cyber security in europe
play

Cyber Security in Europe Priorities, Standards and Cooperation - PowerPoint PPT Presentation

Sep 04, 2022 •14 likes •394 views

Cyber Security in Europe Priorities, Standards and Cooperation Opportunities Alessandro Guarino ETSI TC CYBER StudioAG EU-SEA Workshop - Hanoi 2/12/2015 Hanoi National University 1 / 38 Introduction Who am I ? Day job: Information

  1. Cyber Security in Europe Priorities, Standards and Cooperation Opportunities Alessandro Guarino ETSI TC CYBER – StudioAG EU-SEA Workshop - Hanoi 2/12/2015 Hanoi National University 1 / 38

  2. Introduction ● Who am I ? ● Day job: Information Security consultant and adviser – StudioAG www.studioag.eu ● Standardisation activity – ISO SC 27 – ETSI Technical Commitee “CYBER” – Cyber Security Coordination Group ● Independent researcher and speaker – CyCon 2013, ISSE 13-15 2 / 38

  3. Introduction ● Priorities – the 2013 EU Cyber Security Strategy – Achieving cyber resilience (NIS) – (Drastically) reducing cybercrime – Developing cyberdefence policy and capabilities related to the Common Security and Defence Policy – Develop industrial and technological resources for cybersecurity – Establish a coherent international cyberspace policy for the EU, promote EU values ● Critical Infrastructure Protection 3 / 38

  4. Europe Cybersecurity Ecosystem 4 / 38

  5. Introduction ● Horizon 2020 – The EU research program – Just published the 16-17 work programme – Periodic “Calls” open to consortia (European and Extra-EU) – Specific “Digital Security” area (beside direct calls for cooperation) ● Standardisation work – ESOs: CEN/CENELC and ETSI – Similarities and differences – Cyber Security Coordination Group 5 / 38

  6. CSCG ● Advisory Body of the three ESOs (CEN/CENELEC/ETSI) ● Composed of ESO members and EU institutions – ENISA, JRC, DG GROWTH, DG CNECT ● White Paper Feb 2014: 9 main Recommendations for a Strategy on European Cyber Security Standardization http://www.din.de/de/din-und-seine-partner/din-e- – v/organisation/koordinierungsstellen/kits/cscg/cscg-white-paper- published-61526 6 / 38

  7. CSCG White Paper Areas ● GOVERNANCE – Coordination, scope, trust ● HARMONISATION – PKI/cryptography, requirements/evaluation, EU security label, interface with research ● GLOBALISATION – Harmonisation with international key players, global promotion of EU Cyber Security standards 7 / 38

  8. ETSI – Some Facts ● Created in 1988 ● Recognised ESO ● Independent, non for profit ● ICT Focus ● Governed by (worldwide) ETSI Members – Born European, global outreach – Technical standards ● ETSI Members participate directly in the standardisation process 8 / 38

  9. Products & services ● Technical Specifications and Standards with global application ● Support to industry and European regulation ● Specification & testing methodologies ● Interoperability testing 9 / 38

  10. Membership ● O v e r 8 0 0 c o m p a n i e s , big and small, from 64 countries on 5 continents M a n u f a c t u r e r s , n e t w o r k o p e r a t o r s , service and content providers, national administrations, ministries, universities, research bodies, consultancies, user organizations 10 / 38 1 0

  11. Innovations Effjcient and speedy standards-making Agreement by consensus !!! Free download of all our standards Electronic working to boost effjciency and reduce cost and environmental impact Quality certjfjed to ISO 9001:2008 11 / 38 11

  12. ETSI Clusters 12 / 38 12

  13. Areas of security standardization ● C y b e r S e c u r i t y ● Mobile/Wireless Comms ( G S M / U M T S , T E T R A , D E C ) – I n o l v e m e n t i n 3 G P P ● Lawful Interception and Retained Data ● Electronic Signatures ● Smart Cards ● Machine-to-Machine (M2M) ● Methods for Testing and Specification (MTS) ● Emergency Communications / Public Safety ● RFID ● Intelligent Transport Systems ● Information Security Indicators ● Quantum Key Distribution (QKD) ● Quantum –Safe Cryptography (QSC) ● Algorithms ● Network Functions Virtualisation (NFV) 13 / 38 13

  14. ETSI TC CYBER ● C y b e r S e c u r i t y S t a n d a r d i s a t i o n ● S e c u r i t y o f i n f r a s t r u c t u r e s , d e v i c e s , s e r v i c e s a n d p r o t o c o l s ● Security advice, guidance and operational security requirements to users, manufacturers and network and infrastructure operators ● Tools and techniques to ensure security ● Creation of security specifications and alignment with work done in other TCs and ISGs ● Coordinate work with external groups such as the CSCG with CEN, CENELEC, the NIS Platform and ENISA ● Collaborate with other SDOs (ISO, ITU, NIST, ANSI...) ● Answer to policy requests on Cyber Security and ICT security in broad sense 14 / 38

  15. ETSI TC CYBER ● C r e a t e d i n 2 0 1 4 - m e t f i v e t i m e s f a c e - t o - f a c e ● Next meeting (CYBER #6) scheduled for February 2016 – O n a v e r a g e o v e r 5 0 p a r t i c i p a n t s p e r m e e t i n g – Work carried out on 13 documents ● P a r t i c i p a t i n g o r g a n i s a t i o n s : – Industry: Manufacturers, Operators, SMEs... – Public Administrations – The European Commission – ENISA – Universities and Research Bodies – Service Providers – Micro Enterprises – C o n s u l t a n c y 15 / 38

  16. TC CYBER – 13 Active Documents ● T R 1 0 3 3 0 3 P r o t e c t i o n m e a s u r e s f o r I C T i n t h e c o n t e x t o f C r i t i c a l Infrastructure ● TR 103 304 PII Protection and Retention ● TR 103 305 Security Assurance by Default; Critical Security Controls for Effective Cyber Defence ● TR 103 306 Global Cyber Security Ecosystem ( a p p r o v e d ) ● TS 103 307 Security Aspects for LI and RD interfaces ● TR 103 308 A security baseline regarding LI for NFV ● TR 103 309 Secure by Default adoption – platform security technology ● TR 103 369 Design requirements ecosystem ● TR 103 370 Practical introductory guide to privacy ● TR 103 331 Structured threat information sharing ● EG 203 310 Post Quantum Computing Impact on ICT Systems ● TS 103 485 Mechanisms for privacy assurance and verification ● TS 103 486 Identity management 16 / 38

  17. Areas of work ● C r i t i c a l I n f r a s t r u c t u r e P r o t e c t i o n – G u i d a n c e f o r t h e d e p l o y m e n t o f I C T s e c u r i t y t e c h n o l o g i e s and security management to deliver and maintain effective Critical Infrastructures ● Structured Threat Information Sharing – Guidance for exchanging cyber threat information in a standardized and structured manner – Provide technical indicators of adversary activity, contextual information, exploitation targets, and courses of action 17 / 38 1 7

  18. Areas of work ● Security by Default – Published May 2015 – Critical Security Controls for Effective Cyber Defence – Guidance to detect, prevent, respond, and mitigate damage from the most common to the most advanced of cyber attacks – Measures reflecting the combined knowledge of actual attacks and effective defenses ● Structured Threat Information Sharing – Published August 2015 – Guidance to business decision makers for the development and adoption of secure by default platform security technologies – Encourage industry to adopt device hardware security features 18 / 38 18

  19. Areas of work ● Security for Lawful Interception and RD interfaces – Guidance to protect information flows and interfaces from a security perspective (confidentiality, integrity and authenticity) including implementation details (technologies, algorithms, options, minimum requirements on keys etc) in a context of provision of Lawful Interception (LI) and Retained Data (RD) functionalities ● Lawful Interception in the NFV context – To be Published end 2015 – Guidance related to the legal and physical challenges to ensure LI functionalities in a Network Functions Virtualization context – Focus on the infrastructure of NFV rather than the functions themselves 19 / 38 19

  20. Areas of work ● Post-Quantum Computing Impact on ICT – Review nature and vulnerabilities of security algorithms when subjected to quantum computing attacks – Evaluate characteristics required of algorithms in order to be invulnerable under such attacks ● Global Cyber Security Ecosystem – To be Published end 2015 – Constantly updated overview of cyber security work being undertaken in multiple forums worldwide ● Design Requirements Ecocystem – Structured ecosystem of security design requirements that may be applicable to ICT networks and devices 20 / 38 20

  21. Areas of work ● Privacy measures (4 documents) – G u i d a n c e o n t h e basics for privacy management: terms and definitions, standards, practical applications – Guidance for the protection and retention of PII (Personally Identifiable Information) and how to enable the secure portability of data transferred from one service provider to another – Provision of technical means, that enable assurance of privacy and verification of said assurance – Identification of means to protect identity in order to alleviate some of the resultant threats 21 / 38 21

  22. In-Depth ● ETSI White Paper (7th Edition, June 2015) – Achievements and current work – List of all Security publications – www.etsi.org/security/whitepaper ● Membership details – www.etsi.org/membership – Fees vary by organisation type and size 22 / 38

  23. TC CYBER Work Details I n t h e f i n a l s l i d e s y o u w i l l f i n d t h e f u l l s c o p e f o r a l l T C C Y B E R documents for your reference. 23 / 38

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Personal Cyber Security Matters! Who are we? Multinational Company We are operating in

Personal Cyber Security Matters! Who are we? Multinational Company We are operating in

Personal Cyber Security Matters! Who are we? Multinational Company We are operating in Bangladesh, Turkey, USA, UK, Canada, Europe , Middle East and providing our services to over 54+ countries. Domain We mainly provide Cyber Security &

300 views • 18 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

876 views • 64 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page

481 views • 35 slides
ENISA activities on C3E Cyber Europe 2014 Future activities www.enisa.europa.eu 2 1 20/03/2015

ENISA activities on C3E Cyber Europe 2014 Future activities www.enisa.europa.eu 2 1 20/03/2015

20/03/2015 Razvan GAVRILA, CSA Summit, Slovenia, 2015 www.enisa.europa.eu ENISA activities on C3E Cyber Europe 2014 Future activities www.enisa.europa.eu 2 1 20/03/2015 2009 - Good practice guide on Developing National Cyber Security

423 views • 9 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence Service 05-10-2015 05-10-2015 Who are we? Centre for Cyber Security In respect of the Rule of Law and Privacy Cyber is a priority (Gov.

455 views • 18 slides
Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 Agenda for today Part I Latest security news Security vulnerabilities in Java

2.02k views • 185 slides
your PCI I DSS program GoSec August 2019 Yves B. Desharnais, MBA, CISSP, PCIP www.p .pcir

your PCI I DSS program GoSec August 2019 Yves B. Desharnais, MBA, CISSP, PCIP www.p .pcir

Future proofing your PCI I DSS program GoSec August 2019 Yves B. Desharnais, MBA, CISSP, PCIP www.p .pcir ireso esour urces.com es.com Future-proofing your PCI DSS program GoSec August 2019 1 Agenda About Yves 1. PCI DSS &

481 views • 32 slides
Agenda 18:00 Pre-mingle 18:30 Introduction to the Blockchain and Ethereum Thomas

Agenda 18:00 Pre-mingle 18:30 Introduction to the Blockchain and Ethereum Thomas

Agenda 18:00 Pre-mingle 18:30 Introduction to the Blockchain and Ethereum Thomas Backlund - Founder Blockie 19:10 Short break 19:15 Creating Lendroid - an Ethereum-based app Vignesh M. Sundaram - Founder Lendroid

523 views • 15 slides
Chapter 17 : Computer Science Class XI ( As per Cyber CBSE Board) Safety Visit :

Chapter 17 : Computer Science Class XI ( As per Cyber CBSE Board) Safety Visit :

Chapter 17 : Computer Science Class XI ( As per Cyber CBSE Board) Safety Visit : python.mykvs.in for regular updates Introduction-Cyber Safety Cyber safety is the safe and responsible use of Internet & ICT(Information &

312 views • 18 slides
Understanding blockchain for insurance use cases A practical guide for the insurance industry

Understanding blockchain for insurance use cases A practical guide for the insurance industry

Understanding blockchain for insurance use cases A practical guide for the insurance industry Zhixin Lim Chadwick Cheung Darko Popovic 03 February 2020 Contents 1. Introduction 2. Blockchain 101 3. Insurance use cases 4. Risks and

342 views • 32 slides
PKI FUNDAMENTALS, STATE OF THE ART, VULNERABILITIES by by Bl Fyem CISSP, CCNP,CCDP

PKI FUNDAMENTALS, STATE OF THE ART, VULNERABILITIES by by Bl Fyem CISSP, CCNP,CCDP

DELIVERED AT THE 11TH INTERNATIONAL CONFERENCE OF THE NIGERIA COMPUTER SOCIETY (NCS) DELIVERED AT THE 11TH INTERNATIONAL CONFERENCE OF THE NIGERIA COMPUTER SOCIETY (NCS) HELD AT THE ROYAL PARK HOTEL, ILOKO-IJESA, THE STATE OF OSUN, NIGERIA (24-26

704 views • 52 slides
Passive Routing Attacks in MANET ! Location privacy attack Correlate a mobile node with its

Passive Routing Attacks in MANET ! Location privacy attack Correlate a mobile node with its

ANODR : AN onymous O n- D emand R outing with Untraceable Routes for Mobile Ad Hoc Networks MobiHOC 2003 June 3, 2003 Jiejun Kong, Xiaoyan Hong Wireless-Adaptive-Mobility Laboratory Department of Computer Science University of California,

345 views • 10 slides
Communication in Distributed Systems Issues in communication (today) Message-oriented

Communication in Distributed Systems Issues in communication (today) Message-oriented

Communication in Distributed Systems Issues in communication (today) Message-oriented Communication Remote Procedure Calls Transparency but poor for passing references Remote Method Invocation RMIs are essentially RPCs

246 views • 9 slides
A Guide for Families How to use this is document: You can navigate to an area of f in

A Guide for Families How to use this is document: You can navigate to an area of f in

Distance Learning Phase 2 A Guide for Families How to use this is document: You can navigate to an area of f in interest, or jump forw rward or backward usin ing the tabs: Special Ed. Instruction Technology Q & A Expectations

359 views • 21 slides

More recommend