European Union Agency for Network and Information Security

ENISA’s Udo Helmbrecht at the 10th Future Security Event in Berlin

Wed, 09/16/2015 - 13:22

ENISA’s Executive Director, Udo Helmbrecht, is participating at the 10th Future Security Conference taking place in Berlin from 15th -17th September 2015, at the Representation of the State of North Rhine-Westphalia in Berlin.

The event hosts high-level panellists mainly from Ministries, institutions and academia. ENISA’s Executive Director Prof. Helmbrecht, delivered the keynote address on “Privacy and Data protection: an EU Perspective”, where he mentioned the latest developments in the area and spoke about how the Agency has become a point of reference on eIDAS.

The Agency supports and provides guidelines for trust service providers (TSPs) on risk assessment and recommendations for incident risk mitigation, and provides guidelines on an auditing framework for trust services. Other ongoing activities the Agency is involved in include analysis of relevance and compliance of standards related to TSPs (Covering mandate M460 "Rationalised Framework for electronic signature”), assisting the European commission (EC) in the developing implementing acts; Incident reporting for Trust Service Providers (Article 19 of Regulation 910/2014); and a strategy analysis for the introduction of qualified website authentication certificates (QWACs) promoting consumer confidence in the web authentication market. ENISA also supports the creation of a Trust Services Forum explaining to stakeholders the developments in the area of eIDAS, while offering the opportunity to discuss with regulators on important areas.

Our goal is to explain the developments on eIDAS and bring together stakeholders including regulators, and National authorities while developing non-binding technical guidelines supporting their work. Similarly with industry we aim to liaise and facilitate their involvement in the process especially in view of the upcoming entry into force of the trust services provisions of the eIDAS Regulation.

Protecting data is a multi-faceted challenge. Organizational measures are needed such as access control, privacy and security policies. DPA, member states authorities, service providers need to collaborate to implement security measures”

Prof Helmbrecht illustrated how ENISA supports the public sector in policy implementation through its work in the eIDAS regulation and promoting ‘privacy by design’. “We see that the research community has developed many mechanisms to implement specific privacy properties, but which don’t always match the requirements of the regulation. Privacy by design can be the tool to help make this match”.

The Agency also provides its recommendations and guidelines for data protection measures to the private sector, and raises citizens’ awareness with its involvement to the European Cyber Security Month (ECSM) – a joint initiative with DG CONNECT and the Member States and which will be running throughout October - advocating cybersecurity education, and the upcoming Annual Privacy Forum.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Udo Helmbrecht discusses cyber cooperation at New York Summit

Thu, 09/10/2015 - 13:50

The Executive Director of ENISA, Udo Helmbrecht, is currently participating at the Global Cyberspace Cooperation Summit taking place on the 9th and 10th September, in New York, hosted by the EastWest Institute.

Along with representatives from the public and private sectors, Prof. Helmbrecht spoke on the panel "Is Cooperation Possible in Cyberspace?” discussing the challenges to protecting critical assets from cyber-attacks at a global level while minimising threats to IT security.

Professor Helmbrecht presented some of ENISA’s current work in the field and contributions that will support the proposed NIS directive. Reference was made to EU cyber cooperation through the facilitation of the pan-European cyber exercises, capacity building and the exchange of experience and expertise while developing ‘baseline capabilities’ with CERT teams. The Agency is a recognised 'liaison member' in the CERT community and has developed training resources. ENISA further assists Member States on incident reporting, which all use ENISA’s technical guidelines and recommendations, enhancing baseline security measures.

“Cyber cooperation is fundamental to ensure the protection of critical assets and infrastructure across the EU. Our efforts are ongoing for responding to the evolving cyber threat landscape, for building  the community and supporting the current EU legislative process” said Udo Helmbrecht.

Background info:

The EastWest Institute brings together policymakers, business leaders, technical experts and civil society, at this invitation only event (#EWIcyber), providing a forum showcasing results and promoting collective action.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Information security insights at ENISA workshop

Wed, 09/09/2015 - 12:40

This invitation only event, welcomed participants from EU Agencies such as Europol, CEPOL, BEREC, ECHA, eu-LISA, CEDEFOP, EFCA, OHIM, ERA, EEA, EMSA, FRONTEX, FRA, IMI, EIGE, the Translation Centre of the European Bodies, and FCH.

ENISA’s Head of Administration Mr Paulo Epandinhas and the Head of the Core Operations Department, Dr Steve Purser gave the welcoming notes. Speakers included Rogero Vincitore from the European Commission Internal Audit Service and ENISA experts.

The workshop aimed at providing valuable insights on information security at the highest operational level. ENISA experts gave an overview on the cyber threat landscape, risks and considerations for Cloud platforms, as well as an inside look at ENISA’s technical trainings and the Cyber Europe Exercises.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

German Ministry of Interior visits ENISA

Fri, 09/04/2015 - 16:05

Several experts from the German Ministry of Interior visited ENISA's premises in Athens today. The German Ministry officials had meetings with ENISA's management and experts, exchanging ideas and discussing on areas of shared interest, such as Critical Information Infrastructure Protection, Threat landscape, Data Protection and other.

The discussion revealed opportunities for further co-operation between the two organisations especially in policy implementation where ENISA has significant experience at an EU level. 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

National Cyber Security Strategies global newsflash

Thu, 09/03/2015 - 14:20

ENISA releases a new version of the National Cyber Security Strategies (NCSS) interactive map.

NCSS news in the European Union

Luxembourg publishes NCSS v2 focusing on:        

  • Definition of cybersecurity
  • Dialogue initiation with the academic and industrial world
  • Cyberdefence introduction
  • Formal instruction of a body to handle the coordination of the new strategy’s implementation
  • Establishment of action plans

                                         

NCSS news in the World

Check out the new entries in South America and Africa at ENISAs new interactive NCSS map.

 

The next ENISA NCSS event will take place on the 29th September 2015, in Luxembourg during the Presidency of the Council of the European Union.    

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Udo Helmbrecht at the ‘Information security for public sector’ conference in Stockholm

Wed, 09/02/2015 - 14:55

Prof Udo Helmbrecht is participating at the ‘Information security for public sector’ conference taking place on the 1st and 2nd September 2015, in Stockholm where he  delivers the keynote speech on ‘Guiding EU Cybersecurity from policy to implementation’.

Prof. Helmbrecht presented some of ENISA’s current work in the field contributing to both EU policy discussions and ongoing efforts to implement existing policy. Examples of the latter include incident reporting, the implementation of the eIDAS regulation, the proposed data protection regulation and NIS directive.

For example, the Agency’s recommendations on incident reporting help Member States and the private sector to enhance baseline security measures through a better understanding of the root causes and potential solutions.

Similarly on the eIDAS regulation, the Agency supports and provides guidelines for trust service providers on risk assessment and recommendations for incident risk mitigation, and provides guidelines on an auditing framework for trust services. Other activities in this area include analysis of relevance and compliance of standards related to TSPs; Incident reporting for Trust Service Providers; and a Strategy analysis for introduction of qualified website authentication certificates (QWACs) promoting consumer confidence in the web authentication market. ENISA also supports the creation of a Trust Services Forum explaining to stakeholders the developments in the area of eIDAS, while offering the opportunity to discuss with regulators on important areas.

ENISA works closely with MS and the EU Institutions and the results produced rely on the collaboration with all NIS stakeholders. ‘ENISA is in the unique position to transfer the lessons learned across different operational communities, while promoting approaches to NIS that support economic growth’ said Udo Helmbrecht.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

COINS Summer School visit at ENISA

Wed, 08/26/2015 - 10:41

ENISA hosted a visit for the COINS Research School of Computer and Information Security on August 21st, 2015. A group of eleven students, led by Prof. Hanno Langweg, had the opportunity to visit the agency premises and gain insights into its work and role on cybersecurity for the EU, and in particular on topics such as:

  • What ENISA is doing in the field of Cloud and Big Data
  • ENISA’s contribution to Smart Cities
  • The EU Cyber Security Challenges organized by ENISA
  • Cyber Crisis management
  • Security Awareness


The visit, took place as part of COINS Summer school programme on cloud security.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

National Cyber Security Strategies: the latest news

Fri, 08/21/2015 - 10:50

In July 2015, Ireland published its National Cyber Security Strategy for 2015 – 2017. The strategy highlights the Government’s approach in facilitating resilient, safe and secure operations of networks, infrastructures and digital technologies used by the Irish citizens.

The strategy focuses on the following key actions:

  • Formal establishment of CSIRT-IE with focus on protection of CII’s in energy and telcos.
  • Improved security delivery in the areas of situational awareness and incident management.
  • Introduction of primary legislation in compliance with EU requirements.
  • Local and international PPPs in the interest of Critical Infrastructure Protection by improving situational awareness, incidents management, education, training and public awareness.

 

For more information on National Cyber Security Strategies in Europe and Worldwide, please visit: National Cyber Security Strategies in the World 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA accredited as TF-CSIRT Liaison Member

Tue, 07/21/2015 - 11:06

ENISA has been recognised as a 'liaison member' of the Computer Security Incident Response Team task force (TF-CSIRT), in July 2015.

ENISA’s CERT- related deliverables have been either developed or validated in collaboration with the CERT (Computer Emergency Response Teams) community. TF-CSIRT’s training program is partly based on ENISA material, and the Agency regularly sponsors and contributes to these trainings. In addition, the Agency’s workshops and trainings for CSIRTs are often held back-to-back with TF-CSIRT meetings.

ENISA’s Executive Director said: “TF-CSIRT is a very important community for ENISA, and this recognition hails 10 years of close collaboration. ENISA is honoured to be awarded this status, and is looking forward to contributing further to the CERT community”. 

“Liaison members” are organisations that are not CSIRTs, but which the community trusts and deems important.  Several ENISA staff members are already part of the community as ‘Individual Members’ contributing through their skills and experience, and are regularly invited to TF-CSIRT meetings.

Background:

TF-CSIRT was created in Europe in 2000. It's a forum for CSIRTs to exchange experiences, forge relationships and to allow efficient handling of cross-border information security incidents. CSIRTs have extended their capacities throughout the years from a “reaction force” to complete security service providers, including proactive services such as alerts, security advisories, training and security management services.

 

For more information on ENISA's CERT activities visit the dedicated section.

 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Key findings from the ENISA Workshop: Protection of Electronic Communications Infrastructure and Information Sharing

Mon, 07/20/2015 - 14:05

ENISA’s Workshop on the Protection of Electronic Communications Infrastructure and Information Sharing successfully concluded with the participation of more than forty-five (45) participants from twenty (20) Member States. Representatives included Ministries and National Regulatory Agencies, Electronic communication providers and infrastructure owners.

The workshop, which took place on June 16th 2015 in Romania, was an opportunity for participants to exchange views and best practices in the field. Key conclusions are:

  • Information exchange tools enhance the security against incidents. Their usage can be voluntary or mandatory, depending on the cultural aspects of the country.
  • Multi-stakeholder collaboration should take place at all stages of the design and the deployment of these tools. This will help to design the functionalities and facilitate the adoption of these tools, while it is necessary to take into account users’ needs.
  • The development of these tools is a continuous process. Current tools need to evolve and new tools should be conceived keeping in mind the future outlook. Current trends include the adoption of new technologies (e.g. mobile usage), automation and integration with third-party systems through APIs.

 

During the workshop presentations of several tools was made by Ledningskollen (Sweden), KLIC (The Netherlands) and DIO (Sweden), while two panels - of managers and users - explored these tools.

Workshop minutes and presentations are available online.

Background information:

Information sharing is very important in the prevention of future incidents that can impact network and information security. Internet outages, caused by the disruption of underground assets (such as cables, fibre optics, ducts), can be prevented by declaring these assets and future civil works in special tools. ENISA has analysed the solutions deployed in several EU Member States in the Protection of Underground Electronic Communications Infrastructure  report. Moreover, specific tools such as DIO allow operators to share information about disruptions and share this information in a standardised manner.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Are smart infrastructures experts in cyber security?

Thu, 07/16/2015 - 15:49

Udo Helmbrecht discusses the IoT at the 1st annual conference and launch event for the funding priority on “IT security for Critical Infrastructures” taking place on the 15th-17th July 2015, at the premises of the SGL Arena in Augsburg.

The networking event includes representatives from the political, industry and scientific sector, taking a deeper look into critical infrastructures and IT security risks associated with new technologies and products, and the new business models.

Udo Helmbrecht took part in panel discussion on the security of smart infrastructures, exchanging views on "The look into the future" and the Internet of Things (IoT) from smart homes to smart cities, as applications are allowing smart living in all aspects of daily lives:

  • In smart homes we see media enabled devices that allow users to access data anywhere and anytime, making use of cloud services. Cyber physical devices allow the interaction of software controlled equipment to interact with the physical world.
  • Smart cities create significant impact through smart transport and car-to-car communications; smart grids, that allow for lower energy consumption; and smart hospitals, providing better health services. All these rely on ICT services whose operation has to be secured against possible vulnerabilities which may result to economic and societal impacts depending on the case.

 

Prof. Helmbrecht said: “Currently there is no clear definition of cyber security for smart infrastructures at an EU level. It will be beneficial to increase information sharing and coordination for example on public transport. As new technologies and applications are developed, their security aspects also need to be developed from the design phase, allowing for improved services, user experience and safety in a connected online world”.

 

For details visit the event page.


 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Key conclusions on the cloud landscape brought to the foreground at EU28 Cloud Security conference

Wed, 07/08/2015 - 09:52

The ‘EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union’ brought to the foreground the current cloud landscape. The aim of the conference was to bring together practitioners, academics and policy makers to discuss the level of cloud computing security in the context of current and future policy activities. The conference included presentations and panel debates on legal and compliance issues, technical advancements, privacy and personal data protection, critical information infrastructures and cloud certification.

During the conference the important role of cloud computing was acknowledged for the development of the digital economy in Europe. Cloud computing is becoming essential for users, including individual consumers, businesses and public sector organisations. However, recent figures indicate that users' concerns on cloud security are still the main barrier to the adoption of cloud services in Europe.

Key conclusions highlight that:

  • There is a need to raise awareness and educate users and SMEs on cloud security, to encourage safe and responsible use of cloud services. “Informed customers” should be able to ask the right questions to providers and understand where their responsibilities lay, and SMEs understand that they are co-responsible for the security of the cloud services provided. A risk assessment culture should be nourished applicable to all. Transparency of cloud services must be improved by the implementation of continuous monitoring mechanisms, increasing accountability through evidence-based assurance solutions, and certification, keeping in mind that one size does not fit all. Rapid, context-based information sharing of incidents within the industry sectors, will also enable collaborative information security able to respond quickly to the changing cybersecurity landscape.
  • There is a need for flexible policy approaches towards cloud security to allow further technological advancements. Within this framework co-regulatory and self-regulatory initiatives should be supported, and create technology-neutral legal guidelines and obligations based on principles, to allow for flexible solutions. Europe-wide solutions should be encouraged
  • Data protection is an important element to be considered. Implementation of existing rules and techniques should be encouraged and this information should be shared.
  • Governmental clouds bring benefits to cloud security. There is space to strengthen cooperation and define clear procurement guidelines built on cooperation between industry and public sector. Furthermore, customised solutions based on the needs of each country and sharing of best practices can be encouraged.
  • Cloud benefits from an open market. Meanwhile discussions are required on security in relation to data location requirements, foreign jurisdiction and access to European data.
  • As cloud usage for critical sectors is increasing there is a need for elaborated security measures and specific risk assessment techniques addressing each critical sector’s needs.

 

Furthermore, cloud security was discussed in relation to the recent regulatory and policy initiatives, such as the ongoing data protection reform, the proposal for a Network and Information Security directive, cloud computing communication and the Digital Single Market strategy. There was consensus that further policy actions on cloud security could support trust and confidence in cloud services by addressing the key findings and issues deriving from the conference.

The findings of the EU28 Cloud Security Conference were discussed and presented to the wider audience of the Digital Assembly European Commission high-level event taking place in Riga on the 17th and 18th June, 2015. The conclusions drawn were presented by ENISA’s Head of Critical infrastructures and Services Unit, Dr. Ouzounis, during workshop 1: “Building Trust and Confidence online”.

 

Background:

The joint conference ‘EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union’ was organised by the Ministry of Defence of the Republic of Latvia and the European Union Agency for Network and Information Security (ENISA), which took place on June 16th, 2015 in Riga.

 

For press enquiries please contact press@enisa.europa.eu , Tel. +30 2814 409 576

 

 

 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Udo Helmbrecht at the Chatham House on standardising European cyber security

Fri, 07/03/2015 - 12:25

ENISA’s Executive Director participated at the Chatham House Cyber 2015 meeting on 'Security, Privacy and Competing interests', on the 2nd and 3rd July 2015, in London.

Udo Helmbrecht gave an overview on the standards landscape and its limitations. Prof. Helmbrecht said: “A plethora of fora and initiatives are available which lack though a consistent strategy, at a policy and the EU funded R&D program level. It is important to develop a consistent EU framework to cybersecurity standardisation. The challenge is to maintain security standards and develop a common understanding.”

ENISA’s work in the field involves the Cybersecurity Coordination Group (CSCG) which aims towards:

- An EU Governance framework, for a coordinated approach to cybersecurity standardisation and the identification of strategic options for EU-US standardization, addressing the particularities of cybersecurity. Furthermore, it aims to review and promote good practices.

- Defining cybersecurity to ensure a common understanding and terminology, procedures, and identify gaps and overlaps in standardisation efforts 

- The organization of an EU global initiative  on cyber security standards, for the exchange of views through a high level event.

 

Background:

Increasing international tensions have raised cyber security risks. Governments and businesses appear increasingly in conflict over privacy and the internet governance debate has highlighted radically different national approaches to cyberspace. The conference explores the evolving relationship between cyber security, online privacy and the governance of cyberspace, and consider what policy architecture and technical capabilities are required to address critical risks and reduce international tension (source: Chatham House). 

 

Check out also:


ENISA paper on digital security published by European Standardisation bodies

ENISA report on Standardisation in the field of Electronic Identities and Trust Service Providers

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA’s Udo Helmbrecht at EPP Hearing on cybersecurity

Thu, 07/02/2015 - 10:05

ENISA’s Udo Helmbrecht participated at the EPP Hearing on data driven security, which took place today 1st July 2015, at the European Parliament in Brussels.

Topics discussed included:

Session I: New trends in digital technology developments and cyber threats to security  

Session II: Fighting crime: use of new technologies and use of data

Session III: Cyber Security: ensuring security and safety on state and individual levels

The Executive Director participated (sessions I and III) providing insight into the trending developments and the major changes observed in cyber threats. It was noted that the development of the Internet of Things (IoT) doesn’t offer yet a commonly accepted security model, while new concepts may introduce new vulnerabilities into the core functionality of the internet. On the other hand, the development of digital solutions, whether in the area of smart homes and cities, mobile and wearable devices, smart infrastructure and big data, are affected by the need for increased efficiency, which results to a more data driven approach, increasing vulnerability (and interest) to cyberattacks. Furthermore, applications of new technologies highlight unchartered territories, and whether society can tolerate the consequences resulting from their use.

Udo Helmbrecht looked into the impact of the trending cyber environment on personal and national security, and the antagonistic goals of these to privacy and data protection, as the line separating national security from commercial security is also increasingly blurred. Within this framework minimum standards and security by design were identified as key parameters of the development cycle. Furthermore, the Executive Director showcased the pan-European Cyber Exercises and the Agency’s contribution in facilitating cooperation between the different communities.

Within this Udo Helmbrecht identified the need for:

(1)    Understanding the risk: ENISA's threat landscape provides a comprehensive analysis

(2)    EU Governance: There are dedicated agencies and established Governmental CERTs (Computer Emergency Response Teams) in the Member States and CERT EU. But, what is needed is a Member State and EU governance. Bearing this in mind, ENISA appreciates the NIS Directive approach

(3)    Cooperation: between the private sector and the NGOs with initiatives such as, the

(4)    European Cyber Security Month (ECSM): as an example of raising EU citizen’s awareness on cyber issues 

(5)    IT security by design: developing secure devices and establishing IT security as a competitive advantage

(6)    Building EU global champions: Europe has strong SMEs but when it comes to growth the limitations are 28 Member States, 19 Eurozone Member States, and 24 languages.

ENISA brings together the majority of the stakeholders in the EU to mitigate the risks associated with cyber security. Effective assessment of the threat landscape, policy development, cooperation and capacity building are necessary in order to effectively secure the critical sectors in society, ensuring the cyber frontier for citizens and Europe. To this end we need: (1) awareness, (2) EU cooperation, (3) standards, certification and audits, (4) supply chain integrity and liability, and (5) usage of cryptographic techniquessaid Udo Helmbrecht.

 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA participates at IMCO Committee Meeting

Wed, 06/24/2015 - 10:19

ENISA’s Udo Helmbrecht, participated on June 23rd2015, at the IMCO Committee meeting in Brussels, in an exchange of views on the public interest information platform of the Universal Service Directive.

Focus was placed on gaining the involvement of citizens on online security. Within this context ENISA’s involvement in the European Cyber Security Month (ECSM) was demonstrated in the joint activity of DG CONNECT and ENISA advocating online security. A report on the deployment of the European Cyber Security Month presents its preparatory work, gives an objective evaluation, and draws upon the conclusions that can be used in future editions of the ECSM. In numbers, we witness an increase in the countries involved and the number of online followers via the social media (twitter). In particular, in 2014 the ECSM achieved a peak in media reach, with 40 million online users, 300 Tweets and good interactivity. Furthermore, more activities and related material has been generated, while participants at kick-off have doubled.

 

Next steps aim at making online privacy tools available for the general public. The initiative is a joint collaboration of EU experts ranging from academia, the public and private sector. In addition ENISA is developing a study - to be available by the end of 2015 - performing a state-of-the-art review of existing initiatives promoting online privacy tools, along with a feasibility analysis and development of a pilot plan.

During a fruitful discussion at the IMCO meeting, Udo Helmbrecht gave an insight into aspects of ENISA’s work programme such as deciphering the cyber threat landscape, privacy and data protection, secure cloud adoption, standardisation, securing the finance sector, and activities supporting the Member States such as CERTs capacity building, Cyber Europe and supporting EU policy and law on NIS. 

The meeting was broadcast live and is available via the European Parliament multimedia library.

Speech by Udo Helmbrecht at IMCO 

Background:

Directive 2002/22/EC of the European Parliament and of the Council of 7 March 2002 on universal service and users' rights relating to electronic communications networks and services (Universal Service Directive). The Universal Service Directive is part of the "Telecoms Package" which, together with four other directives, aims to recast the existing regulatory framework for telecommunications and to make the electronic communications sector more competitive.

ECSM: European Cyber Security Month (ECSM) is a European Union advocacy campaign that takes place in October. ECSM aims to promote cyber security among citizens, to change their perception of cyber-threats and provide up to date security information, through education and sharing good practices

 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Workshop today on the Protection of Electronic Communications Infrastructure and Information Sharing

Tue, 06/16/2015 - 09:53

A half day conference is taking place today in Bucharest, focusing on Electronic Communications Infrastructure and Information Sharing.         

The workshop, organised by ENISA, is aimed at Member States and policy makers, electronic communication providers,civil work companies, users and developers of such tools.

During the event presentations will address the protection of underground infrastructure and existing tools, as well as look into the evolution of these tools and  information sharing. Two parallel panels will examine:

Panel 1:Discussion on information sharing, cross-border issues and collaboration, use-cases

Panel 2:Q&A session on DIO for Information Sharing

Workshop agenda is available here.

Background:
Information sharing is very important to prevent future incidents that can impact network and information security.ENISA has analysed the solutions deployed in several Member States across the EU in its report “Protection of Underground Electronic Communications Infrastructure”. Moreover, specific tools such as DIO allow operators to inform about disruptions among themselves and share information in a standardised manner.

 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

The EU28 Cloud Security Conference to take place in Riga

Tue, 06/16/2015 - 08:36

On June 16, in Riga, the Ministry of Defence of the Republic of Latvia and the European Union Agency for Network and Information Security (ENISA) will organise the EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union. The participants of the conference will discuss the cloud security in the two parallel tracks: ‘Legal & Compliance’ and ‘Technologies and Solutions’.

Discussing the ‘Legal & Compliance’ track, participants will address topics like cloud certification, cloud services procurement, security standards, data protection and trans-border data access, while talking about the ‘Technologies & Solutions’ track, participants will focus on encryption in clouds, big data, evolution of cloud computing, cloud forensics, research, development and innovation.

Jānis Sārts, the State Secretary of the Ministry of Defence of the Republic of Latvia and professor Udo Helmbrecht, the Executive Director of the ENISA will open the conference. Keynote speeches will be given by the high-level representatives of the European Commission, industry and academia.

“Nowadays governments, businesses and private individuals increasingly recognize the benefits of cloud services, thus leading to increase in deployments and usage. The EU28 Cloud Security Conference will try to address the security challenges posed by cloud services, as well as to provide a realistic view on our preparedness,” says J.Sārts.

“Cloud computing is becoming the backbone of the EU’s digital economy. It represents an opportunity which needs trusted and secure cyberspace. Cloud supporting critical infrastructures is a reality: every day more banks, hospitals, telecommunications are adopting to the cloud model. The cybersecurity aspects involved cannot be underestimated in the context of an effective Digital Single Market. We must act decisively by removing barriers to cloud adoption and implementation in the public, government and private sector. Our presence at this event is to support activities in this direction,” says professor U.Helmbrecht.

The conference will gather the audience of 150 governmental and corporate decision-makers, representatives from the EU institutions and agencies, research and development managers, cyber security practitioners and researchers.

The EU28 Cloud Security Conference will be live streamed in the home page of the Ministry of Defence of the Republic of Latvia: http://www.mod.gov.lv.

Cloud services are designed to provide easy, scalable access to applications, resources and services, and are fully managed by a cloud services provider. They can dynamically scale to meet the needs of its users, and since the service provider supplies the hardware and software, there is no need for a company to provide or deploy its own resources, or allocate IT staff to manage the service. Examples of cloud services include online data.

As cyber issues are taking an increasingly greater role in today’s security agenda, the Latvian Presidency of the Council of the European Union in the first half of 2015 has set the Digital Europe as one of three policy priorities. Cyber security and defence form an inherent part of this priority. The findings of the event will be presented at the Digital Assembly that will take place on June 17-18 in Riga.

The European Union Agency for Network and Information Security (ENISA) is a centre of expertise for cyber security in Europe. ENISA supports the EU and the Member States in enhancing and strengthening their capability and preparedness to prevent, detect and respond to network and information security problems and incidents.

The programme and the list of confirmed speakers of the EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union is available in the ENISA home page.

Stay updated through the official Twitter accounts of the Ministry of Defence of the Republic of Latvia @AizsardzibasMin and the European Union Agency for Network and Information Security @enisa_eu , and using hashtag #CSCRiga15.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA workshop for the Trust Services Market on June 30th

Mon, 06/15/2015 - 15:38

ENISA is organising a workshop for the Trust Services market in Brussels on June 30th, 2015.The main objectives of the workshop will be:

  • To share good practices and experience as well as views on various aspects of the Implementation of eIDAS by the concerned stakeholders and their compliance to EU legislation
  • To understand the priorities and needs of trust service providers in the development of the eIDAS Regulation.
  • To exchange ideas on the positions of the different stakeholders in aspects like standards, certification, qualification, etc.
  • To discuss strategies to promote the use qualified trust services in Europe.

 

The provisional agenda can be found here.

Registration is now open and free.Please register here.

ENISA, in collaboration with the European Commission, will launch in 2015 a Forum to bring together the three stakeholder communities in the qualified trust service market, namely: trust service providers, conformity assessment bodies and supervisory authorities.The creation of this Forum is motivated by the need for a place for open discussion which has arisen with the entry into force of the Regulation 910/2014 on electronic identification and trust services for electronic transactions in the internal market.

The Forum will become a platform to discuss these and other related aspects. During its first edition, the current key topics in the development of secondary legislation on the eIDAS Regulation will be discussed through panels and breakout sessions.

For more detailed information please visit the dedicated event page

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Call to participate in the EU28 Cloud Security Conference

Mon, 06/15/2015 - 13:56
 

Prior registration in order to participate in the conference is mandatory. Please, register before June 11 in the home page of the European Commission.

Discussing the ‘Legal & Compliance’ track, participants will address topics like cloud certification, cloud services procurement, security standards, data protection and trans-border data access, while talking about the ‘Technologies & Solutions’ track, participants will focus on encryption in clouds, big data, evolution of cloud computing, cloud forensics, research, development and innovation.

Jānis Sārts, the State Secretary of the Ministry of Defence of the Republic of Latvia and professor Udo Helmbrecht, the Executive Director of the ENISA will open the conference. Keynote speeches will be given by the high-level representatives of the European Commission, industry and academia.

The conference will gather the audience of 150 governmental and corporate decision-makers, representatives from the EU institutions and agencies, research and development managers, cyber security practitioners and researchers.

The programme and the list of confirmed speakers of the EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union is available in the ENISA home page.

Cloud services are designed to provide easy, scalable access to applications, resources and services, and are fully managed by a cloud services provider. They can dynamically scale to meet the needs of its users, and since the service provider supplies the hardware and software, there is no need for a company to provide or deploy its own resources, or allocate IT staff to manage the service.  Examples of cloud services include online data.

As cyber issues are taking an increasingly greater role in today’s security agenda, the Latvian Presidency of the Council of the European Union in the first half of 2015 has set the Digital Europe as one of three policy priorities. Cyber security and defence form an inherent part of this priority. The findings of the event will be presented at the Digital Assembly that will take place on June 17-18 in Riga.

For more information: EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA’s Udo Helmbrecht at the EU Cybersecurity Strategy Conference

Thu, 05/28/2015 - 08:25

ENISA’s Executive Director Udo Helmbrecht participates at the 2nd High Level Conference on EU Cybersecurity, organised by the European Commission, taking place today 28th May 2015, in Brussels.

Udo Helmbrecht will be moderating the panel discussion on “the realities of network and information security”. The panel will examine the growing importance of securing networks and information systems which is critical for ensuring the proper functioning of infrastructures and businesses alike. The panel will look into the challenges for ensuring cyber resilience, preventing and responding to cyber incidents in governments and the private sector, while also addressing the legislative developments in the area, and examine opportunities for cooperation*.

The event will also focus on the following areas:

  • Making the EU an industrial leader in trustworthy ICT
  • Building Capacity to fight cybercrime and strengthen cybersecurity in the EU and beyond
  • Achievements of the EU Cybersecurity Strategy, the challenges and opportunities ahead

 

Udo Helmbrecht said: “The event is an excellent opportunity to discuss the challenges on cyber resilience, explore whether we are doing enough and how to bring forward the cooperation between the public and the private sector. An important aspect to look into is how we involve SMEs to become more effective in this area. For the EU to become the single market of choice for governments and industry, it is necessary to have trusted core NIS technologies and services for industry and citizens. The recently published DSM offers opportunities to businesses to make use of the benefits of the EU’s internal market. ENISA with its expertise is in the unique position to contribute and address the needs for high level online network security”.

 

Background:

The event aims to provide an overview of the state of play of the implementation of the five main priorities of the EU Cybersecurity Strategy and showcase highlights of its main actions. The conference will be an opportunity to explore the way forward regarding the proposal for a Network and Information Security Directive, the EU cybersecurity industrial strategy and the next steps for capacity building for cyber defence and fighting cybercrime (*source Digital agenda for Europe)

The EU Cyber Security Strategy was presented by the Commission and the HR/VP in 2013.

Related documents:

ENISA welcomes the Commission initiatives on the Digital Single Market for Europe

ENISA on EU cyber security at Parliament’s SEDE Committee

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Pages