130 likes | 207 Views
EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013 ) 1 final } { COM(2013) 48 final }. Trust and Security Unit DG Communications Networks, Content and Technology. Digital Enlightenment Forum, 21 May 2014 Raffaele Di Giovanni Bezzi
E N D
EU Cybersecurity Strategy andProposal for Directive on network and information security (NIS) {JOIN(2013) 1 final}{COM(2013) 48 final} Trust and Security Unit DG Communications Networks, Content and Technology Digital Enlightenment Forum, 21 May 2014 Raffaele Di Giovanni Bezzi Policy Officer
Cybersecurity The need for further EU action Economic and social benefits of the digital world and open Internet Risks, incidents and cybercrime on the rise Cross-border/global issue Need for a comprehensive EU vision
Proposal for a Directive on NISKey elements (1/3) • Capabilities: Common NIS requirements at national level • NIS strategy • and cooperation plan • NIS competent authority • Computer Emergency • Response Team (CERT)
Proposal for a Directive on Network and Information Security (NIS) – Article 114 TFEU Key elements (2/3) • Cooperation: NIS competent authorities to cooperate within a network at EU level • Early warnings and • coordinated response • Capacity building • NIS exercises at EU level • ENISA to assist
Proposal for a Directive on Network and Information Security (NIS) – Article 114 TFEU Key elements (3/3) • Risk management and incident reporting for: • Energy – electricity, gas and oil • Credit institutions and stock exchanges • Transport – air, maritime, rail • Healthcare • Internet enablers • Public administrations
Proposal for NIS Directive State of play, legislative process • Council • European Council Oct 2013: NIS essential for completion of Digital Single Market by 2015 • Progress Report was adopted at Telecom Council December 5, 2013; • Telecom Council June 6, 2014 • European Parliament • Lead committee IMCO (ITRE and LIBE associated) voted on draft legislative resolution in January 2014 • Plenary vote took place in March 2014
EU Cybersecurity Strategy The NIS Public-Private Platform • An inclusive and multi-stakeholder platform • Driven by the participants • Identify and facilitate the up-take of risk management best practices • Draw from international standards and best practices • Cross-cutting / horizontal approach • No imposition of standards • Secure ICT research and innovation
The NIS Public-Private PlatformOrganisation of work and expected outcome • Consistent implementation of the NIS Directive • WG1: risk management • WG2: information exchange and incident coordination • First set of guidance presented in April 2014 • Provide input to the secure ICT R&I agenda at EU, national and industry level • WG3 on secure ICT research and innovation • Will produce view on secure ICT landscape and strategic research agenda in 2014
The NIS Public-Private PlatformState of Play and next steps • First plenary meeting in June 2013 • Second plenary meeting in December 2013 • Third plenary meeting 30 April 2014 • Over 200 organisations represented
EU Cybersecurity Strategy Achieving cyber resilience • Awareness raising: common responsibility • Cybersecurity month – October 2014 • Cybersecurity championship – ENISA guidelines Q4 2014 • NIS education and training • Roadmap for NIS driving licence – ENISA roadmap and self-assessment pilot in 2014
Useful links • EU Cybersecurity Strategy High-Level Conference 2014: http://ec.europa.eu/digital-agenda/en/news/eu-cybersecurity-strategy-high-level-conference-0 • Trust and Security: http://ec.europa.eu/digital-agenda/en/our-goals/pillar-iii-trust-security • Cybersecurity: http://ec.europa.eu/digital-agenda/en/cybersecurity • Digital Futures: https://ec.europa.eu/digital-agenda/en/digital-futures-objectives-and-scope • Help up improve our analysis and measurement: http://ec.europa.eu/digital-agenda/en/help-us-improve-our-analysis-measurement
Useful links • Commission proposal for a Directive on Network and Information Security: http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1666 • Impact Assessment: http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1669 • Cybersecurity Strategy of the European Union: http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1667 • Press release: http://europa.eu/rapid/press-release_IP-13-94_en.htm • MEMO: http://europa.eu/rapid/press-release_MEMO-13-71_en.htm