logo

Latest News - Security

New report on Smart Grids cyber security measures; risk-based approach key to secure implementation

New report on Smart Grids cyber security measures; a risk-based approach is key to secure implementation, according to EU Agency ENISA

In contrast to the US’ strict regulatory path, the European approach is to allow a certain degree of ‘freedom’, where these guidelines above can be tailored and combined for the needs of different actors, given the varied market. The Agency therefore proposes a scalability of around 40 (39) security measures which are organised into three levels of sophistication and ten (10) domains:

  1. Security governance & risk management;
  2. Third parties management;
  3. Secure lifecycle process for smart grid components/systems and operating procedures;
  4. Personnel security, awareness and training;
  5. Incident response & information sharing;
  6. Audit and accountability;
  7. Continuity of operations;
  8. Physical security;
  9. Information systems security; and
  10. Network security.

The adoption of a minimum set of security measures needs the consensus and cooperation of various smart grid stakeholders. A coordination initiative could allow a common and generally accepted approach to smart grid security issues. Moreover, a common cyber security approach would help both regulators and stakeholders by harmonising the complex smart grid’s environment and bproviding incentives to improve cyber security. This report can therefore assist the EU by:

  • Aligning the varying levels of security and resilience of the market operators with a consistent minimum national framework;
  • Providing an indication of minimum levels of security and resilience in the Member States with regards to the smart grids
  • Ensuring minimum levels on requirements for smart grids across Member States, thus reducing compliance and operational costs;
  • Setting the baseline for a minimum auditable control framework across Europe;
  • Facilitating preparedness, recovery, response measures and mutual aid of operators during crisis;
  • Contributing to achieve an adequate level of transparency in the internal market.

The Executive Director of ENISA, Professor Udo Helmbrecht, commented; “In order to reach the ambitious EU2020 objectives: 20% of renewable energy, 20% of CO2 emissions reduction and 20% increase in energy efficiency, it is a key issue to ensure that the roll-out of smart grids for distributed energy generation into future electricity grid is done in a secure way. Both innovative technical solutions are required, along with new suitable EU regulatory and economic schemes. We hope to see smart grids in the forthcoming Cyber Security Strategy of the EU.”

For full report

For interviews; Ulf Bergstrom, Spokesman, press@enisa.europa.eu, +30 6948 460 143, or Dr Konstantinos Moulinos, resilience@enisa.europa.eu

" alt="News image" style="width:80px;margin: 3px;" />

The EU’s cyber sec... More

ENISA | Friday, 4 January 2013

Status report 2012 on Computer Emergency Response Teams baseline capabilities launched by ENISA

In focus: Status report 2012 on Computer Emergency Response Teams baseline capabilities launched by EU Agency ENISANational/Governmental CERTs

 

The need for a functional network of n/g CERTs in Europe by the end of 2012 was established in several EU documents (Digital Agenda for Europe/EU’s Internal Security Strategy/the CIIP Communication). The Status Report 2012 states that the key obstacle to cross-border cooperation and incident response is the diversity of capabilities across Member States. Some teams do not have an ‘adequate level of maturity’ compared with the teams in other Member States. Four baseline capabilities constitute the focus of the report:

Excerpts of key findings for n/g CERTs;

1. Mandate & strategy:

-Most n/g CERTs have a clear role and mandate, yet the details and form vary greatly across the EU.

-A great deal of work needs to be done regarding the proper inclusion of n/g CERTs in national cyber-security strategies; presently, less than 50% of the Member States have such strategies.

2. Service portfolio:

The scope of support depends on the type of constituent: key constituents (e.g. governmental bodies) receive the complete service portfolio. The valuable cyber security expertise of n/g CERTs is also highly sought by law enforcement agencies and other stakeholders.

3. Operational capability:

More than 80% employ 6–8 full-time staff, which is the minimum level necessary for acceptable services. However, in smaller teams, staff have multiple roles, which is a barrier to specialisation. In particular, n/g CERTs report difficulties in hiring digital forensics and reverse engineering specialists.

4. Cooperation capability:

As large-scale cyber-incidents necessitates both national and international management, n/g CERTs are well anchored in international structures like (FIRST, TF-CSIRT, EGC, Trusted Introducer, APWG or ENISA workshops).

The Executive Director of ENISA, Professor Udo Helmbrecht, stated; “These two reports show that while great progress has been made in Europe recently, more work is necessary to bridge the different maturity levels of CERTs. The identified challenges: questions of clarity of governmental CERT roles and responsibilities, lack of funding and missing resources such as highly specialised IT, legal, and PR experts must be addressed. These challenges need to be resolved by many parties: legislators, CERT teams, cooperation partners and international organisations.

For full reports:

Status Report 2012 for CERTs

Updated recommendations 2012

" alt="News image" style="width:80px;margin: 3px;" />

The EU’s cyber sec... More

ENISA | Tuesday, 18 December 2012

Successful collaborative cyber security awareness raising

Successful collaborative cyber security awareness raising - Large Scale Pilot for EU SME business & citizens;two new reports launched by EU Agency ENISA on the European Information Sharing and Alert System (EISAS) A recent Eurobarometer survey reveals that most EU citizens (59%) feel unprepared to protect their online information. Moreover, cyber security is generally in the hands of specialists who implement technical solutions. Citizens and SMEs (Small and Medium Enterprises) are left out of this action, despite the fact that end users’ cyber security awareness is ‘the first line of defence’ against cyber threats.

The EISAS Large Scale Pilot involved national and governmental Computer Emergency Response Teams, public and private organisations involved in awareness raising in four EU Member States: Germany, Hungary, Poland and Spain as well as Norway. All the pilot participants cooperated in cross-border awareness-raising efforts. This empowered citizens and SMEs with the necessary skills and security knowledge to protect themselves from major cyber threats: Botnets, identity theft and social engineering. The awareness material was translated, adapted and disseminated to target audiences in each Member State. Finally, the pilot reached more than 1700 European citizens and employees with tailored security information, using social media, public websites, and targeted mailing lists as communication channels for targeting EU citizens and SMEs.

This pilot demonstrated that the EISAS approach of European collaboration in awareness raising works. The successful pilot results now need to be sustained by a brokering actor. In the pilot, ENISA had this role, but it now has to be transferred to a collaborative community of willing stakeholders. In this regard, the Directorate General for Home Affairs’ NISHA project –Network for Information Sharing and Alerting is a promising candidate for such information brokerage.

In 2013, ENISA will support EISAS by running a study to identify the suitable actors and organisation for its full deployment.

The Executive Director of ENISA, Professor Udo Helmbrecht, remarked; “No firewall or security policy can efficiently protect users unless they are aware of the risks. Therefore, the EISAS pilot is important for the European citizens and businesses, in particular the SMEs, constituting 98% of the European economy.”

For EISAS Large Scale Pilot Report

For EISAS 2012 Roadmap


Background documents:

2011 EISAS basic toolset. EU’s Internal Security Strategy.


For interviews; Ulf Bergstrom, Spokesman, press@enisa.europa.eu, mobile: +30 6948 460 143, or Romain Bourgue, Expert, opsec@enisa.europa.eu

" alt="News image" style="width:80px;margin: 3px;" />

Large Scale Pilot for EU SME business & citizens;two new reports launched by EU Agency ENISA on the European Information Sharing and Alert ... More

ENISA | Tuesday, 18 December 2012

Three Security Hurdles to Overcome When Shifting From Enterprise-Owned Devices to BYOD

News image

STAMFORD, Conn., December 4, 201... More

Gartner Group | Thursday, 6 December 2012

New report on how to reinforce cooperation between EU Computer Emergency Response Teams

News image

The EU Agency ENISA has launched a new Good Practice Guide on co-operation and coordination between Computer Emergency Response Teams (CERTs) and Law En... More

ENISA | Thursday, 6 December 2012

The overhaul of EU rules on data protection: making the single market work for business

News image

3rd Annual European Data Protection and Privacy Conference /Brussels 4 December 2012 Ladies and Gentlemen, 1995 was a long time ago. In terms of digital technologie... More

European Union | Thursday, 6 December 2012

Is e-data the new currency? New ENISA report looks at privacy and tracking

News image

Internet users are increasingly tracked and profiled, with personal data being treated as currency in exchange for services. A gap exists betwee... More

ENISA | Saturday, 17 November 2012

New report on Supply Chain Integrity launched

News image

Supply chain integrity (SCI) in the ICT industry is a topic that is receiving attention from both the public and private sectors (i... More

ENISA | Saturday, 17 November 2012

New ENISA Inventory of CERT (Computer Emergency Response Teams) “digital fire brigades”

New ENISA Inventory of CERT (Computer Emergency Response Teams) “digital fire brigades” plus interactive map The Inventory’s new improved tabulated format shows Europe’s “digital fire brigades” by sector for each country, while the new CERTs map provides filtering capabilities for all CERT teams in the wider EU geographical region. This now includes 195 CERT teams, 22 more than when the inventory was last updated in spring 2012.

An extra feature of the map is the inclusion of the General CERT Report and the National Governmental CERT Report, which provide information on the countries’ CERT teams with the push of a button.

The Inventory and map are available online at https://www.enisa.europa.eu/activities/cert/background/inv and its subpages.

More on ENISA’s work with CERTs

These latest publications follow ENISA’s 7th CERTs annual workshop held earlier this year in Malta and The Hague. The most recent session held jointly with Europol focused on CERTs and their national Law Enforcement counterparts. Overall themes included botnets mitigation, mobile malware, capacity building and incidents response in facilitating collaboration between CERTS and Law Enforcement Agencies.

By the end of 2012 ENISA will launch reports on the current capabilities of national/governmental CERTs in Europe. Furthermore, ENISA supports Member States in setting up CERTs with training, workshops, and information updates, as well as the recently formalised EU-CERT for the EU institutions.

The Executive Director of ENISA, Professor Udo Helmbrecht observed:

“The Agency’s work for the ‘digital fire-brigades’ is a success story, creating a European CERTs community of trust reflected in this inventory and map. CERTs provide the operational backbone for protecting our ICT systems in case of cyber-attacks. I am particularly pleased with our smooth co-operation with Europol, where ENISA’s expertise and prevention work supports their operational work in fighting cyber-crime.”

Background:

The CERT map and Inventory documents are updated twice a year. The next update is anticipated by the end of 2012. For the latest up-to-date-version, please subscribe to our RSS feeds.

CERTs have been established by EU Member State governments and other public and private sector bodies to enable a quick response to emergencies that could affect vital computer networks or information systems.

For interviews: Graeme Cooper, Head of Public Affairs, Mobile: + 30 6951 782 268, press@enisa.europa.eu, or cert-relations@enisa.europa.eu

Follow the EU cyber security affairs of ENISA on Facebook, Twitter, LinkedIn YouTube and RSS feeds

" alt="News image" style="width:80px;margin: 3px;" />

ENISA has published a new interactive CERTs map and Inventory of CERT’s activitie... More

ENISA | Wednesday, 7 November 2012

The Anatomy of National and International Cyber Security Exercises; new report by ENISA

The Anatomy of National and International Cyber Security Exercises; new report by the EU cyber-security Agency ENISA

Cyber exercises in Europe for the period 2002–2012

Information on national and multinational cyber-exercises was gathered worldwide and analysed in this report. We found that a total of 22 European countries were conducting national cyber-security exercises during the last years.

The key findings include:

  • Cyber-exercises have increased in numbers recent years; 71% occurred 2010-2012. The reasons are the overall policy context that boosts cyber-exercises, an increased emphasis by EU Member States thereupon, and the increasing threat of cross border cyber incidents and attacks.
  • Cyber-security and cyber crisis cooperation efforts are receiving ever more attention.
  • There is an essential need to intensify public–private cooperation on cyber-exercises, as the ownership of most of the critical information infrastructures lies in private hands.
  • Proper planning, monitoring and evaluation methods are crucial for effective cyber-exercises.

Some statistical features show that:

  • 64% of the multinational exercises involved more than 10 countries, 13% involved 6–10 countries and 13% involved 3–5 countries.
  • In 57% of the exercises both the public and private sector participated, while 41% involved only the public sector.
  • Two-thirds of the analysed exercises were national exercises and one-third was multinational exercises. This indicates a tendency for international cooperation, although national security matters usually are domestic concerns.
  • Exercises also generated media footprint for 74% of them, creating national cyber-security awareness.

The seven key recommendations of the report are:

  1. Establish a more integrated global cyber exercise community;
  2. Ensure exchange of good practices on cyber-exercises, including public–private cooperation;
  3. Support development of exercise management tools for better exercise planning, execution and evaluation;
  4. Conduct more complex cyber-exercises at inter-sectorial, international and European levels;
  5. Exercises should be included in the lifecycle of national cyber crisis contingency plans;
  6. Promote the good practices for national exercises, and initiate a step-by-step methodology for  cross-border cyber-exercises;
  7. Develop feedback mechanisms for ensuring that lessons learned from cyber-exercises

The Executive Director of ENISA, Professor Udo Helmbrecht, remarked:

The ENISA study shows that a broad consensus exists for cyber-exercises being an essential instrument to assess the preparedness of a community against cyber crises, and to enhance the responsiveness of stakeholders against critical information infrastructure incidents. Based on the report results we will see a growing number of multinational exercises, like our recent Cyber Europe 2012, involving also the private sector.”

Please refer to the full report.

For background:

Critical Information Infrastructure Protection (CIIP) Action Plan, Digital Agenda and the 2011 Communication on CIIP.

Follow the EU cyber-security affairs of ENISA on Facebook, Twitter, LinkedIn YouTube & RSS feeds

For interviews please contact: Ulf Bergstrom, Spokesman, press@enisa.europa.eu or mobile: +30 6948 460 143, or Panagiotis Trimintzios, Exercise Director, panagiotis.trimintzios@enisa.europa.eu

 

" alt="News image" style="width:80px;margin: 3px;" />

In its new report, the EU’s ’cyber-se... More

ENISA | Tuesday, 30 October 2012

First annual report of cyber incidents in the EU: 51 severe outages reported over 2011

News image

This year, for the first time in the EU, all Member States have reported on past cyber security incidents to the EU’s ‘cyber s... More

ENISA | Saturday, 13 October 2012

Europe joins forces in Cyber Europe 2012

News image

Today, more than 300 cyber security professionals across Europe join forces to counter a massive simulated cyber-attack in the 2nd pan-European Cyber Exer... More

ENISA | Saturday, 13 October 2012

Worldwide Security Infrastructure Market Will Grow 8.4 Percent

News image

Gartner Security & Risk Management Summit 2012, September 19-20 in London STAMFORD, Conn., September 13, 2012— W... More

Gartner Group | Thursday, 13 September 2012

EU agency ENISA analyses cyber security legislation & spots implementation gaps

EU agency ENISA analyses cyber security legislation & spots implementation gaps; incidents remain undetected or not reported

’Overview of common elements and differences in EU-incident reporting legislation

Cyber security incidents significantly impact society. Here are five well-known examples:

Each time, millions of citizens and businesses were seriously impacted. But most incidents are not reported or not even detected. Dr Marnix Dekker and Chris Karsberg, the report’s co-authors, argue: “Cyber incidents are most commonly kept secret when discovered, leaving customers and policymakers in the dark about frequency, impact and root causes.”

The new report’Cyber Incident Reporting in the EU’’ provides an overview of existing and planned legislation (please see graphic attached) covering the mandatory incident reporting clauses in Article 13a of the Telecom package and Article 4 of the e-privacy directive, the proposed e-ID regulation’s Article 15, and Articles 30, 31, 32 of the Data Protection reform. The study shows common factors and differences between the articles and looks ahead to the EU cyber security strategy. The paper also identifies areas for improvement. For example, only one of the above-mentioned incidents was within the scope of the national regulators mandate, indicating that there are gaps in the regulation. Thus, EU-wide sharing of incident reports sharing should be improved.

Much progress has been made recently: An ENISA working group for national regulators has developed both a common set of security measures and an incident reporting format. This will enable a more uniform implementation of Article 13a. ENISA just received reports on 51 large incidents from the regulators, describing impact, root causes, actions taken and lessons learnt. This material is used as input for the European cyber security strategy and the European cyber security exercise.

The Executive Director of ENISA, Professor Udo Helmbrecht, commented: “Incident reporting is essential to obtain a true cyber security picture. The EU’s cyber security strategy is an important step and one of its goals is to extend the scope of reporting provisions like Article 13a beyond the telecommunications sector.”

For Full Report

Background: European Cyber Security Strategy and Art 13a working group documents

For interviews: Ulf Bergstrom, Spokesman, ENISA, press@enisa.europa.eu, Mobile: + 30 6948 460 143, or, Dr Marnix Dekker, ENISA, marnix.dekker@enisa.europa.eu

" alt="News image" style="width:80px;margin: 3px;" />

In a new paper the EU ‘cyber security’ ... More

ENISA | Tuesday, 11 September 2012

More in: SECURITY

Banner
support_home_grown_technology
White Tower Venture PartnersWhite Tower Media
fortunaclick.com - we make egaming
???? Events & Competitions
Business Directory Register & Publish your News
WTMNews Services Get Our Newsletter
Join our LinkedIn Group Subscribe to our RSS Feeds
Facebook Group Twitter
Banner

WTMNews Support

hgda

OpenCoffee

ellak

thessaloniki_manystoriesoneheart

banner_wtm_news_3_-_300x300