European Union Agency for Network and Information Security

Protecting European Critical Information Infrastructures – ENISA’s ApproachDr. Evangelos OuzounisHead of Secure Infrastructures and Services

2

Securing Europe’s Information society

Positioning ENISA activities

significant physical disasters affecting CIIs

complex networks and services

low quality of software and hardware

asymmetric threats allowing remote attacks to CII

increasing organised cybercrime and industrial espionage

lack of international agreements and regimes,

lack of well functioning, international operational mechanism

Dr. Evangelos Ouzounis, Head of Secure Infrastructures and Services, ENISA

Emerging Threat Environment

EU Policy Context

EU Cyber Security Strategy (COM)

eIDAs Directive – article 19

EU Cloud Computing Strategy

and Partnership (COM)

Telecom Package – article 13 a, art. 4

ENISA II – new mandate

The NIS Directive

EU’s CIIP action plan

Dr. Evangelos Ouzounis, Head of Secure Infrastructures and Services, ENISA

The NIS Directive

Operators of Essential Services

Digital Service Providers

StrategicCooperation Network

Cloud Computing Services

Online Marketplaces

Incident Reporting

Security Requirements

NationalCyberSecurityStrategies

Tactical/OperationalCSIRT Network

Transport

Energy

Banking and Financialmarket infrastructures

Search Engines

Digital Infrastructure

Healthcare

National Cyber Security Strategies

Dr. Evangelos Ouzounis, Head of Secure Infrastructures and Services, ENISA

24 NCSS in EU; a few under development

Different maturity levels

CIIP - key subject in NCSS

PPPs - limited success so far

SMEs not properly covered

Overlaps in mandates

Assessment of NCSS is an issue

https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-in-the-world

Sectors Energy ICT Water Food Health Financial

Public &

Legal

Order

Civil

Admin.Transport

Chemical &

Nuclear

Industry

Space &

Research

AU

BE

CZ

DK

EE

FI

FR

DE

EL

HU

IT

MT

NL

PL

SK

ES

UK

CH

Critical Sectors in EU MS

Today’s challenges

Increasing reliance on communication networks

Emerging threat environment hampering the availability, integrity and confidentiality of networks based on:

• Infrastructure vulnerabilities

• Interdependencies

• Privacy concerns

http://www.enisa.europa.eu/internetcii

Current Internet infrastructure threats

Incident Reporting for the Telecom Sector

CIIP in Europe| Evangelos Ouzounis, HoU Secure Infrastructure and Services, ENISA

• Article 13a of the Framework Directive (2009/140/EC), is introduced in the 2009 reform of the EU regulatory framework for electronic communications.

• Art. 13a addresses security and integrity of public electronic communications networks and services (availability of the service).

• Art. 13a of Telecom Package: • Expert Group with all NRAs (EU and EFTA) & EC • Non-binding technical guidelines (strong adoption

among MS)• 4 years of success annual reporting from Telecoms

to NRAs and then to ENISA and EC• Impact evaluation available March 2016.

• More incident reporting schemes: • Article 4 on data breaches - Telecom Package• Article 19 on breaches of trust services - eIDAS• NIS Directive (affecting many sectors)

Total reported incidents (numeric)

51

79

90

137

Incidents reported

2011 2012 2013 2014

CIIP in Europe| Evangelos Ouzounis, HoU Secure Infrastructure and Services, ENISA

22

37

29

47

33

25

19

34

61

48 48

39

59

49

53

35

2011 2012 2013 2014

Fixed telephony Fixed internet Mobile telephony Mobile internet

Impact on services (percentage)

Emergency Communications

• Some emergency services do use data services, often on commercial networks, but data is not used between the emergency services and the public

• Inter-agency communication problems are a common issue identified in post-crisis reviews of major incidents

http://www.eurescom.eu/news-and-events/eurescommessage/eurescom-message-1-2014/celtic-project-macico.html

Good Practices for Communications during a Crisis

• National roaming could be used to improve resilience of mobile communication networks and services in case of large outages:

• Prioritize voice and SMS

• Favor open Wi-Fi as alternative solution for data connectivity

• Be prepared for an eventual mobile network outage

• Identify key people within CI services

• Use of Internet services such as social media have a part to play in crisis management, both as

• situational awareness tool

• responsive, direct communication channel between crisis managers on the ground and the public.

Conclusions

CIIP in Europe| Evangelos Ouzounis, HoU Secure Infrastructure and Services, ENISA

1Cyber attacks on and failures of CIIs now becomes quite common

2Well functioning telecommunications are necessary for the handling of such crisis

3

MS and private sector, with the assistance of ENISA, should co-operate to protect CIIs

sharing experiences and information developing and deploying good practices co-operate with NRAs to achieve EU wide

harmonization of EU regulations

4 “Collaboration is Everything”.

resilience@enisa.europa.eu

www.enisa.europa.eu/internetcii

Thank you