European Union Agency for Network and Information Security

ENISA participates at IMCO Committee Meeting

Wed, 06/24/2015 - 10:19

ENISA’s Udo Helmbrecht, participated on June 23rd2015, at the IMCO Committee meeting in Brussels, in an exchange of views on the public interest information platform of the Universal Service Directive.

Focus was placed on gaining the involvement of citizens on online security. Within this context ENISA’s involvement in the European Cyber Security Month (ECSM) was demonstrated in the joint activity of DG CONNECT and ENISA advocating online security. A report on the deployment of the European Cyber Security Month presents its preparatory work, gives an objective evaluation, and draws upon the conclusions that can be used in future editions of the ECSM. In numbers, we witness an increase in the countries involved and the number of online followers via the social media (twitter). In particular, in 2014 the ECSM achieved a peak in media reach, with 40 million online users, 300 Tweets and good interactivity. Furthermore, more activities and related material has been generated, while participants at kick-off have doubled.

 

Next steps aim at making online privacy tools available for the general public. The initiative is a joint collaboration of EU experts ranging from academia, the public and private sector. In addition ENISA is developing a study - to be available by the end of 2015 - performing a state-of-the-art review of existing initiatives promoting online privacy tools, along with a feasibility analysis and development of a pilot plan.

During a fruitful discussion at the IMCO meeting, Udo Helmbrecht gave an insight into aspects of ENISA’s work programme such as deciphering the cyber threat landscape, privacy and data protection, secure cloud adoption, standardisation, securing the finance sector, and activities supporting the Member States such as CERTs capacity building, Cyber Europe and supporting EU policy and law on NIS. 

The meeting was broadcast live and is available via the European Parliament multimedia library.

Speech by Udo Helmbrecht at IMCO 

Background:

Directive 2002/22/EC of the European Parliament and of the Council of 7 March 2002 on universal service and users' rights relating to electronic communications networks and services (Universal Service Directive). The Universal Service Directive is part of the "Telecoms Package" which, together with four other directives, aims to recast the existing regulatory framework for telecommunications and to make the electronic communications sector more competitive.

ECSM: European Cyber Security Month (ECSM) is a European Union advocacy campaign that takes place in October. ECSM aims to promote cyber security among citizens, to change their perception of cyber-threats and provide up to date security information, through education and sharing good practices

 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Workshop today on the Protection of Electronic Communications Infrastructure and Information Sharing

Tue, 06/16/2015 - 09:53

A half day conference is taking place today in Bucharest, focusing on Electronic Communications Infrastructure and Information Sharing.         

The workshop, organised by ENISA, is aimed at Member States and policy makers, electronic communication providers,civil work companies, users and developers of such tools.

During the event presentations will address the protection of underground infrastructure and existing tools, as well as look into the evolution of these tools and  information sharing. Two parallel panels will examine:

Panel 1:Discussion on information sharing, cross-border issues and collaboration, use-cases

Panel 2:Q&A session on DIO for Information Sharing

Workshop agenda is available here.

Background:
Information sharing is very important to prevent future incidents that can impact network and information security.ENISA has analysed the solutions deployed in several Member States across the EU in its report “Protection of Underground Electronic Communications Infrastructure”. Moreover, specific tools such as DIO allow operators to inform about disruptions among themselves and share information in a standardised manner.

 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

The EU28 Cloud Security Conference to take place in Riga

Tue, 06/16/2015 - 08:36

On June 16, in Riga, the Ministry of Defence of the Republic of Latvia and the European Union Agency for Network and Information Security (ENISA) will organise the EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union. The participants of the conference will discuss the cloud security in the two parallel tracks: ‘Legal & Compliance’ and ‘Technologies and Solutions’.

Discussing the ‘Legal & Compliance’ track, participants will address topics like cloud certification, cloud services procurement, security standards, data protection and trans-border data access, while talking about the ‘Technologies & Solutions’ track, participants will focus on encryption in clouds, big data, evolution of cloud computing, cloud forensics, research, development and innovation.

Jānis Sārts, the State Secretary of the Ministry of Defence of the Republic of Latvia and professor Udo Helmbrecht, the Executive Director of the ENISA will open the conference. Keynote speeches will be given by the high-level representatives of the European Commission, industry and academia.

“Nowadays governments, businesses and private individuals increasingly recognize the benefits of cloud services, thus leading to increase in deployments and usage. The EU28 Cloud Security Conference will try to address the security challenges posed by cloud services, as well as to provide a realistic view on our preparedness,” says J.Sārts.

“Cloud computing is becoming the backbone of the EU’s digital economy. It represents an opportunity which needs trusted and secure cyberspace. Cloud supporting critical infrastructures is a reality: every day more banks, hospitals, telecommunications are adopting to the cloud model. The cybersecurity aspects involved cannot be underestimated in the context of an effective Digital Single Market. We must act decisively by removing barriers to cloud adoption and implementation in the public, government and private sector. Our presence at this event is to support activities in this direction,” says professor U.Helmbrecht.

The conference will gather the audience of 150 governmental and corporate decision-makers, representatives from the EU institutions and agencies, research and development managers, cyber security practitioners and researchers.

The EU28 Cloud Security Conference will be live streamed in the home page of the Ministry of Defence of the Republic of Latvia: http://www.mod.gov.lv.

Cloud services are designed to provide easy, scalable access to applications, resources and services, and are fully managed by a cloud services provider. They can dynamically scale to meet the needs of its users, and since the service provider supplies the hardware and software, there is no need for a company to provide or deploy its own resources, or allocate IT staff to manage the service. Examples of cloud services include online data.

As cyber issues are taking an increasingly greater role in today’s security agenda, the Latvian Presidency of the Council of the European Union in the first half of 2015 has set the Digital Europe as one of three policy priorities. Cyber security and defence form an inherent part of this priority. The findings of the event will be presented at the Digital Assembly that will take place on June 17-18 in Riga.

The European Union Agency for Network and Information Security (ENISA) is a centre of expertise for cyber security in Europe. ENISA supports the EU and the Member States in enhancing and strengthening their capability and preparedness to prevent, detect and respond to network and information security problems and incidents.

The programme and the list of confirmed speakers of the EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union is available in the ENISA home page.

Stay updated through the official Twitter accounts of the Ministry of Defence of the Republic of Latvia @AizsardzibasMin and the European Union Agency for Network and Information Security @enisa_eu , and using hashtag #CSCRiga15.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA workshop for the Trust Services Market on June 30th

Mon, 06/15/2015 - 15:38

ENISA is organising a workshop for the Trust Services market in Brussels on June 30th, 2015.The main objectives of the workshop will be:

  • To share good practices and experience as well as views on various aspects of the Implementation of eIDAS by the concerned stakeholders and their compliance to EU legislation
  • To understand the priorities and needs of trust service providers in the development of the eIDAS Regulation.
  • To exchange ideas on the positions of the different stakeholders in aspects like standards, certification, qualification, etc.
  • To discuss strategies to promote the use qualified trust services in Europe.

 

The provisional agenda can be found here.

Registration is now open and free.Please register here.

ENISA, in collaboration with the European Commission, will launch in 2015 a Forum to bring together the three stakeholder communities in the qualified trust service market, namely: trust service providers, conformity assessment bodies and supervisory authorities.The creation of this Forum is motivated by the need for a place for open discussion which has arisen with the entry into force of the Regulation 910/2014 on electronic identification and trust services for electronic transactions in the internal market.

The Forum will become a platform to discuss these and other related aspects. During its first edition, the current key topics in the development of secondary legislation on the eIDAS Regulation will be discussed through panels and breakout sessions.

For more detailed information please visit the dedicated event page

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Call to participate in the EU28 Cloud Security Conference

Mon, 06/15/2015 - 13:56
 

Prior registration in order to participate in the conference is mandatory. Please, register before June 11 in the home page of the European Commission.

Discussing the ‘Legal & Compliance’ track, participants will address topics like cloud certification, cloud services procurement, security standards, data protection and trans-border data access, while talking about the ‘Technologies & Solutions’ track, participants will focus on encryption in clouds, big data, evolution of cloud computing, cloud forensics, research, development and innovation.

Jānis Sārts, the State Secretary of the Ministry of Defence of the Republic of Latvia and professor Udo Helmbrecht, the Executive Director of the ENISA will open the conference. Keynote speeches will be given by the high-level representatives of the European Commission, industry and academia.

The conference will gather the audience of 150 governmental and corporate decision-makers, representatives from the EU institutions and agencies, research and development managers, cyber security practitioners and researchers.

The programme and the list of confirmed speakers of the EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union is available in the ENISA home page.

Cloud services are designed to provide easy, scalable access to applications, resources and services, and are fully managed by a cloud services provider. They can dynamically scale to meet the needs of its users, and since the service provider supplies the hardware and software, there is no need for a company to provide or deploy its own resources, or allocate IT staff to manage the service.  Examples of cloud services include online data.

As cyber issues are taking an increasingly greater role in today’s security agenda, the Latvian Presidency of the Council of the European Union in the first half of 2015 has set the Digital Europe as one of three policy priorities. Cyber security and defence form an inherent part of this priority. The findings of the event will be presented at the Digital Assembly that will take place on June 17-18 in Riga.

For more information: EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA’s Udo Helmbrecht at the EU Cybersecurity Strategy Conference

Thu, 05/28/2015 - 08:25

ENISA’s Executive Director Udo Helmbrecht participates at the 2nd High Level Conference on EU Cybersecurity, organised by the European Commission, taking place today 28th May 2015, in Brussels.

Udo Helmbrecht will be moderating the panel discussion on “the realities of network and information security”. The panel will examine the growing importance of securing networks and information systems which is critical for ensuring the proper functioning of infrastructures and businesses alike. The panel will look into the challenges for ensuring cyber resilience, preventing and responding to cyber incidents in governments and the private sector, while also addressing the legislative developments in the area, and examine opportunities for cooperation*.

The event will also focus on the following areas:

  • Making the EU an industrial leader in trustworthy ICT
  • Building Capacity to fight cybercrime and strengthen cybersecurity in the EU and beyond
  • Achievements of the EU Cybersecurity Strategy, the challenges and opportunities ahead

 

Udo Helmbrecht said: “The event is an excellent opportunity to discuss the challenges on cyber resilience, explore whether we are doing enough and how to bring forward the cooperation between the public and the private sector. An important aspect to look into is how we involve SMEs to become more effective in this area. For the EU to become the single market of choice for governments and industry, it is necessary to have trusted core NIS technologies and services for industry and citizens. The recently published DSM offers opportunities to businesses to make use of the benefits of the EU’s internal market. ENISA with its expertise is in the unique position to contribute and address the needs for high level online network security”.

 

Background:

The event aims to provide an overview of the state of play of the implementation of the five main priorities of the EU Cybersecurity Strategy and showcase highlights of its main actions. The conference will be an opportunity to explore the way forward regarding the proposal for a Network and Information Security Directive, the EU cybersecurity industrial strategy and the next steps for capacity building for cyber defence and fighting cybercrime (*source Digital agenda for Europe)

The EU Cyber Security Strategy was presented by the Commission and the HR/VP in 2013.

Related documents:

ENISA welcomes the Commission initiatives on the Digital Single Market for Europe

ENISA on EU cyber security at Parliament’s SEDE Committee

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Conclusion for the European Public-Private Partnership (PPP) for Resilience scheme

Wed, 05/27/2015 - 08:53

This report analyses the opportunities and challenges of the first European public-private partnerships in the field of network and information security and resilience in Europe: the European Public-Private Partnership for Resilience (EP3R), in which mainly participated stakeholders belonging to the Telecom and Information Technology sectors.

The report aims to define:

  • The affinity of respondents with security and resilience issues and their impact
  • The outcomes of PPPs in the Telecom and Information Technology sectors in comparison with those focused on other sectors (e.g. transport, energy, health, finance)
  • The needs for a public-private partnership to improve network and information security and resilience at a pan-European level
  • Other network and information security and resilience initiatives in the area of CIIs (different from the EP3R)
  • Security and resilience issues related to CIIs as strategic assets of the European economy

 

The results confirm that the PPP approach is not equally distributed both in considered sectors and in the Member States. Among the advantages is the opportunity to exchange information, knowledge, expertise and good practices (25%), the opportunity to influence the decision making process (16,10%) and effective networking opportunities (17,90%). Factors impeding participation in these cooperation initiatives is because it’s uncommon in their sector of activity (35, 7%) or because these initiatives are not used in the countries in which the organisation operates (20%).

The EP3R participants initiated many discussions, saw a lot of commitment, and produced interesting conclusions. The scheme proved appropriate for addressing complex cooperation problems within multi-stakeholder scenarios and cooperation issues in security and resilience. It also revealed some further needs in security and resilience, and the gaps to be filled in order to reach a higher maturity level of the Telecom Sector. Key recommendations for the future include four main points:

  • Implement agile PPPs which can adapt to new needs and topics;
  • Incentivise Industry initiatives;
  • Define simple but formal rules and governance;
  • Publish and advertise successful results

 

The EP3R (European Public-Private Partnership for Resilience) was established in 2009 and was the very first attempt at Pan-European level to use a Public-Private Partnership (PPP) to address cross-border Security and Resilience concerns in the Telecom Sector. In 2011 ENISA published a Good Practice Guide on Cooperative Models for Effective PPPs and implemented the suggested features in the EP3R for the second half of its existence.


For full report: EP3R 2009-2013 Future of NIS Public Private Cooperation

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Updated CCSL with new scheme

Mon, 05/25/2015 - 15:10

The Cloud Certification Scheme List (CCSL) is updated with new schemes mapping all their security objectives against the 27 Security Objectives of the CCSM. CCSL and CCSM tools help the cloud user understand what certification against a specific scheme encloses, and the providers to take informative decisions on cloud security implementations.

To check out the newly listed certification scheme please visit: https://resilience.enisa.europa.eu/cloud-computing-certification/list-of-cloud-certification-schemes/code-of-practice

 

About the CCSL:

Since last year ENISA has been working, together with the Cloud Select Industry Group on Certification Schemes and the European Commission, and produced 2 tools to help customers with cloud security. This work is part of the EU Cloud Strategy. The first tool, CCSL, is a list of (existing) information security certification schemes. CCSL was launched last year and is accessible online . CCSM is the second tool, and extension of CCSL.


 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Annual Privacy Forum 2015: Call for Papers and latest news

Mon, 05/25/2015 - 13:30

The Annual Privacy Forum (APF) meeting will be taking place on the 7th and 8th of October 2015 in Luxembourg, during its Presidency of the Council of the EU.  This year, the main focus of the APF will be on privacy of electronic communications.

Current open calls:

  • Call for papers:  papers particularly welcome are those which explicitly illustrate how the presented work can contribute to bridging the gap between research and policy, as well as multidisciplinary papers regarding the technological, legal and societal aspects of privacy. 
  • Call for opinion papers: to encourage contributions from policy makers, representatives of competent authorities (such as Data Protection Authorities), industry experts, NGOs and civil society associations, are invited to submit opinion papers on the above mentioned topics. Opinion papers will reflect the opinion/position of the author(s) on the selected privacy-related topic.
  • Call for Ph.D. Student Workshop Submission: open to both junior Ph.D. and prospective Ph.D. students. Authors are invited to submit papers (accepted papers will be limited to 4 pages excluding references, written in English and in LNCS format) describing the current state of their research.

 

Details and instructions on the open calls are available here

This year’s confirmed speakers include:

  • Thomas Engel (University of Luxembourg)
  • Paul Timmers (DG CONNECT)
  • Udo  Helmbrecht (ENISA)
  • Giovanni Buttareli (EDPS)
  • Naomi Lefkovitz (NIST)
  • Ross Anderson (Univ Cambridge)
  • Marit Hansen (ULD)
  • Paul Nemitz (DG Justice)
  • Jacob Appelbaum (Tor project)

 

To register visit the dedicated APF website and check out this year’s programme.  Follow APF on twitter

#APF15 #enisa @ PrivacyForum_EU  @ENISA_eu

 

About APF: The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and as local host, the University of Luxemburg, are organising a two-day event with the objective of providing a forum to academia, industry and policy makers.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Digital Agenda Seminar: European Cyber Security Month

Fri, 05/22/2015 - 12:50

Within the context of European Cyber Security Month (ECSM) preparations, the ENISA team is organising several seminars and trainings in order to build up the coalition for Cybersecurity Education action. You are invited to participate in the second seminar in Berlin, Germany on June 5th, 2015.

In this half-day seminar we discuss and provide the latest information on Digital Agenda topics such as e-skills, Network Information Security, educational tools and advocacy initiatives. To participate it is necessary to confirm  participation to daria.catalui@enisa.europa.eu by June 4th, 2015.

Details about the initiative and seminar agenda are available here.

Call for partners

The Call to participate as a partner for 2015 is now open: http://cybersecuritymonth.eu/news/call-for

ENISA would like to thank its partners: the Representation of EC in Germany  and BSI- Bundesamt für Sicherheit in der Informationstechnik For the next steps please keep checking ENISA's website for updates.

Background

European Cyber Security Month (ECSM) is a European Union advocacy campaign that takes place in October. ECSM aims to promote cyber security among citizens, to change their perception of cyber-threats and provide up to date security information, through education and sharing good practices. Stay updated and follow:

@CyberSecMonth  #CyberSecMonth #Education #cybersecurity #eskills  #OctoberNIS #ENISA

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Pages