www.enisa.europa.eu
ENISA – What’s On?
ENISA as facilitator for enhanced Network and Information Security in Europe
CENTR General Assembly, Brussels October 4, 2012
www.enisa.europa.eu
Who we are
2 • ENISA was set up in 2004 and is
placed outside Heraklion on Crete
• Around 30 security experts and 20 staff
• ENISA has an advisory role (not operational) and the focus is on prevention and preparedness. • The target group is EU
institutions, member states,
national authorities, businesses and citizens
www.enisa.europa.eu
What we do
3
Support Member States: ex support
for setting up and training CERTs.
Think tank: reports analysing data on security practices in Europe and on emerging risks. Ex cloud computing.
Facilitate cross border cooperation
Ex supporting cyber security exercises.
Act as a Forum for sharing good
practices in NIS. Ex models for public private partnerships
Ensure a coherent pan-European approach. Ex supporting the
implementation of article 13a in the Telecom Package
www.enisa.europa.eu
Botnets
Focus on botnets
• ENISA has consulted top experts from all areas of the fight against botnets,
including Internet Service Providers, security researchers, law enforcement, Computer Emergency Response Teams and anti-virus vendors
• Current estimates of the extent of
infected machines and botnet activities vary widely by up to a factor of seven
Report on:
• How to assess botnet threats and how to neutralize them
• Survey and analysis of methods for measuring botnet size
• How best to assess the threat posed by botnets to different stakeholders
www.enisa.europa.eu
Cloud Computing
Objectives for Cloud Computing at ENISA
Help governments and businesses to leverage the cost benefits of cloud computing, with due consideration of security requirements and new risks
Improve transparency on security practices to allow informed decisions
Create trust and trustworthiness by promoting best practice and
assurance standards
Report defines minimum baselines for:
Comparing cloud offers
Assessing the risk to go Cloud
Reducing audit burden and security risks
www.enisa.europa.eu
Article 13 of the Telecom reform
www.enisa.europa.eu
o Appropriate security measures
o to minimize impact of security incidents on users and
interconnected networks
o to guarantee network integrity, thus ensuring continuous
supply of service over the networks
o Incident reporting
o Providers report significant incidents with impact on
operation of services to their Regulator (NRA)
o NRA’s inform other NRA’s abroad and ENISA when cross
border incidents
o NRA’s can inform or require the provider to inform the
public when this is in the public interest
o NRA’s provide an annual summary report to ENISA and
the EC
Art 13a in the telecom package
www.enisa.europa.eu
o Two Non-binding technical guidelines for NRAs
with consensus among the NRAs:
o Minimum Security Measures
o 7 domains of measures
o ISO27K1 (subset) + BS25599
(for BCM and disaster recovery)
o Incident reporting
o Thresholds for reporting o Root cause classification o Reporting template
ENISA Technical guidelines
www.enisa.europa.eu
o Incidents with a significant impact on the
continuity of supply of electronic communications networks or services
o Services
oFixed and Mobile Telephony oFixed and Mobile Internet
o Agreed set of incident parameters and thresholds
Annual reporting
www.enisa.europa.eu
o Understand incident trends o Analyze best practices
o Provide information about the above
o Exchange experience and lessons learnt and
support knowledge transfer between NRA:s
o Issue recommendations and guidance to
stakeholders
o Develop incident scenarios for pan-European
exercises
Annual reporting
www.enisa.europa.eu
o Statistical analysis of incidents
o Overall view of resilience and security of
electronic communication networks and services
o No comparison or information about individual
providers or member states
Annual analysis by ENISA
www.enisa.europa.eu
o 11 countries reported 51 significant incidents that
occurred 2011
o Many countries adopted the legislation in July last
year
o Next year we expect the number of reports to be
10 times as many
In mid October we will publish the
aggregated analysis of the reported incidents
This year premiere for annual EU
reporting
www.enisa.europa.eu
Cyber exercises – the Big Three
Europe’s first ever international cyber security
exercise, 2010
First ever EU-US exercise, 2011. Work with Comm.
& MS to build transatlantic cooperation
Cyber Europe 2012. Developed from learning in
2010 & 2011 exercises. Involves MS, private sector and EU institutions. Highly realistic exercise, Oct 2012
Results and learning are shared with MS and
www.enisa.europa.eu
Smart Grid Security
ENISA recommendations include:
• Establishing of clear regulatory and policy framework on smart grid cyber security at national and EU level – currently missing.
• The EC, with ENISA, MS,
and private sector, should develop minimum set of security measures based on existing standards and guidelines
• EC and MS authorities should promote security certification
schemes for the entire value chain of smart grids components, including organisational security
www.enisa.europa.eu
o What do you see that
we should do next coming year?
o Do you see any
possible subjects for collaboration?
o How should we
collaborate?
To discuss
www.enisa.europa.eu 16
European Network and Information Security Agency
http://www.enisa.europa.eu
