCSS.com Adjusted Kappa Statistic . Working-Hotelling C.I. Band . NCSS Statistical Software NCSS.com

NCSS Procedure and Topic List (Categorized)€¦ · NCSS Statistical Software NCSS.com Adjusted Kappa Statistic . Working-Hotelling C.I. Band . NCSS Statistical Software NCSS.com

Documents
ENISA – Cloud Computing Security Strategy - TERENA · ENISA – Cloud Computing Security Strategy ... What is cloud computing –ENISA’ s understanding. ... • Cloud Computing:

ENISA – Cloud Computing Security Strategy - TERENA · ENISA – Cloud Computing Security Strategy ... What is cloud computing –ENISA’ s understanding. ... • Cloud Computing:

Documents
EU eHealth Cybersecurity Policy Context and …...EU eHealth Cybersecurity Policy Context and Incident Reporting under the NIS Directive 1 5th eHealth Security Conference ENISA 30

EU eHealth Cybersecurity Policy Context and …...EU eHealth Cybersecurity Policy Context and Incident Reporting under the NIS Directive 1 5th eHealth Security Conference ENISA 30

Documents
ENISA and CERTs · ENISA and CERTs Results from 2006 A wrap-up and outlook Marco Thorbruegge, ENISA Senior Expert Computer Security and Incident Response 2nd ENISA Workshop CERTs

ENISA and CERTs · ENISA and CERTs Results from 2006 A wrap-up and outlook Marco Thorbruegge, ENISA Senior Expert Computer Security and Incident Response 2nd ENISA Workshop CERTs

Documents
Topics/Issues/NCSS Strands/Fields • All NCSS strands • All

Topics/Issues/NCSS Strands/Fields • All NCSS strands • All

Documents
ENISA Annual Activity Report 2014 | ENISA

ENISA Annual Activity Report 2014 | ENISA

Documents
ENISA [s efforts related to the NIS Directive · ENISA [s role in supporting MS with OESs ENISA | NIS Directive ENISA WP2017 activities CG WP2017 activities O.1.1.1 - Baseline Security

ENISA [s efforts related to the NIS Directive · ENISA [s role in supporting MS with OESs ENISA | NIS Directive ENISA WP2017 activities CG WP2017 activities O.1.1.1 - Baseline Security

Documents
Ncss 2014 strategies

Ncss 2014 strategies

Education
NCSS presentation

NCSS presentation

Documents
ENISA – NIS is people€¦ · regard to Network and Information Security (NIS). In particular, the widespread publicity afforded to major cyber-attacks in a number of European countries

ENISA – NIS is people€¦ · regard to Network and Information Security (NIS). In particular, the widespread publicity afforded to major cyber-attacks in a number of European countries

Documents
ENISA PROGRAMMING DOCUMENT

ENISA PROGRAMMING DOCUMENT

Documents
Digital evolution: why, for Europe's future, cyber must ......EU Cyber Security Strategy and NIS Directive. ... •The Cyber Security Strategy, Directive and forthcoming ENISA Regulation

Digital evolution: why, for Europe's future, cyber must ......EU Cyber Security Strategy and NIS Directive. ... •The Cyber Security Strategy, Directive and forthcoming ENISA Regulation

Documents