eu network and information security nis directive
play

EU - Network and Information Security (NIS) Directive George - PowerPoint PPT Presentation

Sep 09, 2023 •93 likes •289 views

EU - Network and Information Security (NIS) Directive George Michaelides Commissioner of Electronic Communications and Postal Regulation http://www.ocecpr.org.cy 22 nd November 2016 1 Overview Cybersecurity Facts European Cybersecurity

  1. EU - Network and Information Security (NIS) Directive George Michaelides Commissioner of Electronic Communications and Postal Regulation http://www.ocecpr.org.cy 22 nd November 2016 1

  2. Overview • Cybersecurity Facts • European Cybersecurity Strategy • The Objectives • MS Capability Requirements • NIS Scope • NIS Requirements • National CSIRT o Coverage o Activities o Incident Management • Way Forward / Timeline 2

  3. Cybersecurity Facts Vulnerabilities • 2015 • 2014 Scanned Websites 78% 76% with Vulnerabilities Percentage cost for external Percentage of 15% 20% consequences Which Were Critical Information loss 39% Browser 879 639 Business disruption 35% Vulnerabilities Revenue loss 21% Web Attacks ~1 million Equipment damages 4% Blocked per Day 496,657 Other 2% Websites Found 1 in 3,172 (source Ponemon Institute 2015) with Malware 1 in 1,126 (source Symantec 2016) Global economic cost 10% probability of a of over $445B major CII breakdown in (Source Mcafee) the next 10 years (Source WEF) Size of Data Average total cost of Breach breach Industry • 2015 < 10.000 $2.1 million • 2014 Finance, Insurance 35% 20% 10.000 – $3.0 million & Real Estate 25.000 Services 22% 20% 25.000 – $5.0 million Manufacturing 14% 13% 50.000 Transportation 13% 9% > 50.000 $6.7 million Wholesale 9% 10% (source Ponemon Institute 2016) Top 10 Industries Targeted in Spear-Phishing Attacks (source Symantec 2016) 3

  4. European Cybersecurity Strategy European Cybersecurity Strategy NIS Directive Network and Cyberdefence Cybercrime Information Security (NIS) Technological Resources – Cooperation with industry and academia Digital European Policy - International cooperation on Cybersecurity Agenda Europe Electronic Communications Framework Electronic communications Framework Dirs 2009/140/EC, 2009/136/EC, Framework 21/2002, Art.13a,b Digital Agenda for Europe Pers. Data Prot. 58/2002/EC Art.4 REGULATION EU526/2013-European Union REGULATION EU 611/2013 Notification of Union Agency for Net. & Inf. Security (ENISA) personal data breaches 4

  5. OCECPR Role and Responsibilities Business Continuity, Contingency Plans (Electronic Com. Providers) - National Level Network Cybersecurity Cyber Risk and Cy Cybercrime Strategy of the Notifications: Assessment Center of Information - Availability of networks / Republic of - Excellence – Security infrastructures, Cyprus Crisis Management 3CE (NIS) - Personal data breaches [Coordination] - CSIRTs/CERTs [Implementation] Gov. / National CIIP–Critical - Awareness Information Infrastructure Protection 5

  6. The Objectives Increased National Risk EU Level Cyber Security Management Cooperation Capabilities and Reporting Boosting Cyber Security in Europe 6

  7. Member States (MS) Capability Requirements National NIS / NIS Competent Cybersecurity National National CSIRT Strategy Authority National Cyber Security Capability 7

  8. Scope of NIS Operators of Essential Service s • The entity provides a service which is essential for the maintenance of critical societal / economic activities • The provision of that service depends on network and information systems • A NIS incident would have significant disruptive effects on the provision of the essential service Digital Service Providers • Online marketplaces • Online search engines • Cloud computing services 8

  9. Security Requirements Prevent • Organisational measures that are appropriate and proportionate to the Risks risk • The measures should ensure a level of Ensure NIS NIS appropriate to the risks Handle • The measures should prevent and minimise the impact of incidents on the Incidents IT systems used to provide the services 9

  10. Notification Requirements • Incidents having a significant Operators of impact on the continuity of Essential the essential services they Services provide • Incidents having a substantial Digital Services impact on the provision of a Providers service 10

  11. Notification Requirements Parameter OES DSP ✔ ✔ Number of users affected / relying in the service ✔ ✔ Impact – Economic and Societal ✔ ✔ Geographic spread ✔ ✔ Duration of disruption ✔ Extent of the disruption to the functioning of the service ✔ Importance of the entity for maintaining a sufficient level of service ✔ Impact - Safety ✔ Market share (e.g. proportion of national power generated) ✔ Dependency of other essential sectors on the service OES: Operators of Essential Services DSP: Digital Service Providers 11

  12. NIS Cooperation Requirements • Operational cooperation between National CSIRTs, EU-CSIRT, EU, ENISA CSIRT Network Cooperation Group • Strategic cooperation between Members States (NIS Authorities), EC, ENISA 12

  13. National CSIRT – Sector Coverage Electricity Public Health Natural Gas/Oil Financial Sector Water supply Public Sector/Security Services “The protection of all critical information infrastructures of the state and the operation of information and communication Transport Electronic Communications technologies with the necessary levels of security, for the benefit of every citizen, the economy and the country” Cyprus National Cybersecurity Strategy Vision 13

  14. National CSIRT – Areas of activities • Incident Monitoring Incident Communication • Incident Response • Early warning, alerts, Management • Incident Analysis announcements, etc. • EC awareness on incident • General awreness regarding handling process incidents (public/media) etc. etc. • Cooperation with NIS Authority Cooperation • Mutual assistance with other national CSIRTs • Exchange non-classified information • Participation in exercises etc. Cybersecurity Strategy of the Republic 14 of Cyprus

  15. National CSIRT Functions – Incident Management Detection Continuous Classification Improvement Recovery Analysis Eradication Containment 15

  16. NIS Authority and National CSIRT National Cybersecurity Strategy European Cybersecurity Strategy International Collaboration National Collaboration Cooperation Group Cyber Crisis Management CSIRT Network Operational Coordination Supervision Operators of Essential Services (~50) Energy, Water, Transport, Health, Banking, Financial, Digital Infrastructure Digital Service Providers (<10) Cloud Computing Services, Online Marketplaces, Search Engines 16

  17. Implementation Timeline Nov 2018 – MS to identify 6 operators of essential services May 2018 – Transposition into national 5 law Feb 2018 – Cooperation Group 4 establishes work programme Aug August 2017 – Adoption of implementing 3 acts on requirements for DSPs Feb 2017 – Cooperation Group begins NIS 2 Directive tasks Aug 2016 – NIS Directive entry into Aug 1 force Cybersecurity Strategy of the Republic 17 of Cyprus

  18. Thank you 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Industry Responses to the European Directive on Security of Network and Information Systems

Industry Responses to the European Directive on Security of Network and Information Systems

Industry Responses to the European Directive on Security of Network and Information Systems (NIS) Dr Ola Michalec, Dr Sveta Milyaeva, Dr Dirk van der Linden, Prof Awais Rashid Image credit: Terrence J Sullivan. CC Licensed.

750 views • 9 slides
THE EU NIS DIRECTIVE Jim Reid, RTFM llp jim@rfc1035.com OH DEAR - ANOTHER ONE! What is NIS?

THE EU NIS DIRECTIVE Jim Reid, RTFM llp jim@rfc1035.com OH DEAR - ANOTHER ONE! What is NIS?

THE EU NIS DIRECTIVE Jim Reid, RTFM llp jim@rfc1035.com OH DEAR - ANOTHER ONE! What is NIS? Why? What does NIS mean? Whos affected and how? DIRECTIVE ON SECURITY OF NETWORK AND INFORMATION SYSTEMS EU Directive 2016/1148

457 views • 14 slides
Implementation in Belgium of the NIS Directive (EU 2016/1148) of 6 July 2016 concerning

Implementation in Belgium of the NIS Directive (EU 2016/1148) of 6 July 2016 concerning

. 06/2019 Implementation in Belgium of the NIS Directive (EU 2016/1148) of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union The Centre for Cyber security Belgium Law

1.13k views • 83 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Uptime at IXPs - and NIS Directive Robert Lister UKNOF 40 27 April 2018 | Manchester NIS

Uptime at IXPs - and NIS Directive Robert Lister UKNOF 40 27 April 2018 | Manchester NIS

Uptime at IXPs - and NIS Directive Robert Lister UKNOF 40 27 April 2018 | Manchester NIS Directive EU Directive on security of Networks and Information Systems UK Consultation: (August/Sept 2017):

635 views • 28 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Security Note: These slides are created using information from. Network Security Essentials by

Security Note: These slides are created using information from. Network Security Essentials by

Security Note: These slides are created using information from. Network Security Essentials by William Stallings Computer Networking, A top-down approach by James F.Kurose and Keith W.Ross Maximum Security by Anonymous Lectures and Notes from

489 views • 38 slides
Delegating Network Security with More Information with More Information {Stanford: [ Jad

Delegating Network Security with More Information with More Information {Stanford: [ Jad

Delegating Network Security with More Information with More Information {Stanford: [ Jad Naous , Ryan Stutsman, David Mazires, Nick McKeown,], MIT CSAIL: [Nickolai Zeldovich]} Context Roberto Alicia

542 views • 33 slides
Security in Malicious Environments: NSF Programs in Information-Theoretic Network Security Phil

Security in Malicious Environments: NSF Programs in Information-Theoretic Network Security Phil

Background Classical Tools Beyond Cryptography NSF Security in Malicious Environments: NSF Programs in Information-Theoretic Network Security Phil Regalia Program Director Directorate for Computer &amp; Information Science &amp; Engineering

552 views • 36 slides
Proposal for a Council Directive amending Directive (EU)2011/16 as regards access to AML

Proposal for a Council Directive amending Directive (EU)2011/16 as regards access to AML

Proposal for a Council Directive amending Directive (EU)2011/16 as regards access to AML information by tax authorities - &quot;DAC5&quot; EESC Brussels, 14.09.2016 European Commission DG Taxation and Customs Union EU framework EU

98 views • 7 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
N etwork safeguards are the first protec- tion barrier of IT sys- tem resources against

N etwork safeguards are the first protec- tion barrier of IT sys- tem resources against

ISSA Journal | October 2007 ISSA The Global Voice of Information Security The Principles of Network Security Design By Mariusz Stawowski Deployment of an effective and scalable network security system requires proper designing

320 views • 3 slides
CSE543 Computer and Network Security Module: Network Security Professor Patrick McDaniel Fall

CSE543 Computer and Network Security Module: Network Security Professor Patrick McDaniel Fall

CSE543 Computer and Network Security Module: Network Security Professor Patrick McDaniel Fall 204 1 CSE543 - Introduction to Computer and Network Security Page Networking Fundamentally about transmitting information between two (or more)

636 views • 47 slides
Extending the Charter: Addressing Vulnerability and Exploit Information Yurie Yurie I to I to

Extending the Charter: Addressing Vulnerability and Exploit Information Yurie Yurie I to I to

I ETF I NCH W orking Group Meeting 5 th August 2 0 0 4 , San Diego CA US Extending the Charter: Addressing Vulnerability and Exploit Information Yurie Yurie I to I to I an Bryant I an Bryant Liaison Manager Head, Capability Developm ent

389 views • 22 slides
Cyber Incident Management -National and Regional Lessons Learned- Masanori Sasaki Deputy

Cyber Incident Management -National and Regional Lessons Learned- Masanori Sasaki Deputy

ARF Seminar on Operationalizing Cyber CBMs at Singapore 21 22 October 2015 Cyber Incident Management -National and Regional Lessons Learned- Masanori Sasaki Deputy Counsellor, NISC, Cabinet Secretariat, Japan Our organization NISC : N

229 views • 5 slides
0-Day Patch Exposing vendors (in)security performance BlackHat Europe 2008 Amsterdam Stefan

0-Day Patch Exposing vendors (in)security performance BlackHat Europe 2008 Amsterdam Stefan

BLACKHAT Europe 2008 0-Day Patch 0-Day Patch Exposing vendors (in)security performance BlackHat Europe 2008 Amsterdam Stefan Frei + Bernhard Tellenbach Communication Systems Group ETH Zurich Switzerland http://www.csg.ethz.ch

414 views • 17 slides
CSG Justice Center National non-profit, non-partisan membership association of state

CSG Justice Center National non-profit, non-partisan membership association of state

10/27/2011 OJACC 25 th Annual Conference th l f Reducing Recidivism Through Collaboration Council of State Governments Justice Center Marc Pelka August 15, 2011 CSG Justice Center

402 views • 19 slides
Operational Security in EGEE Romain Wartel, CERN IT EGEE Operational Security Coordination Team

Operational Security in EGEE Romain Wartel, CERN IT EGEE Operational Security Coordination Team

Enabling Grids for E-sciencE Operational Security in EGEE Romain Wartel, CERN IT EGEE Operational Security Coordination Team http://www.eu-egee.org/security/ International Symposium on Grid Computing (ISGC) 2008 Academia Sinica, Taipei, 7 - 11

362 views • 14 slides
French view on the NIS Diretcive transposition Cybersecurity Framework in France - ANSSI &gt;

French view on the NIS Diretcive transposition Cybersecurity Framework in France - ANSSI &gt;

French view on the NIS Diretcive transposition Cybersecurity Framework in France - ANSSI &gt; The Agence Nationale de la Scurit des Systmes dInformation (ANSSI) was created on July 7 th 2009 by a decree (2009-834) of the Prime Minister,

341 views • 17 slides
NCSC Research Agenda Jeroen van der Ham &amp; Nicole van Deursen dcypher Symposium, December 2019

NCSC Research Agenda Jeroen van der Ham &amp; Nicole van Deursen dcypher Symposium, December 2019

NCSC Research Agenda Jeroen van der Ham &amp; Nicole van Deursen dcypher Symposium, December 2019 #dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht NCSC Research Agenda Jeroen van der Ham &amp; Nicole van Deursen dcypher Symposium,

884 views • 10 slides
LIMITE EN Bulgarian Presidency of the Council of the EU 1 January 30 June 2018 UNITED WE

LIMITE EN Bulgarian Presidency of the Council of the EU 1 January 30 June 2018 UNITED WE

Brussels, 11 January 2018 WK 229/2018 INIT LIMITE TELECOM WORKING PAPER This is a paper intended for a specific community of recipients. Handling and further distribution are under the sole responsibility of community members. CONTRIBUTION

134 views • 9 slides

More recommend