& National Emergency Coordination MEUSAC Consultation Session “Strengthening Europe’s Cyber Resilience System a nd Fostering a Competitive & Innovative Cybersecurity Industry” (13 March 2017 ) Venue: Fortress Builders Fortifications Interpretation Centre, Valletta John Agius Director (Critical Infrastructure Protection) CIP Directorate, Cabinet Office, OPM
Outline Terminology The CIP Directorate (CIPD) CSIRTMalta ENISA The NIS Directive http://maltacip.gov.mt 2
Terminology CIP : Critical Infrastructure Protection CII : Critical Information Infrastructure CIIP : Critical Information Infrastructure Protection CSIRT : Computer Security & Incident Response Team CSIRTMalta : The National CSIRT in Malta ENISA : European Union Agency for Network & Information Security The NIS Directive: EU Directive 1148 of 2016 SPOC: Single Point of Contact http://maltacip.gov.mt 3
Mission Statement ‘To strengthen and secure the functioning and resilience of Malta’s Critical Infrastructure and National Emergency Services ’ Cyber http://maltacip.gov.mt 4
( Established September 2014 ) CIIP http://maltacip.gov.mt 5
CSIRTMalta is the National CSIRT for Malta Focus Critical Infrastructures (CI’s) Critical Information Infrastructure (CII’s) Other sensitive Infrastructures Public and Private sectors National Single Point of Contact (SPOC) http://maltacip.gov.mt 6
Mission statement Supporting CI’s, CII’s and other sensitive infrastructures in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents. CSIRTMalta was established as the National CSIRT for Malta on 14 th November 2011 http://maltacip.gov.mt 7
Stakeholders Public Sector-CSIRTs ( MT-CSIRT & CSIRPs ) National CSIRT Private sector ( CSIRTs & CSIRPs ) http://maltacip.gov.mt 8
Services • Announcements – Dissemination of information about known threats, incidents and countermeasures needed to protect assets and systems – opm.gov.mt/en/mcip – csirtmalta@gov.mt – @CSIRTMalta • Alerts and warnings – Dissemination of incident reports related to cyber infections and potential breaches targeting CSIRTMalta constituents, recommending solutions to counter such infections/breaches; • Incident Response Coordination – Supporting constituents by coordinating response to information security incidents, occasionally in collaboration with European and international communities of CSIRTs and other public and private bodies, as appropriate. • CSIRTMalta Incident Response: +356 - 21221334 http://maltacip.gov.mt 9
ENISA • The European Union Agency for Network and Information Security • Established in 2004 by EU Regulation No 460 of 2004 • A centre of expertise for cyber security in Europe • Located in Greece with its seat in Heraklion Crete and an operational office in Athens • Actively contributing to a high level of network and information security (NIS) within the European Union • Developing a culture of NIS in society • Raising awareness of NIS within European Member States http://maltacip.gov.mt 10
Mission statement ENISA contributes to securing Europe’s information society by raising awareness and by developing and promoting a culture of network and information security (NIS) in society thus contributing to the proper functioning of the internal market. ENISA Strategy 2016 - 2020 http://maltacip.gov.mt 11
ENISA Players & Stakeholders http://maltacip.gov.mt 12
ENISA – Areas of activities • Recommendations • Activities that support policy making and implementation • ‘Hands On’ work, where ENISA collaborates directly with operational teams throughout the EU http://maltacip.gov.mt 13
ENISA – Activities • The Pan-European Cyber Security Exercises • The development of National Cyber Security Strategies • CSIRTs cooperation and capacity building • Cyber related specialists training • Studies on secure Cloud adoption • Addressing data protection issues, privacy enhancing technologies and privacy on emerging technologies • eIDs and trust services • Identifying the cyber threat landscape • ENISA also supports the development and implementation of the European Union's policy and law on matters relating to NIS. http://maltacip.gov.mt 14
Pan-European Cyber Exercises CE2016: The largest Cybersecurity exercise in the World with 948 Participants http://maltacip.gov.mt 15
Cyber Europe 2016 (CE2016) Safeguarding Europe’s Digital Market through cyber security • 13-14 October 2016 • Simulation of an EU-wide crisis triggered by cyber attacks (involving 948 participants) • Goals: [1] test EU and national-level cooperation [2] improve technical and operational capabilities Cyber Europe 2016: The pan-European exercise to protect EU Infrastructures against coordinated cyber-attack http://maltacip.gov.mt 16
Specialist Training Workshops by the Malta-CIPD & EU-ENISA to local CYBER Specialists from the Public and Private sectors http://maltacip.gov.mt 17
Examples of training resources http://maltacip.gov.mt 18
Training Workshops by the Malta-CIPD & EU-JRC to local stakeholders from the Public and Private sectors http://maltacip.gov.mt 19
The (EU Directive 1148 of 2016) NIS Directive http://maltacip.gov.mt 20
NIS Directive The first EU-wide rules on cybersecurity, establishing measures to ensure a high common level of network and information security across the European Union. Laying down obligations on MS’s to adopt national strategies securing NIS. Creating the Cooperation Group at the strategic level and the CSIRT Network , to build trust and confidence, at the operational level . Article 1 – Directive (EU) 1148 of 2016 of The European Parliament and The Council of 6 July 2016 http://maltacip.gov.mt 21
NIS Directive • The objectives of the Directive (i.e. that of achieving a high common level of security of network and information systems within the EU), will be achieved, by means of: – Improved cybersecurity capabilities at national level – Increased EU-level cooperation – Risk management and incident reporting obligations for operators of essential services and digital service providers http://maltacip.gov.mt 22
About: NIS Directive CSIRT Network Group NIS Coop Group Established 22-23 February 2017 9-10 February 2017 MT-Pres Malta meeting MT-Pres Brussels meeting Hosted & Chaired by CSIRTMalta Chaired by CSIRTMalta http://maltacip.gov.mt 23
CSIRT Network ( Article 12, NIS Directive ) The 1st Formal CSIRT Network Meeting ( as defined by the NIS Directive ) was held in Malta between the 22nd and 23rd February 2017. The meeting was organised and chaired by CSIRTMalta, in collaboration with the European Network and Information Security Agency ENISA. The event was organised as part of the Maltese Presidency of the Council of the European Union (Jan – June 2017). http://maltacip.gov.mt 24
NIS Directive Timeline Date entry into force + … Milestone August 2016 - Entry into force February 2017 6 months Cooperation Group begins tasks (MT-Presidency) CSIRT Network Group formally established (MT-Presidency). Adopted TORs, ROPs, the short term goals (covering the first February 2017 6 months 18 months of Work-Plan) and formed the WGs for the execution of the short-term goals. Adoption of implementing on security and notification August 2017 12 months requirements for DSPs February 2018 18 months Cooperation Group establishes work programme May 2018 21 months Transposition into national law November 2018 27 months Member States to identify operators of essential services 33 months Commission report assessing the consistency of Member May 2019 (i.e. 1 year after States' identification of operators of essential services transposition) Commission review of the functioning of the Directive, with 57 months a particular focus on strategic and operational cooperation, May 2021 (i.e. 3 years after as well as the scope in relation to operators of essential transposition) services and digital service providers http://maltacip.gov.mt 25
NIS Directive Transposition Timeline Drafting of LN for Directive (EU) 1148 of 2016 6 th July 2016 Review by Attorney General Admin/Technical/Financial Resources Recruitment 24*7 Program testing TRIS (TBD) Justice Unit for Review Cabinet Office 31 st March Launch Q1 Q1 Q4 2016 2018 Q3 Q4 Q2 Q3 2018 2017 2017 http://maltacip.gov.mt 2017 Today 26
Contact Details: +356-22002000 maltacip@gov.mt http://maltacip.gov.mt http://maltacip.gov.mt 27
Recommend
More recommend