Discussion on MS contribution to the WP2018 Steve Purser, 30 January 2018 European Union Agency for Network and Information Security
Possibilities for MS contribution to the WP2018 Expert Groups • ENISA coordinates several expert groups to assist in its activities, provide an opportunity for the MS to be involved (both public and private representatives) • The expert groups are linked to the output of the Single Program Document 2018 (Work program) Procurement – projects • ENISA provides an overview of the projects linked to the output of the Single Program Document 2018 (Work program) Steve Purser 2
EXPERT GROUPS SPD OUTPUT TITLE OF OUTPUT EXPERT GROUP DESCRIPTION The group was established in 2017. IoTSEC is an information exchange platform that brings together experts to ensure security and resilience of the entire Internet of Things IoT Security (IoTSec) Expert Group ecosystem. The group provide input for the 2017 study on Baseline Security Recommendations for IoT in CII and held its first meeting in October 2017. In 2014 ENISA assessed the need of an Expert Group focused on the topic of the ICS/SCADA security, that provides the opportunity for ICS/SCADA experts to address important issues to ENISA in its work to enhance ICS security in the EU, and it will ENISA ICS Stakeholders Group (EICS) provide the opportunity for ENISA to consult providers and to listen to concerns and ideas. In 2017, an updated To R and a new call for stakeholders was launched in order Good practices for security of SPD 2018 O.1.1.1 to include apart from ICS/SCADA experts, stakeholders with expertise in I4.0, IIoT and Internet of Things smart manufacturing. https://resilience.enisa.europa.eu/ics-security EuroSCSIE is composed of members of European Governments, research institutions, operators, industry that depend or are responsible for the security Critical Infrastructure’ ICS. The EuroSCSIE was established in June 2005 under the initiative of the U.K. NISCC (today CPNI, Centre for the Protection of the National Infrastructures), European SCADA and Control System with the aim of: (1) Sharing mutually beneficial information regarding electronic Information Exchange(EuroSCSIE) security threats, vulnerabilities, incidents, and solutions; (2) Acting as c ross-country facilitator for the exchange of best practices and information; (3) Supporting the EU- Countries policy makers on the matter of Critical Infrastructure Protection ENISA sustains the group since 2014. Steve Purser 3
EXPERT GROUPS SPD OUTPUT TITLE OF OUTPUT EXPERT GROUP DESCRIPTION Annual ENISA Threat Working group that supports the yearly ENISA wide publication of the European Threat SPD 2018 O.1.2.1 ETL Working Group Landscape Landscape. The Expert Group of Article 13a established in 2010 to develop technical guidelines for incident reporting for Article13a, to discuss the implementation of Article 13a and to share knowledge Article 13a Experts Group and exchange views about past incidents, and how to address them. The Group is comprised by the European Commission (EC), Ministries and Telecommunication National Regulatory Authorities of the EU Member States. Support incident reporting SPD 2018 O.1.2.3 activities in the EU Article19 EG established in 2014 to discuss the implementation of the Article19 of the eIDAS Regulation that was adopted. In the beginning the group was comprised by experts from ministries, agencies, authorities who would potentially get involved in this area. Now the EG is Article 19 Experts Group composed only by the nationally appointed Supervisory Bodies. ENISA together with the EG has developed the incident reporting framework. The EG has two meetings per year where developments and incidents are discussed. Steve Purser 4
EXPERT GROUPS SPD OUTPUT TITLE OF OUTPUT EXPERT GROUP DESCRIPTION Group of eHealth Security Experts established in 2015 to share information, exchange knowledge and to disseminate our work. The group supports ENISA activities in eHealth eHealth Security Experts Group and has contributed to previous ENISA reports (e.g. Smart Hospitals) by providing expert input and findings validation. Group of CISOs, Risk and Policy Managers from financial institutions, such as banks, stock Expert Group on Finance (EGFI) exchanges and similar, established in 2014. The purpose is to raise awareness of Finance sector to ICT risks, promote good practices, discuss security issues and security measures. The group was established in 2016 and supported the work on the 2016 study on Securing Smart Cars. CaRSEC gathers experts in the domains of Smart Cars and Intelligent Road Cars and Roads SECurity (CaRSEC) Expert Group Systems to exchange on cyber security threats, challenges and solutions with the objective to protect the safety of citizens. First meeting was held in October 2016. Supporting the SPD 2018 O.2.2.2 Implementation of the NIS Directive INFRASEC involves technical experts from Internet operations (IXP, ISP, Internet organizations), research institutions and interested governmental organizations (cybersecurity / contingency / NRA) focusing on infrastructure security and resilience. Internet Infrastructure Security and Resilience INFRASEC provides the opportunity for Internet operational actors to address important Reference Group (INFRASEC) issues to ENISA in its work to enhance Internet infrastructure security and resilience in the EU, and it provides the opportunity for ENISA to consult Internet operational actors and to listen to suggestions and ideas. The group was established in 2015. TRANSSEC group is an information exchange platform Transport Resilience and Security Expert Group that brings together experts to ensure security and resilience of Intelligent Public (TRANSSEC) Transports in Europe. The group provided support for the 2015 ENISA studies on Smart Cities and Intelligent Public Transport. Steve Purser 5
EXPERT GROUPS SPD OUTPUT TITLE OF OUTPUT EXPERT GROUP DESCRIPTION Group of CISOs, Risk and Policy Managers from financial institutions, such as banks, Supporting the Payment Services stock exchanges and similar, established in 2014. The purpose is to raise awareness of SPD 2018 O.2.2.4 Expert Group on Finance (EGFI) Directive (PSD) Implementation Finance sector to ICT risks, promote good practices, discuss security issues and security measures. The group was established in 2013 and has supported several publications like the Gov Baseline Security Recommendations Cloud reports, the certification framework for Cloud security and the guidelines for SPD 2018 O.2.2.3 Cloud Security and Resilience experts group for the OES Sectors and DSPs implementing NISD for DSPs. The group is comprised by cloud providers (amazon, Google, IBM etc), certification bodies (CSA, EuroCloud etc) and public administration. The group was established in 2013 and has supported several publications like the Gov Cloud reports, the certification framework for Cloud security and the guidelines for Cloud Security and Resilience experts group implementing NISD for DSPs. The group is comprised by cloud providers (amazon, Google, IBM etc), certification bodies (CSA, EuroCloud etc) and public administration. SPD 2018 O.2.2.6 NIS Directive transposition The group was established in 2015. TRANSSEC group is an information exchange Transport Resilience and Security Expert platform that brings together experts to ensure security and resilience of Intelligent Group (TRANSSEC) Public Transports in Europe. The group provided support for the 2015 ENISA studies on Smart Cities and Intelligent Public Transport. Steve Purser 6
EXPERT GROUPS SPD OUTPUT TITLE OF OUTPUT EXPERT GROUP DESCRIPTION Group of NCSS experts established in 2014. Public officials, policy makers, from Member States (MS) and EFTA countries, that usually lead the development and Support EU MS in the development and National Cyber Security Strategies Experts implementation of NCSS in their country, support ENISA activities on the topic. The SPD 2018 O.3.1.2 assessment of NCSS Group aim of the group is to collaborate by exchanging ideas, good practices and experiences to address important issues related to national cyber security and resilience of national and international CIIs. This group represents the EU member states participating in the European Cyber Security Challenge. It consists of representatives of the relevant authorities or bodies (in some cases national authorities, in other academia) that have the responsibility at SPD 2018 O.3.3.1 Cyber Security Challenges European Cyber Security Challenge national level of conducting the national Cyber Security Challenge, and preparing the national team that represents each participating country at the European Cyber Security Challenge. This group represents the EU member states participating in the European Cyber European Cyber Security Month SPD 2018 O.3.3.2 European Cyber Security Month Security Month. It consists of representatives of the relevant national authorities that deployment have the responsibility at national level of conducting cyber exercises. This group represents the EU member states participating in the Cyber Europe SPD 2018 O.4.1.1 Cyber Europe 2018 Cyber Europe Exercise Exercise. It consists of representatives of the relevant national authorities that have the responsibility at national level of conducting cyber exercises. Steve Purser 7
Recommend
More recommend
