C-days , Lisbon 21-22.06.2017r.

ENISA – EU CYBERSECURITY

AGENCY

Krzysztof Silicki

ENISA, Deputy Chair of Management Board, Member of Executive Board

NASK (Poland), Director for Cybersecurity Capability Development and Cooperation

Above: after election on June 9th, 2016:

Udo Helmbrecht – Executive Director

Jean-Baptiste Demaison – Chair of MB

Krzysztof Silicki – Deputy Chair of MB

Steve Purser – Head of COD

Paolo Emphadinhas – Head of SRAD

ENISA facts (selected):

created in 2004 by EU regulation

each EU MS and also EC has reps

in Management Board (EEA – observers)

main MB role: create strategy,

cooperate to develop (and adopt)

programming documents

(Work Programmes)

ENISA ROLE

CYBERSECURITY INITIATIVES,

TRUSTED SOURCE OF INFORMATION

www.enisa.europa.eu

INFO NOTES

PUBLICATIONS

NEWS FROM

MS,

UPCOMING

EVENTS

KEY INITIATIVES:

CYBER EUROPE - CYBER EXERCISES

2010

201220152014

20162013

2011

Cyber Europe 2016 • 1000 participants - focus on ICT infrastructures

• received European Ombudsman Award for Innovation-Transformation

Cyber Europe 2018• Under development

Cyber exercise planning training courses

Requested by more than 25 countries and institutions

Support exercise planning for other institutions

European Commission (2012),

EEAS (2015 and 2016),

Eurocontrol (2013),

EU Council (2014),

eu-LISA (2017),

EDA (2016 and 2017),

Estonian Presidency Exercise (2017)

Cyber Exercise Platform available for the organisation of EU Institutions, Agencies, and Member States exercises

EXERCISE SUPPORT

ECSM

European Cyber Security Month – is the EU’s annual awareness raising campaign that takes place in October, with the aim to influence citizens behavior online, by the sharing of good practices and educating; and increasing trust in online services.

Background: 2013 Cybersecurity Strategy of the European Union; EC invited Member States to organize a yearly cybersecurity month with the support of ENISA and the involvement of the private sector, with the goal to raise awareness among end users.

October is Cyber Security Month!

• 5th anniversary of the campaign

• ENISA supports Member States local campaigns with collaboration from the private sector and the production of material

• The NIS Quiz developed by ENISA is accessible in all 23 languages of the EU

Kick-Off Event: 29th September 2017, Tallinn

More information visit: www.cybersecuritymonth.eu

“Cyber Security is a Shared Responsibility!”

ECSM 2017

ENISA | NIS Directive

One of ENISA’S

KEY ROLE:

SUPPORTING

NISD

IMPLEMENTATION

ENISA’S ROLE ON NIS DIRECTIVE

Scope of NISD: to achieve a high common level of security of NIS within the Union (first EU regulatory act at this level).

Status: ADOPTED August 2016.

Deadline for transposition: 9 May 2018 (21 months).

Provisions:

1. Improved cybersecurity capabilities at national level

2. Increased EU-level cooperation

3. Obligations for operators of essential services (OES)

4. Obligations for digital service providers (DSP)

ENISA’S ROLE IN NIS STRATEGIESENISA | NIS Directive

- Leverage existing knowledge and expertise this area (WP 2014-WP 2016), e.g.

- NCSS good practice guide- NCSS evaluation guide, - MS map of NCSS implementation

- Assist MS in evaluating their current strategy or developing a new one

- NCSS good practice guide update with strategic objectives and good practices.

- e-learning platform with NCSS design, implementation and evaluation videos.

ENISA’S ROLE IN THE

COOPERATION GROUPENISA | NIS Directive

- As part of the group, ENISA will directly support:

- exchange of best practices

- capacity building in NIS

- assistance in identification of OES

- Other tasks that fall within the group are:

- provide strategic guidance for the activities of the CSIRT network

- discuss modalities for reporting notifications of incidents

- examine on an annual basis the incident summary reports

- periodically review of the functioning of the Directive

- discuss with representatives from the relevant European Standardisation Organisations, the standards referred to in the directive.

- Status:

- 2nd informal meeting took place on the 25th of Oct. 2016.

- 1st formal meeting

- ToR and RoP under discussion.

- Status of current work:

- Proposal for Terms of Reference and Action Plan on the table

- Preparatory work with NL, SK, and MT

- Meetings

- Two informal meetings during NL Presidency (NCSC -The Hague,

ENISA -Riga)

- informal meeting on 09/11 (SK Presidency)

- First formal meeting in 02/2017 (MT Presidency)

- Preparatory work for CSIRT network secretariat:

Guidelines for national CSIRTs on physical security, business continuity and staffing.

CSIRT network maturity assessment guidelines.

ENISA’S ROLE IN THE CSIRTS NETWORK

SECRETARIAT AND ACTIVE SUPPORT

ENISA | NIS Directive

- Identification of operators of essential services.

- Minimum security measures to ensure a level of security appropriate

to the risks.

- Incident notification to prevent and minimize the impact of

incidents on the IT systems that provide services.

- Make sure competent authorities have the powers and means to

assess security and check evidence of compliance for OES.

OBLIGATIONS FOR MS

ON OES

ENISA | NIS Directive

ENISA’S ROLE TO SUPPORT MS

WITH OES

In 2017 ENISA plans to assist MS

• Identification of OES

• Preliminary work started in 2016, namely by:- looking into approaches taken by MS in identifying OES;

• Minimum Security Measures for OES

• Cross sector measures

• Mapping with well know standards for all sectors

• Incident reporting guidelines for OES

ENISA | NIS Directive

- Minimum security measures: Technical and organizational measures

proportionate to the risk (Implementing act by the COM)

- Incident notification: prevent and minimize the impact of incidents

on the IT systems used to provide the services (Implementing act by

the COM)

Notes:

- Light touch approach to be applied for DSPs!

- NIS directive applicable only to large and medium enterprises!

OBLIGATIONS ON DSP

ENISA | NIS Directive

ENISA’S ROLE IN SUPPORTING MS

ON DSPENISA | NIS Directive

- Based on previous experiences ENISA will support COM with the following projects:

1) Guidelines for implementing incident notification –DSPs.

- Assist COM(by providing input for the implementing acts) and MS (by providing guidelines) in incident notification requirements for DSPs.

2) Guidelines for implementing security measures –DSPs.

- Assist COM (by providing input for the implementing acts) and MS (by providing guidelines) in implementing minimum security measures for DSPs.

MANAGEMENT BOARD

THEMATIC MEETINGS

THEMATIC MEETING

New initiative of Management Board

Approach: Looking Beyond Work Programme

First meeting: March 7th, 2017

THEMATIC MEETING 7 MARCH

2017

Expectations of and feedback from Member States (roundtableopinion sharing)

All MSs underline important role of ENISA

MSs may have different capabilities in different areas of NIS

ENISA could be a broker of expertise

Smaller MSs keep track what ENISA is doing and are using ENISA guidelines, however they may have limited resources to participate in WGs

Bigger MSs are intersted in ENISA initiatives on EU level that bring valueadded to domestic capabilities and provide EU wide approach -they can provide experts to ENISA

European level acititities/cooperation/common approach

Most MSs expect important role of ENISA in NIS directiveimplementation(and other EU law)

Potential Important role of National Liason Officers network (currentlyunofficial mechanism)

More visibility of ENISA deliverables in MSs needed

eg. Directory of ENISA recommendations

PROACTIVE TASKS

WANNACRY – THREAT AND…

OPPORTUNITY

A dedicated taskforce has been set up at ENISA

to support what is the first ever case of cyber

cooperation at EU level in that the EU Standard

Operating Procedures, developed by ENISA and

the Member States, are currently being used to

this end.

ENISA TASKFORCE

First ever case of cooperation from the CSIRTs Network supported by ENISA

Result: EU-wide situation awareness through EU Integrated Situation Reports

+ ENISAsupport

ENISA TOMORROW

FUTURE OF THE ENISA

Communication from EC, July 5/2016

Moving towards ENISA 2.0

Current ENISA mandate expires in 2020

EC is currently doing evaluation

modification or renewal of the mandate must be adopted

by 19 June 2020

Opportunity to look into possible enhancement of the

Agency’s capabilities and capacities to suport MS in

achieving cybersecurity resilience

Mandate should reflect ENISA’s new responsibilities under

NIS Directive, new policy objectives (eg. cPPP), new

chalenges (eg. linked to cross-sector incidents),

coordinated response to cyber crises

Cooperation blueprint

POSSIBLE FUTURE DEVELOPMENT

The EU Cyber Security Agency

ENISA OBSERVATIONS – IDEAS FOR THE FUTURE

CREDITS TO ENISA FOR HELPING

IN PREPARATION OF THIS

PRESENTATION

Thank you for your attention

Krzysztof.Silicki@nask.pl