European Union Agency for Network and Information Security

Assessment of Standards related to eIDAS

Fri, 12/14/2018 - 16:49

While CID (EU) 2016/650 lays down standards for the security assessment of QSCDs at the time of drafting it there were no available standards for signing devices yet; consequently, a Trust Services Provider (TSP) managing signature creation data on behalf of the user was unable to support the creation of Qualified Electronic Signature and seals. In a broader context, standards for remote signing devices have yet to be developed too. There are two important use cases relating to the identified gap, namely:

  • trust service providers managing signature creation data on behalf of the user to support the creation of qualified electronic signature and seals 
  • trust service providers creating qualified electronic signature and seals on their own behalf.

In this report, ENISA presents aspects of QSCD certification and QTSP supervision to identify the way to combine respective elements therein, in line with the eIDAS requirements. In this context, this report seeks to support standards CEN EN 419 241‐2 and CEN EN 419 221‐5:2018 so that they could be referenced in an amended version of CID (EU) 2016/650. 

This report suggests that there is shared responsibility between the TSP managing the QSCD to work with appropriate TSP issuing certificates and on the issuing TSP to work with an appropriate TSP to manage the QSCD. Competent supervisory bodies retain of course their function to verify that such requirements are followed in qualified devices management and qualified certificates issuance. 

As a certain amount of coordination across stakeholders is required to achieve a global trust level, it would be pertinent to provide a way to advertise the elements of supervision. Besides the official compilation of Member States notification on secure signature creation devices (SSCDs) and QSCDs, the trusted list of the country where QTSP operates might provide an indication on the way a QSCD is managed. Alternatively, the list of notified SSCDs and QSCDs compiled by the European Commission might also be used for this purpose. Market stakeholders would benefit from further developments in this regard. 

Read the full report here: Assessment of Standards related to eIDAS


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Winners of ECSC 2018 attend ICT Exhibition

Fri, 12/07/2018 - 09:39

 

Team Germany met with representatives of ENISA, Ms. Eva Kaili, Member of the European Parliament, Ms. Mariya Gabriel, Commissioner for Digital Economy and Society, Mr. Khalil Rouhana, Deputy Director-General of DG CONNECT, and Ms. Despina Spanou, Director for Digital Society, Trust and Cybersecurity at DG CONNECT.

On 6 December at 10:30 CEST, the aims and objectives of ECSC were presented in a chat broadcasted live on Facebook. ENISA’s network and information security officer Adrián Belmonte Martín joined in the discussion, alongside Team Germany and the moderator Ewelina Jelenkowska-Luca, head of Communication at DG CONNECT. The chat is available here.

For news and updates: @enisa_eu, @CyberSec_EU, @DSMeu, #cybersecurity, #ICT2018, #ECSC2018, and #ECSC2019.

The fifth edition of ECSC was organised between 15 and 17 October 2018 in London, United Kingdom. The event brought together 170 participants, who were selected during cybersecurity challenges on a national level, to compete against each other in a pan-European spirit.

The European Cyber Security Challenge (ECSC) is an initiative of multiple European countries, supported and facilitated by ENISA, which aims at engaging cybersecurity talent across Europe and connecting the cybersecurity industry actors with high potential young talent.

The next edition of ECSC will take place between 13 and 15 October 2019 in Bucharest, Romania.

Please check www.ecsc.eu for more information.

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

More than 100 experts attend the joint NSA-ENISA Cybersecurity workshop in Bratislava

Fri, 12/07/2018 - 08:00

The workshop featured a diverse set of over 100 participants from 15 countries from academia, research, finance, energy, European Commission, JRC, etc.

2018 is the year the NIS Directive gets implemented across the EU. Most countries have already transposed the NISD in their national laws and many countries are now in the process of fine-tuning and adapting their national laws and national setup to best fit their setting. This joint NSA-ENISA workshop had a focus on critical information infrastructure protection (CIIP) and the NIS Directive.

Ratislav Janota, director of the SK-CERT, said: “Cybersecurity is a national issue and the protection of critical sectors requires a partnership with the operators of essential services. For us it is a priority to engage with industry early and often. Not only to get the right laws and supervisory mechanisms in place, but also to ensure that we take the right practical steps to improve security. This joint NSA-ENISA workshop offered a great platform for discussions and engagement. “

Evangelos Ouzounis, Head of ENISA's Secure Infrastructures and Services Unit, said: “Slovakia is one of the front-runners when it comes to implementing the NIS Directive. For us, it is a useful learning experience to speak and engage with the national CSIRTs, the national authority, and the sector here in Slovakia, about how the cybersecurity framework is developing and what the challenges are. We look forward to organising more regional workshops in other parts of Europe, to better engage with industry and local players.“

The workshop was opened with welcoming words and a keynote from the Director of the NSA Office, Blažej Lippay, pointing out the importance of cooperation in the dealing with cybersecurity incidents.

Evangelos Ouzounis welcomed the participants on behalf of ENISA and gave a keynote address giving an overview of ENISA's work in the area of critical information infrastructure protection and the NIS Directive.

Jan Adamovský, Chief Security Officer from the Slovak Sporiteľňa, gave a presentation about cybersecurity challenges in digital banking, urging better cooperation between public and private sectors.

Massimo Rocca from Enel Security and chairman of the European Energy ISAC (EE-ISAC) spoke in his keynote about the importance of sharing information based on mutual trust and the need for the energy sector to address threats and vulnerabilities pro-actively.

There were two break-out sessions with more in-depth technical discussions. One break-out session, led by Marnix Dekker, ENISA, focussed on national supervision and incident response:

- Camilla Lundahl, head of IT security at Avanza, a Swedish bank, spoke about how to work with ethical (white-hat) hackers and how to leverage their skills;

- Fernando J. Sánches Gómez, the Director of the National Centre for Infrastructure Protection and Cybersecurity, spoke about the need to consider the CIP directive, and the subsequent CIIP and NIS Directive as a whole;

- Otmar Lendl, team lead at CERT.AT, spoke about the different national and sectorial CSIRTs, cooperation techniques and how important the social contacts are in this field;

- Ratislav Janota, director of the SK-CERT, spoke about the NIS Directive implementation in Slovakia, and how to make the new NIS Directive tasks and roles useful for industry.

The other break-out session, led by Athanasios Drougkas, ENISA, focused on cross-border and cross-sector dependencies:

- Marianthi Theocharidou, from the European Commission's Joint Research Center (JRC) showcased JRC's GRAASP tool for mapping interdependencies;

- Ulrich Latzenhofer, responsible for trust services and network security at RTR, the Austrian regulator, spoke about the Austrian approach to national risk assessments;

- Marián Trizuliak, Information Security Officer at ZSD, a Slovakian energy distributor, spoke about the importance of cross-sector dependencies.

The workshop was closed with a presentation by James Caffrey, from the European Commission, who explained the overall landscape of EU cybersecurity policy and focused on EU cybersecurity funding. Mr. Caffrey also highlighted the recently opened Connecting Europe Facility (CEF) funding calls for cybersecurity, which are a key instrument in financing public and private sector organizations in the EU, supporting cybersecurity improvements and the implementation of the NIS directive.

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Join the 1st transport cybersecurity conference

Thu, 12/06/2018 - 13:55

The conference will take place at EMSA’s premises, Conference Centre Loyola de Palacio, Lisbon, Portugal. It will bring together transport ministries, Information Sharing and Analysis Centres, international organisations, private industry, regulators, academia, and the management of EU Agencies and the European Commission.

The conference will focus on:

  • The NIS Directive and the European regulatory environment;
  • Modern cybersecurity threats;
  • Information sharing: nurture further collaboration and exchange good practices.

This conference is an important part of ENISA’s work in the area of secure infrastructures and services. Notably, our agency has published several studies and recommendations on how to achieve a high level of cybersecurity for smart airports, the maritime sector, public transport, and smart cities.

In addition, ENISA is coordinating several expert groups such as Transport Resilience and Security (TRANSSEC) and Cars and Roads Security (CaRSEC), all focused on protecting and improving the safety of EU citizens.

Click here to register.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Good practices for identifying and assessing cybersecurity interdependencies

Fri, 11/30/2018 - 09:00

Yet, despite the clear need to address interdependencies as part of their overall cybersecurity risk management, organisations and National Competent Authorities (NCA) face difficulties due to the lack of suitable methods, tools, available data and expertise.

In this context, ENISA publishes today a report aiming to support OES, DSP and NCA in identifying and assessing interdependencies effectively. The report has the following objectives:

  • to provide a description of interdependencies among OES and DSP;
  • to highlight risk assessment practices for the evaluation of the potential impact of interdependencies;
  • to propose a framework for assessing interdependencies; and
  • to define good practices for assessing interdependencies.

Effective analysis of emerging dependencies and interdependencies will also support decision-makers in defining mitigation measures, thus enhancing the security of network and information systems.

In order for OES, DSP and NCA to effectively identify and assess interdependencies, a framework based on a four-phase approach appears to be a suitable way forward. Existing methods, tools and good practices for interdependencies can be mapped easily on to these four phases, based on the respective individual or sectorial specificities and needs.

The development of indicators for the interdependencies' assessment (which are mapped on to well known and widely used industry standards and frameworks) would also constitute a practical approach.

In addition to this framework, this report identifies the main challenges that OES, DSP and NCA face in identifying and assessing interdependencies, and proposes a set of practical recommendations to support the relevant risk assessment.

For the full report: Good practices on interdependencies between OES and DSPs

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA releases online NIS Directive tool showing per sector the national authorities for operators of essential services and digital service providers

Thu, 11/29/2018 - 16:31

The NIS Directive tool is intended as a one-stop shop for experts from the industry linking to relevant ENISA work, national cybersecurity strategies, the CSIRT network, and the NIS Cooperation group website.

This year all EU member states are implementing the NIS directive in their countries. The NIS Directive is the first piece of EU-wide cybersecurity legislation, proposed by the European Commission as part of the EU Cybersecurity strategy.

EU directives give EU member states flexibility to take into account national circumstances, for example to re-use existing organizational structures or to integrate with existing national legislation. That also means that the authorities and laws are different from country to country and from sector to sector. Every country designates different supervisory authorities.

For the industry and cybersecurity experts, it is important to know the relevant national authorities and laws under the NIS Directive in their subsector. This online tool takes you directly to the supervising authorities in each sector.

The tool, being sector-specific, complements the European Commission's online map showing the transposition status per EU member state. ENISA will update this tool following the developments in the EU Member States.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Finance security in the EU: ENISA hosts 21st meeting of EU FI-ISAC

Thu, 11/29/2018 - 08:59

The FI-ISAC Chairman Bruce Nikkel and FI-ISAC secretary Stephan Glaus opened the meeting by presenting new developments for the group.

More than 30 experts from banking institutions, law enforcement agencies and national CSIRTs of EU and EFTA countries, ECB, Europol and ENISA, discussed new evolutions in financial cyber environment.

Some of the topics discussed were:

  • cyber-criminal activity affecting the financial community;
  • vulnerabilities, technology trends and threats;
  • incidents and case-studies.

Highlights of the workshop include ENISA’s presentation on new ways to support ISACs in the EU, as well as interesting new developments in information sharing. In addition, representatives from other sectorial ISACs, namely energy and aviation, presented how other sectors are working towards responding to cyber-related issues.

Moreover, in relation to the finance sector, Europol presented information on the current status of cybercrime in the EU, and showcased the key findings and recommendations of its Internet Organised Crime Threat Assessment (IOCTA).

Additionally, the Greek Cybercrime unit presented the current local cooperation models between banks and law enforcement, and gave interesting examples of cases relevant for the country.

Finally, the FI-ISAC and ENISA discussed about strengthening the role and tasks between the two entities.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Information Security Audit and Self – Assessment Frameworks for operators of essential services and digital service providers

Wed, 11/28/2018 - 12:05

The report presents the steps of an information security audit process for OES, as well as of a self-assessment / management framework for DSP, as means to assess security and/or compliance with the security requirements set by the NIS Directive. The key outcome of the study is a set of good practices for audits and/or self-assessments aligned to NISD security requirements. 

One of the NIS Directive key objectives is to introduce appropriate security measures for OES, as well as for DSP, in an effort to achieve a baseline, a common level of information security in networks and information systems.

NCA will assess the compliance of OES with their obligations stemming from article 14 of the NIS Directive. For the DSP, there is no requirement for a compliance assessment; however, the member states should ensure that they take appropriate security measures. Information security audits and self–assessment / management exercises are the two major enablers to achieve these objectives.

More specifically, the report:

  • proposes steps to facilitate the audit process. The same steps are useful for the self-assessment;
  • proposes an indicative list of questions for NCA, which, together with relevant evidence, could facilitate NIS Directive compliance assessments of OES;
  • proposes an indicative list of questions, which, together with relevant evidence, could facilitate DSP’s self-assessment exercises against the security requirements of NIS Directive article 16(1);
  • presents post-audit actions for the NCA, with a view to extract benefit and/or knowledge, following an information security audit exercise; and
  • analyses leading audit and self-assessment / management frameworks, providing a mapping of those frameworks per domain of applicability i.e. in DSP, OES business environments or both.

ENISA considers this report as an integral part of its work towards a better collaboration among Member States on cyber security. In this light, the report raises awareness of the most important challenges that stakeholders will face under the spectrum of the NIS Directive requirements. 

For the full report: Guidelines on assessing DSP security and OES compliance with the NISD security requirements

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA is prepared to work closely with the stakeholders community on the proposed new Cybersecurity Certification Framework

Wed, 11/21/2018 - 15:30

This conference, which attracted an impressive line-up of experts from both the public and private sector, was a follow-up on the European Commission's proposal for a European cybersecurity certification framework under the Cybersecurity Act (CSA) Proposal and the previous ENISA conference organized on March 1st 2018 in Brussels.

Steve Purser, Head of the Core Operations Department at ENISA gave an initial welcoming speech in which he stressed the fact that ENISA has been preparing for its newly acquired role on the new Cybersecurity Certification Framework and will start work in earnest as soon as the CSA is adopted. On this note, he pointed out that the Agency would soon be publishing vacancy notices for key staff experts in this new area. He mentioned that the preparatory work with the stakeholder communities to prepare them for contributing to the first schemes has been very successful and ENISA believe that the majority of these communities are also up-to-speed and prepared to contribute.

The ability of ENISA to understand the cybersecurity certification ecosystem has been singled out as the key takeaway message from this conference. Public authorities involved are already preparing for the transition to the new framework in an effort to encapsulate important European experience in the area of information security certification to the new EU cybersecurity certification framework. Significant vertical areas likely to benefit from the new framework include Cloud Computing and IoT as the European Commission is responding to apparent industry demand. While there is plenty of work ahead for the industry, CABs and public authorities, an air of optimism prevailed in the end of the conference about the ability of the EU to reign technology challenges by means of the certification framework.  

Udo Helmbrecht, Executive Director for the Agency closed the meeting by noting that the proposed Cybersecurity Certification Framework is a unique opportunity for the EU and assuring all present that ENISA was fully up to speed with its preparations and was ‘ready to go’. In this sense, ENISA is looking forward to the conclusion of the legislative process on the Cyber Security Act, which will provide the ‘green light’ that the Agency requires in order to assist in the scope of the framework.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Telecom security in the EU: ENISA hosts a productive 26th meeting of Article 13a Expert Group

Thu, 11/15/2018 - 15:50

More than 30 experts from telecom regulators and supervisory authorities of 19 EU and EFTA countries, the European Commission and ENISA, discussed cross-cutting telecom security issues.

Highlights of the workshop include ENISA’s presentation of the new visual analysis tool, which allows stakeholders to analyse the incident reports of the last several years. In addition, the Hungarian NRA gave an overview and a demo of possible tools for proactive detection of outages; the Dutch Telecom Authority led a working discussion on outage caused by power cuts, looking in detail at scenarios and measures.

Moreover, the Maltese Telecom Authority initiated a work stream to develop a common, EU wide, model for deriving national incident reporting thresholds, with a view to the upcoming new European Electronic Communications Code (EECC).

Finally, the European Commission updated the group on the status of EECC, which is due to be adopted before the end of the year, while ENISA presented the results of two deep-dive analysis into BGP security and 5G slicing security.

This series of meetings, held three times per year, gives experts from across the EU the opportunity to discuss telecom security issues and their supervision activities. An important goal of this expert group is to exchange experience and ideas, to support a harmonised approach across the EU’s telecom sector.

Background information

The upcoming new EECC aims to align the security requirements in the EU telecom regulation with the NIS directive, and to extend the scope of EU telecom regulation. It provides the basis for a strong partnership and collaboration between different stakeholders across the EU i.e. authorities implementing the NIS Directive, telecom regulatory authorities, and the private sector. This partnership will be important to address new and emerging challenges in the EU’s telecom landscape, like the deployment of IoT and the rollout of 5G technology.

The Article 13a Expert Group was set up almost 10 years ago by ENISA, under the auspices of the European Commission, to agree on a harmonised implementation of Article 13a of the Telecom Framework Directive. This expert group discusses about how to implement security incident reporting (nationally and across the EU) and how to supervise security measures in the telecom sector. The group also exchanges experiences and lessons learned about major incidents affecting electronic communications networks and services.

The work of the Article 13a Expert Group is explained in a short video. The new visual analysis tool, showing 6 years of telecom security incidents, is available here.

For more information: http://resilience.enisa.europa.eu/article-13/

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Signing of the seat agreement between ENISA, Minister Pappas and Secretary General Maglaras on behalf of the Hellenic Authorities

Tue, 11/13/2018 - 14:50

The Seat Agreement is a document prepared by the Hellenic Authorities, which sets down the detail of arrangements for the operations of ENISA in Greece. 

At the signing ceremony, ENISA was represented by its Executive Director, Prof. Dr. Helmbrecht, and the Hellenic Authorities were represented by Minister Pappas, the Minister for Digital Policy, Telecommunications and Media.

ENISA was set up in 2004, pursuant to the EU Regulation 460/2004 and the Heads of State of the Member States agreed in December 2003 – that ENISA should be located in a location in Greece, to be determined by the Hellenic Authorities.

Udo Helmbrecht, Executive Director of ENISA said: “The signing of this Seat Agreement is an important milestone in securing the future of ENISA and is a demonstration of the Hellenic Authorities’ commitment to the success of the Agency. The conditions laid down in the agreement should help in attracting the best cybersecurity professionals in Europe to join ENISA”.

The new Seat Agreement signed today includes the following main points:

  1. The premises of the Agency shall be located in the metropolitan area of Athens, with a branch office in Heraklion Crete;
  2. The Government of the Hellenic Authorities shall do their utmost to host the Agency at premises appropriate to the effective and efficient operation of the Agency, owned by the Hellenic Republic.
  3. The Hellenic Authorities have agreed to a number of supports for staff, to encourage the best professional cybersecurity staff to work for the Agency in Greece.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Vacancy : Executive Director of the European Union Network and Information Security Agency (ENISA)

Mon, 11/05/2018 - 14:05

© Copyright: Shutterstock

This vacancy has arisen following the completion of the 10 year term by the current Director which is the maximum period provided under the ENISA founding Regulation.

About ENISA

ENISA is a modern centre of expertise in cybersecurity supporting the EU Member States, Institutions, Agencies and Bodies, as well as the private sector, with a view to increasing the resilience of the Union and thus the functioning of the Single Market.

The role

The Executive Director will lead and manage the Agency and take overall responsibility for its operations, ensuring the achievement of the Agency’s objectives. The Executive Director’s specific responsibilities will include:

  • Developing and executing the Agency’s activities in accordance with its mission and the general orientations defined by the Management Board;
  • Drafting and implementing the single programming document, including the annual work programme, and ensuring the most effective use of its resources;
  • Managing the resources of the Agency, giving particular priority to the operational part of the mission of the Agency;
  • Establishing effective cooperation between the Agency, the Commission, and the competent bodies in the Member States in its field of activities.

Place of employment: Greece

For additional information related to this position and to apply, please check the EU official journal

The closing date for applications is 27 November 2018, 12.00 noon Brussels time.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA welcomes representatives of the National Centre for Public Administration & Local Government

Fri, 10/26/2018 - 10:10

The visit, led by Demetrios Tsimaras, Coordinator of the Documentation and Innovation Unit, provided an opportunity to the future high rank officials of Greek public administration to obtain an insight of the Agency’s objectives and work.

Demosthenes Ikonomou, Head of Operational Security Unit steered the meeting joined also by other ENISA experts. The agenda covered mainly the following topics:

  • Introduction and overview to ENISA’s work and main activities as the key adviser in the network and information security area in Europe
  • National Cyber Security Strategies
  • Cyber Crisis Management and incident response handling
  • Data Protection, Standards and Certification

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

A constructive and forward looking Permanent Stakeholder Group meeting

Tue, 10/23/2018 - 14:27

ENISA´s Executive Director, Udo Helmbrecht, chaired the meeting.  The main topics covered on the agenda included:

  • The ENISA Regulation proposal: current progress and priorities
  • PSG input on Work Programme 2020 and Single Programming Document 2020-2022.

The full list of PSG members is available here. Complete information on ENISA’s PSG can be consulted here.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Looking back on European Cyber Security Challenge 2018: the afterglow of a synergetic competition

Thu, 10/18/2018 - 12:30

The event brought together 170 participants, which were selected during cyber security challenges on a national level, to compete against each other in a pan-European spirit. New participating countries during this edition were Belgium and France.

It all started 5 years ago as the European Cyber Security tournament, initiated by the European Commission, Austria, Germany and Switzerland. Since then, the competition has grown intensively, bringing together 17 countries in this year’s edition.

Head of Operational Security Unit of ENISA, Desmosthenes Ikonomou, welcomed the participants at the ECSC and greeted public officials and representatives from France, Denmark, Norway and Czech Republic: “The objectives of the ECSC are threefold: nurture young talents, promote career growth in cybersecurity and endorse national cybersecurity challenges. This challenge takes place in the context of the European Cyber Security Month (ECSM), a month dedicated to bring awareness on cybersecurity, online safety and privacy. ENISA strongly believes lifelong learning in the area of cybersecurity is a key priority for Europe and the ECSC platform enables the next generation of information security experts. ENISA is committed to continue supporting European countries in nurturing cyber security talent and contribute to closing the gender gap in cybersecurity and technology.”

During the competition, participants were asked to solve challenges that required a wide variety of technical skills, including mobile, web, forensics, and network security. In this year’s edition, a physical challenge was added as a new element that brought the participants to leave the main competition area and try to break into a bandstand where a new challenge was awaiting them.

In parallel with the ECSC, a job fair was organised in the Tobacco Dock: Cyber Re:coded. The purpose of the job fair was to bring the new cyber talent in contact with the cyber industry.                                                                                                                                 

The victorious team of ECSC 2018 is Germany, followed by France and the United Kingdom. Congratulations to all participants for the excellent work, energy and team effort. Save the Date for the ECSC 2019, which will be hosted by Cyber Challenge Romania in Bucharest from 13 to 15 October 2019.

The European Cyber Security Challenge is a project facilitated by the EU Cybersecurity Agency ENISA and the EU Member States.

For media inquiries about this event please contact press@enisa.europa.eu. Please check www.ecsc.eu for more information, or contact us at ecsc@enisa.europe.eu. For media inquiries please use press@enisa.europa.eu.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Coordinated Vulnerability Disclosure: Guidelines published by NCSC

Tue, 10/09/2018 - 16:56

© Copyright: Shutterstock

During the One Conference 2018 that took place on 2 and 3 October in The Hague, NCSC published the “Coordinated Vulnerability Disclosure: The Guideline".

The aim of the document is to improve the security of IT systems by sharing knowledge about vulnerabilities. Owners of IT systems can then mitigate vulnerabilities before these will be actively abused by third parties.

This is a revision of the guideline Responsible Disclosure from 2013.

For more information visit www.ncsc.nl

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Cross recognition of national eID schemes in the EU: one-step forward

Sat, 09/29/2018 - 09:00

Notification to the Commission is essential to ensure cross-recognition. The goal is to spearhead the use of cross border services in a range of relevant areas, like for instance, in banking, eGovernment, health care etc. These application areas can all benefit from the cross border use of eIDs issued in the country of residence of an EU MS citizen while being used to consume services across borders.

Implicitly, the advent of notified eID systems is also likely to mitigate some cybercrime threats especially those related to age limits to access particular services and protect vulnerable types of internet users such as underage persons.

In an effort to render the Digital Single Market (DSM) meaningful, the upcoming transition marks a waypoint to better services in the internal market for business and citizens alike.

As technical compatibility across various eID systems is key, the Commission has been working hard on a set of principles and guidelines on eID interoperability.

ENISA is looking forward to the likely new competence in the policy area of eID as it stems from the draft Cybersecurity Act that is currently under legislative scrutiny. This new competence will complement the role that ENISA has assumed in the area of Trust services. ENISA has been active to support the implementation of eIDAS in Trust services in a uniform manner across the MS by providing technical guidance on standards and trust services in the EU, including the reports on annual security incidents under Article 19 of the eIDAS Regulation. ENISA also seeks to stimulate discussion by means of an annual conference Trust service forum, the 4th edition of which is due in Berlin on 23 October 2018.  Additionally, particular tenets of the set of principles and guidelines on eID interoperability, point to areas such as security by design and security measures for the protection of personal data (art 32. of the GDPR), that have been part and parcel of the work of ENISA in the past few years.

The ENISA Executive Director Prof. Udo Helmbrecht, underscored that […] “much like it has done throughout its 14-year long lifespan, ENISA is prepared to make available its advice and support to the EU MS and the Commission alike in the compelling policy area of eID”.

For more information, please revert to www.enisa.europa.eu/topics/trust-services or contact us at trust@enisa.europa.eu.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Submit your paper! Annual Privacy Forum 2019: Call for papers

Thu, 09/20/2018 - 11:24

The APF 2019 will be held on 13-14 June 2019 in Rome, Italy, in co-operation with the University of Rome Tor Vergata and LUISS University.

Already in its seventh edition, the APF seeks to contribute to the implementation of information security in the area of privacy and personal data protection. The APF is set against the EU legislative background that mainly, but not exclusively, comprises the General Data Protection Regulation (GDPR) and the draft ePrivacy Regulation (ePR). The APF sets the stage for discussions of research proposals, solutions, models, applications and policies. In the last few years, the APF has also developed a deeper industry footprint, to complement its original research and policy orientation.

Papers presenting original work on the themes of data protection and privacy and their repercussions on information security technology, business, government, law, research, society and policy are hereby invited. A multi-disciplinary approach is expected and encouraged to contribute to bridging the gap across disciplines and propose new models and interpretations. The APF seeks contributions from policy makers and implementers, Data Protection Authorities, industry, research, consultants, NGOs and the civil society, as it aims at broad stakeholders’ participation that stimulate interaction and exchange of opinion.

To promote participation of young researchers, the submission of papers by students is particularly welcome. These papers will be treated as thoroughly as full papers, but can be shorter and reflect novel thinking that might not have been fully elaborated just yet.

In addition to student papers, short papers are equally invited, as this call is open to sketchy ideas, opinion or a call for collaboration.

Papers that pass reviewers’ scrutiny are likely to be included in the published proceedings, kindly supported by Springer (Lecture Notes in Computer Science series).

The deadline for submission is set to 11 January 2019.

For more information, please visit: https://privacyforum.eu/

Previous APF editions:

ENISA Annual Privacy Forum 2018: shaping technology around data protection and privacy requirements

ENISA Annual Privacy Forum 2017: security measures to bolster data protection and privacy

Privacy tools, security measures and evaluation of current technologies under the spotlight at this year’s Annual Privacy Forum

2015 Annual Privacy Forum focusing on Privacy Enhancing Technologies

Annual Privacy Forum 2nd edition starts today in Athens

Successful conclusion for the First Annual Privacy Forum

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Towards secure convergence of Cloud and IoT

Mon, 09/17/2018 - 10:40

Endpoint devices (sensors, actuators, embedded systems etc.)

In the last few years, we have witnessed a burst of Internet of Things (IoT) products and Cloud has evolved to accommodate the needs of IoT applications, providing many new features specific to aggregating, storing and processing data generated by IoT.

This work combines the existing knowledge of ENISA in IoT and Cloud security and presents an analysis of security challenges and potential security takeaways that vendors of IoT devices and Cloud Service Providers can consider. Among the security takeaways, end-to-end security and adoption of baseline security measures are the ones confirming the need for a holistic approach on security for the IoT ecosystem.

ENISA’s work on Baseline security recommendations for IoT introduced an IoT high-level reference model, which encompasses key elements that promote a significant degree of interoperability across different assets, platforms and environments for IoT. The ENISA IoT high-level reference model formed the basis for this work to divide the challenges and takeaways in three main dimensions: analysis, connectivity and integration.  

The paper includes also four attack scenarios, which highlight how these security challenges can be materialised, and concludes mapping the challenges to the security takeaways.

For more information read the full paper: Towards secure convergence of Cloud and IoT

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

2018 CEF Telecom Call– €13 million to reinforce the EU's Cybersecurity capacity

Fri, 09/07/2018 - 13:40

© Copyright: @inea_eu

CEF Telecom funding supports projects of common interest that contribute to increasing the interoperability, connectivity and deployment of trans-European digital infrastructures across the EU, improving the daily life of citizens, businesses and public administrations, and thereby contributing to the development of a Digital Single Market.

The call will allow Member States to limit the economic and political damage of cyber incidents, while reducing the overall costs of cyber security at the Member State level.

The Connecting Europe Facility (CEF); a key EU funding instrument to promote growth, jobs and competitiveness through targeted infrastructure investment at European level will be presented at the 6th ENISA NCSS Workshop in Helsinki on the 18 September 2018.

What's in for me?

The call provides for co-funding to different types of entities to develop their cybersecurity capabilities, among which:

  • Entities concerned by the Directive on security of network and information systems (the NIS Directive), specifically: national CSIRTs (Computer  Security Incident  Response  Teams), National Competent Authorities, Single Points of Contact, Digital Service Providers, and Operators of Essential Services. Proposals from Operators of Essential Services in the transport and energy sector are particularly welcome;
  • Entities dealing with Cooperative and  Connected  Automated Mobility, in order to ensure the confidentiality, integrity and availability of both the infrastructure and the enabling data for safe, efficient and intelligent mobility;
  • Public bodies with a cooperation agreement with at least eight other Member States legally established to meet  European  Union  Policy objectives associated with  Operational Level Cyber Security.

The recordings of the Virtual Info Day on the Cyber Security call and application process are available here.

Here you can find all information you need on the call, as well as relevant documents.

Who is the contact point for this call?

The Innovation and Networks Executive Agency (INEA) manages the call for proposals and follows up the technical and financial implementation of the projects with the beneficiaries, providing technical expertise and high quality programme implementation.

Follow INEA on Twitter @inea_eu & LinkedIn to stay informed about the latest call developments.

More information

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Pages