www.enisa.europa.eu
Cyber Security in Europe
Steve PurserHead of Core Operations Dept. - ENISA
www.enisa.europa.eu 2
Agenda
• About ENISA
• The ENISA Threat Landscape
• National Cyber Security Strategies
• Supporting the CERT Community
• Pan European Exercises
• Protecting EU Critical Information Infrastructure
2
www.enisa.europa.eu 3
Hands on
Policy ImplementationRecommendations
MobilisingCommunities
ENISA Activities
www.enisa.europa.eu 4
Agenda
• About ENISA
• The ENISA Threat Landscape
• National Cyber Security Strategies
• Supporting the CERT Community
• Pan European Exercises
• Protecting EU Critical Information Infrastructure
4
www.enisa.europa.eu 5
The ENISA Threat Landscape
• The ENISA Threat Landscape provides an overview of threats and current and emerging trends.
• It is based on publicly available data and provides an independent view on observed threats, threat agents and threat trends.
• Over 250 recent reports from a variety of resources have been analysed.
www.enisa.europa.eu 6
Developed
Overview
www.enisa.europa.eu 7
Agenda
• About ENISA
• The ENISA Threat Landscape
• National Cyber Security Strategies
• Supporting the CERT Community
• Pan European Exercises
• Protecting EU Critical Information Infrastructure
7
www.enisa.europa.eu 8
National Cyber Security Strategies in the EU
Source: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-in-the-world
19 EU MS have a strategy
www.enisa.europa.eu 9
High level goals
www.enisa.europa.eu 10
Long term impact
www.enisa.europa.eu 11
ENISA doctrine: NCSS Lifecycle
Design
Implement
Evaluate
Adjust2012 Good
practice
Guide
2014
Evaluation
framework
2012 Good
practice
Guide
www.enisa.europa.eu 12
Agenda
• About ENISA
• The ENISA Threat Landscape
• National Cyber Security Strategies
• Supporting the CERT Community
• Pan European Exercises
• Protecting EU Critical Information Infrastructure
12
www.enisa.europa.eu 13
CERT Community building
www.enisa.europa.eu 14
CERT Training material available
https://www.enisa.europa.eu/activities/cert/support/exercise
www.enisa.europa.eu 15
Agenda
• About ENISA
• The ENISA Threat Landscape
• National Cyber Security Strategies
• Supporting the CERT Community
• Pan European Exercises
• Protecting EU Critical Information Infrastructure
15
www.enisa.europa.eu 16
• Cyber Europe 2010– Europe’s first multinational cybersecurity exercise between
public sector agencies
• Joint EU-US Cybersecurity Exercise 2011 – First transatlantic cooperation exercise
– Table-top exercise - ‘what-if’ scenarios
• Cyber Europe 2012 – Large scale realistic cyber-crisis exercise
– Public and private sectors involved
• Cyber Europe 2014– In the strategic phase
• Joint EU-US Cybersecurity Exercise 2014/2015- In preparation phase
Cybersecurity Exercises Supported by ENISA
www.enisa.europa.eu 17
Agenda
• About ENISA
• The ENISA Threat Landscape
• National Cyber Security Strategies
• Supporting the CERT Community
• Pan European Exercises
• Protecting EU Critical Information Infrastructure
17
www.enisa.europa.eu 18
Methodologies for the Identification of Critical Information Infrastructure Assets and Services
Help MS to
• Develop methodologies for identification of CIIs assets and services
• Assess internal and external interdependencies
• Collaborate with all stakeholders
• Prepare to face future challenges
www.enisa.europa.eu 19
Critical Information Infrastructures Protection
• Energy: ICS SCADA and Smart Grids
• Finance Sector
• eHealth
• Smart Transport
• Maritime
• Telecommunications
www.enisa.europa.eu 20
Example: EU wide Security Breach Notifications
• Annual reports about large outages in EU’s telecoms
More information on http://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents-reporting
www.enisa.europa.eu 21
2nd ENISA National Cyber Security Conference
13th of May in Riga
Save the date!!
www.enisa.europa.eu 22
Conclusions
• ENISA works together with operational communities to identify pragmatic solutions to current security issues.
• We issue concrete advice on how to improve system security and which implementations to favour.
• The solutions we propose are based on industry best practice and are therefore known to work.
• By working in this way, we put security to the service of EU industry and improve the competitiveness of our industries.
www.enisa.europa.euEuropean Union Agency for Network and Information Security
Follow ENISA:
Thank you for your attention
For more information visit: http://www.enisa.europa.eu