eu cybersecurity strategy and commission proposal for a ... · eu cybersecurity strategy and...
Post on 21-Sep-2020
3 Views
Preview:
TRANSCRIPT
EU Cybersecurity Strategy and Commission Proposal for a Directive on
Network and Information Security
LIBE, EP
Brussels, 20 February 2013
Paul Timmers,Director for Sustainable & Secure Society DG Communications Networks, Content and Technology
Cybersecurity The need for further EU action
• Economic and social benefits of the digital world and open Internet
• Risks, incidents and cybercrime on the rise
• Cross-border/global issue
• Insufficient preparedness and cooperation across the EU
• Previous initiatives: DAE, CIIP policy, EFMS, EP3R, Internal Security Strategy,European Security Strategy, EP resolutions and reports, FoP on cyber comprehensive vision needed
•Principles and values guiding EU activities
•Strengthen security and resilience of network and information systems
•Step up fight against cybercrime
•Address cyber defence and develop an EU international cyberspace policy
•Roles and responsibilities
EU Cybersecurity Strategy
EU Cybersecurity StrategyStrengthen security and resilience of network and
information systems
Security of the supply chain; integrated market for security solutions
Foster R&D
PPPs
Fighting botnets, security of ICS and Smart grids
Awareness raising
• European Cybercrime Centre Programme Board (ENISA, EUROJUST, etc)
• Support to enhance national capabilities to investigate and combat cybercrime
• Encourage swift implementation of Cybercrime directives (including current proposal)
EU Cybersecurity strategyStep up fight against cybercrime
• Capability development (detection, response, recovery)
• Synergies and dialogue between civilian and military players
• Member States, EEAS, EDA to cooperate
EU Cybersecurity strategyAddress cyberdefence
Strengthen international cooperation Promote human rights and free trade
Global norms of behaviour in cyberspace Capacity building in third countries
EU Cybersecurity Strategy Develop EU International cyberspace policy
Proposal for a Directive on Network and Information Security (NIS) – Article 114 TFEU
PREPAREDNESSNational capabilities
A high level of NIS and smooth functioning of the internal market
A CULTURE OF NIS ACROSS SECTORS NIS risk management and Public-Private cooperation
EU-LEVEL COOPERATIONcomparable capabilities and mutual trust
Common NIS requirements at national level
National NIS strategy and cooperation plan
National competent authority
Computer Emergency Response Team (CERT)
Proposal for a Directive on Network and Information Security (NIS)
Key elements (1/5)
Network of NIS competent authorities at EU level
Early warnings and coordinated response (via secureinfrastructure)
Capacity building and peer reviews
NIS exercises at EU level
ENISA to assist
Proposal for a Directive on Network and Information Security (NIS) – Article 114 TFEU
Key elements (2/5)
Early warnings on risks and incidents:(a) grow rapidly or may grow rapidly in scale;(b) exceed or may exceed national response capacity;(c) affect or may affect more than one Member State.
When relevant, also to inform the European Cybercrime Centre
Coordinated response – on the basis of the European NIS cooperation plan
Proposal for a Directive on Network and Information Security (NIS) – Article 114 TFEU
Key elements (3/5)
• Extension of telecom framework directive scheme - Risk management and incident reporting to competent authorities for: Energy – electricity and gas Credit institutions and stock exchanges Transport – air, maritime, rail Healthcare Enablers of key Internet services Public administrations
Complementarity with Directive on European Critical Infrastructure – 2008/114/EC
Proposal for a Directive on Network and Information Security (NIS) – Article 114 TFEU
Key elements (4/5)
• Risk management Dynamic process No mandated standards Only proportionate measures
• Incident reporting Only incidents with significant impact on core services Guarantees for business (confidentiality rules and recital on vulnerabilities)
Proposal for a Directive on Network and Information Security (NIS) – Article 114 TFEU
Key elements (5/5)
EU Cybersecurity StrategyFostering R&D
•Follow-up in Council (respective configurations; TTE CWG for NIS Directive; FoP to steer) and in the European Parliament
•Implementation report of the Strategy (early 2014) + Annual Conference on Cybersecurity
EU Cybersecurity Strategy Roadmap
Thanks!
• Digital Agenda for Europe: http://ec.europa.eu/digital-agenda/
• Trust and Security: http://ec.europa.eu/digital-agenda/en/our-goals/pillar-iii-trust-security
• Cybersecurity: http://ec.europa.eu/digital-agenda/en/cybersecurity
• Digital Futures: https://ec.europa.eu/digital-agenda/en/digital-futures-objectives-and-scope
• Help up improve our analysis and measurement: http://ec.europa.eu/digital-agenda/en/help-us-improve-our-analysis-measurement
Useful links
• Commission proposal for a Directive on Network and Information Security: http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1666
• Impact Assessment: http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1669
• Cybersecurity Strategy of the European Union: http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1667
• Press release: http://europa.eu/rapid/press-release_IP-13-94_en.htm
• MEMO: http://europa.eu/rapid/press-release_MEMO-13-71_en.htm
Useful links
top related