20
European Union Agency for Network and Information Security Cyber Threats and CIIP in Europe Dr. Evangelos OUZOUNIS Head of Unit – Secure Infrastructure and Services
European Union Agency for Network and Information Security
Cyber Threats and CIIP in EuropeDr. Evangelos OUZOUNIS Head of Unit – Secure Infrastructure and Services
2
ENISA’s activities
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
3
ENISA II – new mandate
Proposal for a NIS Directive
eIDAs Directive – article 19
EU Cyber Security Strategy (COM)
EU Cloud Computing Strategy and Partnership (COM)
Telecom Package – article 13 a, art. 4
EU’s CIIP action plan
EU Policy Context
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
4
Significant physical disasters affecting CIIs
Complex networks and services
Low quality of software and hardware
Asymmetric threats allowing remote attacks to CII
Increasing organised cybercrime and industrial espionage
Lack of international agreements and regimes
Lack of well functioning, international operational mechanism
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
Emerging Threat Environment
5
ENISA Threat Landscape 2014
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
6
20 NCSS in EU; a few under development
Different maturity levels
CIIP – key subject in NCSSs
PPPs – limited success so far
SMEs not properly covered
Overlaps in authorities and mandates
Assessment of NCSS is an issue
National Cyber Security Strategies (NCSS)
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
7
Sectors Energy ICT Water Food Health Financial
Public &
Legal
Order
Civil
Admin.Transport
Chemical &
Nuclear
Industry
Space &
Research
AU
BE
CZ
DK
EE
FI
FR
DE
EL
HU
IT
MT
NL
PL
SK
ES
UK
CH
Critical Sectors in EU28 + EFTA
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
8
FinanceTransport
Critical Information Infrastructure Protection in Europe: ENISA efforts
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
eHealth
Communication networks: Critical Information Infrastructure and Internet Infrastructure
9
Critical Infrastructures depend on Internet-enabled technologies
• Cyber attacks target critical services
• Impact on citizens in real
ENISA provides guidance for CIP and CIIP
• Evaluate critical assets
• Map assets’ exposure to threats
• Highlight specific security measures
• Help focus and prioritize investments
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
Securing EU Internet Infrastructure
Companion to your risk assessment
10
Too many Incidents – Not enough knowledge about them
Reporting incidents – key to ensure transparency and to do proper ex-post analysis
• Article 13a of the Telecom framework Directive
• Article 4 on data breaches – Telecom Package
• Article 19 on breaches of trust services – eIDAS• Future NIS Directive (affecting many sectors)
ENISA helps coordination at EU level
• Expert groups (e.g. Article 13a with NRAs and the EC)
• Definition of security objectives and measures• Publication of non-binding technical guidelines
• Publication of an annual incidents report for the Telecom sector
Only report major incidents to avoid information overhead
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
Incident Reporting
11Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
Security governance – The security triangle
Risk assessment
Security Measures Incident reporting
RA
SM IR
Incident response
Preparedness, emergencies
Information sharing
12
Key underlying infrastructure in all CIIs
“Modernised” to be used via Internet Protocol
Not business as usual for cyber security matters
Enhance ICS/SCADA security is a global effort
• Component testing
• Patch management
• Certification of cyber security skills, part of a broader cyber security policy
• ENISA guidelines for minimum security measures
Cyber security shall involve
operational personnel to top management executives
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
ICS/SCADA Security
13
Challenging area, emerging technology
• Different types of stakeholders
• Various sizes of organizations
• Not a clear view of the market
Setting baseline cyber security measures for Smart Grids
• Not an easy task
• Consensus is needed
ENISA aims to reach better harmonisation across the EU
• Collaboration with the European Commission Smart Grids Task Force (SGTF)
• Adoption by the SGTF EG2 and CEN/CENELEC/ETSI Smart Grid Coordination Group
• Practical guide to deploy baseline security measures
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
ENISA effort in Smart Grids
14
Experts from the industry
• Policy makers
• Public and private sector
Objectives
• Provide ENISA with advice and input
• Comment and validate ENISA deliverables
• Drive selected initiatives and topics
• Identify good practices
• Propose recommendations to policy makers
• Recommend R&D initiatives
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
ENISA Expert Groups
15
… like curlingCyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
16
Multiple schemes
• Private Public Partnership (eg: NIS Platform)
• Sectorial ISACs (eg: FI-ISAC)
• Trust-based groups (eg: ENISA Reference Groups)
Focus on Public Private Partnerships (PPPs)
• ENISA as a bridge between private and public sectors
• Sharing of incidents and good practices
• No fear of the regulator
PPPs to prepare for future regulation (eg: NIS Directive)
• Enhance the global level of security
• Spread investments over time• Facilitate compliance
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
Collaboration schemes in Europe
17
EuroSCSIE
EU-US WG on smart grids security
• EU-US Working Group on Cyber Security and Cyber Crime (losing momentum)
ERNCIP
• European Reference Network for Critical Infrastructure Protection
TNCEIP
• Thematic Network on Critical Energy Infrastructure Protection
DENSEK
• European Energy - ISAC
NIS platform
ENISA SISEC
• Smart Infrastructures Security Experts Community
Example: collaborations in Smart Grids
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
18
Recommendations for MS and the European Commission
• Establish and generalise incident response
• Assess the cost of security measures
• Foster public/private co-operation
• Common reference framework for harmonization
Recommendation for the private sector
• Gain awareness on critical assets and the need for CIIP
• Assess the cost of security measures
• Capitalise on existing knowledge from other sectors
• Report incidents, at national level or industry level
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
Challenges to tackle
19
Cyber attacks on CIIs is now the norm than a future trend
Failure to detect threats is often more costly than false alarms
MS and private sector, with the assistance of ENISA, should co-operate to protect CIIs
• Share experiences and information
• Develop and deploying good practices
• Collaborate to achieve EU-wide harmonization
Conclusion
Collaboration is Everything
Cyber Threats and CIIP in Europe | Dr. Evangelos OUZOUNIS
PO Box 1309, 710 01 Heraklion, Greece
Tel: +30 28 14 40 9710
www.enisa.europa.eu
Dr. Evangelos Ouzounis
