the WP2018 Steve Purser, 30 January 2018 European Union Agency for - - PowerPoint PPT Presentation

European Union Agency for Network and Information Security

Discussion on MS contribution to the WP2018

Steve Purser, 30 January 2018

2

Expert Groups

• ENISA coordinates several expert groups to assist in its activities, provide an
• pportunity for the MS to be involved (both public and private representatives)
• The expert groups are linked to the output of the Single Program Document 2018

(Work program) Procurement – projects

• ENISA provides an overview of the projects linked to the output of the Single

Program Document 2018 (Work program)

Steve Purser

Possibilities for MS contribution to the WP2018

3

SPD OUTPUT TITLE OF OUTPUT EXPERT GROUP DESCRIPTION SPD 2018 O.1.1.1 Good practices for security of Internet of Things

IoT Security (IoTSec) Expert Group

The group was established in 2017. IoTSEC is an information exchange platform that brings together experts to ensure security and resilience of the entire Internet of Things

• ecosystem. The group provide input for the 2017 study on Baseline Security

Recommendations for IoT in CII and held its first meeting in October 2017. ENISA ICS Stakeholders Group (EICS) In 2014 ENISA assessed the need of an Expert Group focused on the topic of the ICS/SCADA security, that provides the opportunity for ICS/SCADA experts to address important issues to ENISA in its work to enhance ICS security in the EU, and it will provide the opportunity for ENISA to consult providers and to listen to concerns and

• ideas. In 2017, an updated To R and a new call for stakeholders was launched in order

to include apart from ICS/SCADA experts, stakeholders with expertise in I4.0, IIoT and smart manufacturing. https://resilience.enisa.europa.eu/ics-security European SCADA and Control System Information Exchange(EuroSCSIE) EuroSCSIE is composed of members of European Governments, research institutions,

• perators, industry that depend or are responsible for the security Critical

Infrastructure’ ICS. The EuroSCSIE was established in June 2005 under the initiative of the U.K. NISCC (today CPNI, Centre for the Protection of the National Infrastructures), with the aim of: (1) Sharing mutually beneficial information regarding electronic security threats, vulnerabilities, incidents, and solutions; (2) Acting as c ross-country facilitator for the exchange of best practices and information; (3) Supporting the EU- Countries policy makers on the matter of Critical Infrastructure Protection ENISA sustains the group since 2014.

Steve Purser

EXPERT GROUPS

4

SPD OUTPUT TITLE OF OUTPUT EXPERT GROUP DESCRIPTION SPD 2018 O.1.2.1 Annual ENISA Threat Landscape ETL Working Group Working group that supports the yearly ENISA wide publication of the European Threat Landscape. SPD 2018 O.1.2.3 Support incident reporting activities in the EU Article 13a Experts Group The Expert Group of Article 13a established in 2010 to develop technical guidelines for incident reporting for Article13a, to discuss the implementation of Article 13a and to share knowledge and exchange views about past incidents, and how to address them. The Group is comprised by the European Commission (EC), Ministries and Telecommunication National Regulatory Authorities of the EU Member States. Article 19 Experts Group Article19 EG established in 2014 to discuss the implementation of the Article19 of the eIDAS Regulation that was adopted. In the beginning the group was comprised by experts from ministries, agencies, authorities who would potentially get involved in this area. Now the EG is composed only by the nationally appointed Supervisory Bodies. ENISA together with the EG has developed the incident reporting framework. The EG has two meetings per year where developments and incidents are discussed.

Steve Purser

EXPERT GROUPS

5

SPD OUTPUT TITLE OF OUTPUT EXPERT GROUP DESCRIPTION SPD 2018 O.2.2.2 Supporting the Implementation of the NIS Directive eHealth Security Experts Group Group of eHealth Security Experts established in 2015 to share information, exchange knowledge and to disseminate our work. The group supports ENISA activities in eHealth and has contributed to previous ENISA reports (e.g. Smart Hospitals) by providing expert input and findings validation. Expert Group on Finance (EGFI) Group of CISOs, Risk and Policy Managers from financial institutions, such as banks, stock exchanges and similar, established in 2014. The purpose is to raise awareness of Finance sector to ICT risks, promote good practices, discuss security issues and security measures. Cars and Roads SECurity (CaRSEC) Expert Group The group was established in 2016 and supported the work on the 2016 study on Securing Smart Cars. CaRSEC gathers experts in the domains of Smart Cars and Intelligent Road Systems to exchange on cyber security threats, challenges and solutions with the objective to protect the safety of citizens. First meeting was held in October 2016. Internet Infrastructure Security and Resilience Reference Group (INFRASEC) INFRASEC involves technical experts from Internet operations (IXP, ISP, Internet

• rganizations), research institutions and interested governmental organizations

(cybersecurity / contingency / NRA) focusing on infrastructure security and resilience. INFRASEC provides the opportunity for Internet operational actors to address important issues to ENISA in its work to enhance Internet infrastructure security and resilience in the EU, and it provides the opportunity for ENISA to consult Internet operational actors and to listen to suggestions and ideas. Transport Resilience and Security Expert Group (TRANSSEC) The group was established in 2015. TRANSSEC group is an information exchange platform that brings together experts to ensure security and resilience of Intelligent Public Transports in Europe. The group provided support for the 2015 ENISA studies on Smart Cities and Intelligent Public Transport.

Steve Purser

EXPERT GROUPS

6

SPD OUTPUT TITLE OF OUTPUT EXPERT GROUP DESCRIPTION SPD 2018 O.2.2.4 Supporting the Payment Services Directive (PSD) Implementation Expert Group on Finance (EGFI) Group of CISOs, Risk and Policy Managers from financial institutions, such as banks, stock exchanges and similar, established in 2014. The purpose is to raise awareness of Finance sector to ICT risks, promote good practices, discuss security issues and security measures. SPD 2018 O.2.2.3 Baseline Security Recommendations for the OES Sectors and DSPs Cloud Security and Resilience experts group The group was established in 2013 and has supported several publications like the Gov Cloud reports, the certification framework for Cloud security and the guidelines for implementing NISD for DSPs. The group is comprised by cloud providers (amazon, Google, IBM etc), certification bodies (CSA, EuroCloud etc) and public administration. SPD 2018 O.2.2.6 NIS Directive transposition Cloud Security and Resilience experts group The group was established in 2013 and has supported several publications like the Gov Cloud reports, the certification framework for Cloud security and the guidelines for implementing NISD for DSPs. The group is comprised by cloud providers (amazon, Google, IBM etc), certification bodies (CSA, EuroCloud etc) and public administration. Transport Resilience and Security Expert Group (TRANSSEC) The group was established in 2015. TRANSSEC group is an information exchange platform that brings together experts to ensure security and resilience of Intelligent Public Transports in Europe. The group provided support for the 2015 ENISA studies on Smart Cities and Intelligent Public Transport.

Steve Purser

EXPERT GROUPS

7

SPD OUTPUT TITLE OF OUTPUT EXPERT GROUP DESCRIPTION SPD 2018 O.3.1.2 Support EU MS in the development and assessment of NCSS National Cyber Security Strategies Experts Group Group of NCSS experts established in 2014. Public officials, policy makers, from Member States (MS) and EFTA countries, that usually lead the development and implementation of NCSS in their country, support ENISA activities on the topic. The aim of the group is to collaborate by exchanging ideas, good practices and experiences to address important issues related to national cyber security and resilience of national and international CIIs. SPD 2018 O.3.3.1 Cyber Security Challenges European Cyber Security Challenge This group represents the EU member states participating in the European Cyber Security Challenge. It consists of representatives of the relevant authorities or bodies (in some cases national authorities, in other academia) that have the responsibility at national level of conducting the national Cyber Security Challenge, and preparing the national team that represents each participating country at the European Cyber Security Challenge. SPD 2018 O.3.3.2 European Cyber Security Month deployment European Cyber Security Month This group represents the EU member states participating in the European Cyber Security Month. It consists of representatives of the relevant national authorities that have the responsibility at national level of conducting cyber exercises. SPD 2018 O.4.1.1 Cyber Europe 2018 Cyber Europe Exercise This group represents the EU member states participating in the Cyber Europe

• Exercise. It consists of representatives of the relevant national authorities that have

the responsibility at national level of conducting cyber exercises.

Steve Purser

EXPERT GROUPS

8

SPD OUTPUT TITLE OF OUTPUT PROJECT SPD 2018 O.1.1.1 Good practices for security of Internet of Things Good practices for security of Internet of Things SPD 2018 O.1.2.1 Annual ENISA Threat Landscape Annual ENISA Threat Landscape 2018 SPD 2018 O.1.2.3 Support incident reporting activities in the EU Incident Reporting Framework for the NISD SPD 2018 O.1.3.2 Economics of vulnerability disclosure Economics of vulnerability disclosure

Steve Purser

PROCUREMENT

9

SPD OUTPUT TITLE OF OUTPUT PROJECT SPD 2018 O.2.2.1 Recommendations supporting implementation of the eIDAS Security recommendations for trust service providers and users of trust services Recommendations to support the technical implementation of the eIDAS Regulation SPD 2018 O.2.2.2 Supporting the Implementation of the NIS Directive Guidelines on the parameters of the identification of OES (implementation of article 5(7)) Good practices on interdependencies between OES and DSPs Guidelines for collecting and analysing security incidents for OESs and DSPs SPD 2018 O.2.2.3 Baseline Security Recommendations for the OES Sectors and DSPs Information Security Audit and Self assessment/management Frameworks Pt A - (Guidelines on assessing DSP’s and OES compliance to the NISD security requirements) Good practices in interdependencies’ risk assessment Pt B - (Guidelines on assessing DSP’s and OES compliance to the NISD security requirements)

Steve Purser

PROCUREMENT

10

SPD OUTPUT TITLE OF OUTPUT PROJECT SPD 2018 O.2.2.4 Supporting the Payment Services Directive (PSD) Implementation Good practices on the implementation of regulatory technical standards SPD 2018 O.2.2.5 Annual ENISA Threat Landscape Annual Privacy Forum 2018 SPD 2018 O.3.1.1 Update and provide technical training for MS and EU bodies Update of CSIRT training material TRANSIT support (1) TRANSIT support (2) TRANSIT support (3)

Steve Purser

PROCUREMENT

11

SPD OUTPUT TITLE OF OUTPUT PROJECT SPD 2018 O.3.1.3 Support EU MS in their Incident Response Development CSIRT landscape and IR capabilities in Europe 2020 SPD 2018 O.3.3.1 Cyber Security Challenges Supporting ENISA in organising the European Cyber Security Challenge Cyber Challenges Development SPD 2018 O.4.1.1 Cyber Europe 2018 Scenario Media Incident Support for Cyber Europe 2018 CE2018 After action activities SPD 2018 O.4.1.2 Lessons learnt and advice related to cyber crisis cooperation Exercise Incidents Development

Steve Purser

PROCUREMENT

SPD 2018 O.4.1.3 Support activities for Cyber Exercise Planning and Cyber Crisis Management Open Cybersecurity Situation Awareness Machine prototype CEP development and support

PO Box 1309, 710 01 Heraklion, Greece Tel: +30 28 14 40 9710 info@enisa.europa.eu www.enisa.europa.eu

Thank you