European (multi-layered) dialogue on cyber security 4ª ... · Cybersecurity package is a...
Transcript of European (multi-layered) dialogue on cyber security 4ª ... · Cybersecurity package is a...
European (multi-layered) dialogue on cyber security4ª Conferenza nazionale Cyber Security Energia
Danilo D’EliaPolicy Manager - ECSO - 15th November 2017 – Rome-
➢ Global trends• Digitalisation is already there !• Cyber risk and cyber threats are very diverse• Some examples and figures
➢ Cyber-insecurity by design• Regulations have evolved, paving the way to improved cybersecurity• …but still looking for trusted supply chain• And the EU market is not - yet - structured
➢ ECSO as cooperation platform • A unique PPP Association• Governance• WG3 Verticals
Content
Digitalisation is already there !
Global trends
Source: https://icsmap.shodan.io/
Cyber risk and cyber threats are very diverse
Intangible assets growing and vulnerable• Human Capital• Hacking of computer systems, software or code• Reputations & brands• Theft of intellectual property or trade secrets
Business disruption• Small events big economic and reputational losses• Financial loss without physical damage• Extended supply chain risk (just-in-time, virtual factories, IT
providers)
Internet of Things creates product risks and may shift liability• Autonomous car technology• Industrial control malfunctions• Wearable devices
Global trends
Source: SCOR 2017
Since 2008 a steady progression in the severity and scale of cyberattacks on critical infrastructures
Sabotage: 2008 (Baku-Tbilisi-Ceyhan oil pipeline TBC) 2010 (Natanz-Stuxnet), 2012 (Aramco-Shamoon), 2015 &2016 (Ukraine’s power grid-BlackEnergy ), 2016 MIRAI IoT botnet (?)
Economic espionage & data theft : 2012 (Telvent-Canada) 2013-2014 (EnergeticBear/ Dragonffy >1000 targets inEU/US), 2014 (Korea Hydro&Nuclear Power)
Criminality : 2015 (Sabella-FR)
General trend:• Since 2011 malwares has been found searching the Internet for locations of particular brands of industrial
control equipment, in particular in energy sector• Cyberattacks on critical infrastructure have also become associated with political and even military conflict• Growing operational and financial costs
Source: Sentryo Blog , CLUSIF 2017, SANS.
Global trends
Upcoming EU regulation is expected to be a catalyst for acceleratedgrowth of Cyber in Europe - 1
Upcoming EU regulation is expected to be a catalyst for acceleratedgrowth of Cyber in Europe -2
Directive on Security of Network and Information Systems (6 July 2016- May 2018)Strategic objective : to achieve a high common level of security of network and information systems within the EU.A multi layered approach by placing obligations on all stakeholders (but missing link to regions and even cities ! )
1- Improved cybersecurity capabilities at national level• Establish a national NIS strategy and regulatory measures to achieve network security• Establish a competent authority to monitor the application of NIS Directive in their territory• Designate one or more Computer Security Incident Response Teams (CSIRTs) responsible for monitoring incidents,
providing early warning, responding to incidents, providing dynamic risk and incident analysis and situational awareness, participating in the network of the national CSIRTs
2- Increased EU-level cooperation• Establish a Cooperation Group, to support and facilitate strategic cooperation and the exchange of information among
MS and to develop trust and confidence• Establishes a network of the national CSIRTs
3- Risk management and incident reporting obligations for operators of essential services and digital service providers• Preventing risks: Technical and organisational measures that are appropriate and proportionate to the risk.• Ensuring security of network and information systems: The measures should ensure a level of security of network and
information systems appropriate to the risks.• Handling incidents: The measures should prevent and minimize the impact of incidents on the IT systems used to
provide the services.
Survey
What are operators of essential services ?“Operators of essential services are private businesses or public entities with an important role for the society and economy. Each Member State will identify the entities who have to take appropriate security measures and to notify significant incidents by applying these criteria:
(1) The entity provides a service which is essential for the maintenance of critical societal/economicactivities;(2) The provision of that service depends on network and information systems; and(3) A security incident would have significant disruptive effects on the provision of the essential service.
How many operators are present in the room ? National European Global
How many cybersecurity providers are present in the room ? National European Global
How many IT/OT providers are present in the room? National European Global
Bonus How many regions?
2017 EU strategy on cybersecurity
Cybersecurity package is a comprehensive work including :
• Joint Communication 'Resilience, Deterrence and Defence: Building strong cybersecurity for the EU’
• Proposal for a Regulation on ENISA, the "EU Cybersecurity Agency", and on Information and Communication Technology cybersecurity certification (''Cybersecurity Act'').
• Commission Recommendation on Coordinated Response to Large Scale Cybersecurity Incidents and Crises
• Communication "Making the most of NIS – towards effective implementation of Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union
• Commission staff working document assessment of the EU 2013 cybersecurity strategy• Proposal for a Directive on combating fraud and counterfeiting of non-cash means of payment• Report assessing the extent to which the Member States have taken the necessary measures in
order to comply with Directive 2013/40/EU on attacks against information systems.Total pages: 562
Key elements of 2017 EU strategy oncybersecurity
• From reactive to pro-active and cross-policy approach bringing various work streams together to build EU's strategic cybersecurity autonomy
• Improving resilience and response by boosting capabilities (technology/skills), ensuring the right structures are in place and EU cybersecurity single market functions well
• Stepping up work to detect, trace and hold accountable those responsible for cyber attacks
• Strengthening international cooperation as a platform for EU leadership on cybersecurity
• Involving all key actors -the EU, Member States, industry and individuals to give cybersecurity priority it deserves
Key elements of 2017 EU strategy on cybersecurity
Three main areas
Source: EC DG CONNECT
Industrial cybersecurity challenges in Europe
• Global cybersecurity and ICT market dominated by global suppliers from outside Europe.
• Innovation led by imported ICT products.
• Strategic supply chain dependency.
• Mature commodity market; professional applications under development / evolution (e.g.Digitizing European Industry)
• Market fragmentation.
• Innovation: strong in Europe but not always properly funded due to a lack of a consistenttransnational approach and global EU strategy. Results of Research and Innovation arehardly reaching the market.
• Weak entrepreneurial culture, lack of venture capital.
• European industrial policies not yet addressing specific cybersecurity issues.
• Human factor.
• Sovereignty.
« Cyber-insecurity by design »
AIM1. Foster cooperation between public and private actors at early stages of the research and
innovation process in order to allow people in Europe to access innovative and trustworthyEuropean solutions (ICT products, services and software). These solutions take intoconsideration fundamental rights, such as the right for privacy.
2. Stimulate cybersecurity industry, by helping align the demand and supply sectors to allowindustry to elicit future requirements from end-users, as well as sectors that are importantcustomers of cybersecurity solutions (e.g. energy, health, transport, finance).
3. Coordinate digital security industrial resources in Europe.
BUDGETThe EC will invest up to €450 million in this partnership, under its research and innovationprogramme Horizon 2020 for the 2017-2020 calls (4 years). Cybersecurity market players areexpected to invest three times more (€ 1350 mln: leverage factor = 3) to a total of €1800 mln.
About the cyber cPPP3
A DOUBLE APPROACH, BEYOND TRADITIONAL EC PPPs: LINKING RESEARCH AND CYBERSECURITYINDUSTRIAL POLICY
The cPPP will focus on R&I, developing a SRIA and supporting its implementation in the H2020 WorkProgramme
The ECSO Association will tackle other industrial policy aspects for the market and the industrial / economicdevelopment
ECSO will support the development of the European cybersecurity industry and EU trusted solutions, includingcooperation with Third Countries.
REFERENCE DOCUMENTS1. Industry proposal2. Strategic Research and Innovation Agenda (SRIA) proposal (already evolving)
4About the cyber cPPP
ECSO membership
• Associations : 21
• Large companies and users: 70
• Public Administrations: 15
AT, BE, CY, CZ, DE, EE, ES, FI, FR, IT, SK, FI, NL, NO, PL,
UK + observers at NAPAC (BG, DK, HU, IE, LT, LU, LV,
PT, RO, SE, SI, MT, …)
• Regional clusters: 3
• RTO/Universities: 55
• SMEs: 54
Looking for increased membership from users /
operators ISRAEL 2
ITALY 30
At the time of the signature ceremony of the PPP contract (5th
July 2016), ECSO counted 132 founding members. Now we are
218 organisations (on November 13th 2017) from 28
countries and counting
15
European Cybersecurity Council(High Level Advisory Group: EC, MEP,
MS, CEOs, …)
ECS - cPPP Partnership Board (monitoring of the ECS cPPP - R&I priorities)
EUROPEAN COMMISSION
ECSO –Board of Directors(Management of the ECSO Association: policy/market actions)
R&I
ECSO General Assembly
INDUSTRIAL POLICY
Coordination / Strategy Committee Scientific & Technology Committee
WGStandardisation /
certification / labelling / supply
chain management
WGMarket deployment
/ investments / international collaboration
WGSectoral Demand
(market applications)
WGSupport to SMEs
and regions
WGEducation,
training, exercise, raising awareness
WGSRIA
Technical areas Products
Service areas
SME solutions / services providers;
local / regional SME clusters and
associations Startups, Incubators / Accelerators
Large companies Solutions / Services Providers; National
or European Organisation / Associations
Regional / Local administrations (with economic
interests); Regional / Local Clusters of Solution / Services providers or users
Public or private users /
operators: large
companies and SMEs
National Public Authority
Representatives Committee R&I Group /
Policy Advisory Group (GAG)
Others (financing
bodies, insurance,
etc.)
Research Centers (large and
medium / small), Academies /
Universities and their Associations
Governance
ECSO working groups
WG 1StandardisationCertification /
Labelling / Supply Chain Management
WG 2Market development /
Investments
WG 3Sectoral demand
(vertical market applications)
WG 4Support SME, coordination with countries (in particular
East EU) and regions
WG 5Education, training,
awareness, exercises
WG 6SRIA
Technical areasProducts
Services areas
WGs update
– WG1 - standards / certification / label / trusted supply chain (128 members with 264experts): Initial positions for an EU certification framework: State of the Art (SOTA), Challengesrelevant to the industrial sector (COTI), Meta-Scheme for EU certification. Initial cooperation(MoU) on standards with CEN/CENELEC – ETSI. Contact: [email protected]
– WG2 - market / funds / international cooperation / cPPP monitoring (72 members with 137experts): Market analysis: Support Cybersecurity Industry Market Analysis (EC funded CIMAproject). Market investments: initial discussions with banks, insurances and investment funds.Investments for start-ups: support to national public and private bodies to understand anddevelop an EU approach. International cooperation: dialogue with US admin.; involvement viamembers in EC CSA projects (Japan and US). Contact: [email protected]
– WG3 - verticals: Industry 4.0; Energy; Transport; Finance / Bank; Public Admin / eGov;Health; Smart Cities; Telecom/Content/Media (115 members with 227 experts): State of theArt under finalisation; initial dialogue with ISACs (finance, energy) for exchange of informationacross operators; support to NIS Directive implementation. Contact: [email protected]
– WG4 - SMEs, Regions, East EU (69 members with 121 experts): SME – Position paper (roleof SMEs in the cybersecurity ecosystem); suggestion for an SME hub / Platform and a EU“ECSO Quadrant” scheme; REGIONS: – partner in proposals for INTERREG andInterregional cooperation in cybersec domain; EAST EU REGION: just started – envisaginghow to better support users and suppliers in East EU. Contact: [email protected]
– WG5 - education, training, awareness, cyber ranges (90 members with 181 experts):Initiation of a EHR-4CYBER Network to share best practices on training, harmonise courses,identify job needs; mapping of educational and professional training courses; startedtackling gender issue on education & training to increase number of cyber experts.Contact: [email protected]
– WG6 - Strategic Research and Innovation Agenda (147 members with 320 experts):Identification of research priorities for EC programmes: SRIA (Strategic Research &Innovation Agenda) priorities well incorporated in the 2018-2020 work programme ofH2020. Analysis to review technology and needs evolution in the next 10 years. Link withother PPPs to coordinate objectives (BDVA, EFFRA, 5G). Contact: [email protected]
WGs update
WG3: Verticals / Sectoral Demand
• Digitalisation of the European Industry (including Industry 4.0)and ICS;
• Energy (oil, gas, electricity), and Smart Grids;
• Transportation (road, rail, air, sea, space);
• Banks and Financial Services, ePayments and Insurance;
• Public Services, eGovernment, Digital Citizenship;
• Healthcare;
• Smart Cities and Smart Buildings (convergence of digitalservices for Citizens) and other Utilities;
• Telecom, Media and Content
Purpose and Approach
• Identification of user/market needs
• Assess vertical sectors challenges and impact
– Understand market needs (e.g. demand driven requirements, threats, functional requirements, ecosystem impact etc.)
– Influence EU instruments on research and/or policy issues by input to other ECSO WG’s and other means as appropriate inthe scope/constitution of ECSO SU-DS04-2018-2020: Cybersecurity in the Electrical Power and Energy System (EPES): anarmour against cyber and privacy attacks and data breaches (40M€)
– Drive well founded sector impact into other ECSO WGs
WG3 planning for 2017
• Current SOTA drafts describe the sector and its challenges
• Further in depth refinements on SOTA’s, including input on enablement needs plus transversal aspects
• Interactions with vertical organisations, ENISA, Europol and connected ECSO WG’s (1,2,5,6)
• User engagement, i.e. through workshops (activity to be continued in Q1-2018)
• Support to implementation of the NIS Directive
WG3: Verticals – activity update
SOTA and workplan
• State of the Art deliverable being drafted (per sector), chapters 1-4 (stage 1) to be finalised by end of year
– Chapter 1: Landscape
– Chapter 2: User engagement
– Chapter 3: Sector specificities (challenges)
– Chapter 4: Market study
• Market Studies from SOTA’s to be shared with WG2. Initial exchange of views on taxonomy has already taken place
• Next steps for SOTA’s: Standardisation/Certification needs (link to WG1), Research needs beyond 2020 (link to WG6), and Education &training needs (link to WG5)
• WG3 will set up a joint meeting with WG1 asap to have an initial exchange of views on how to collaborate and consolidatestandardisation/certification needs from different sectors
• Matrix being developed for the transversal assessment of SOTA’s, i.e. on platforms and commonalities
• Engagement with users initiated through workshops, meetings with sectoral associations, etc. More sector workshops (i.e. energy,healthcare) to be organised in Q1 2018.
• SubWG meetings ongoing to define detailed needs / objectives / actions. Initial meetings with different Directorate Generals at theEuropean Commission (ICT, energy, transport, internal security, etc.) to better define technology priorities
• WG members to be surveyed on sector demands for ISAC’s (needs, appropriate structure, etc.).
Key Take-aways
1. Cyber Threat landscape is undergoing tremendous changes in nature, frequency and size ofrisks
2. Need for economic and regulatory incentives to better invest in security
3. Need for a multi layered cooperation to develop a trusted supply chain for sectoralapplications where Europe is a leader
4. Build the conditions of a trusted dialog among the stakeholders
CONTACT US
European Cyber Security Organisation 10, Rue Montoyer1000 – Brussels – BELGIUM
E-mail: Ms. Eda Aygen Head of Communications & Advisor to the [email protected]
Follow us Twitter: @ecso_eu
Phone:+32 (0) 27770256
www.ecs-org.eu