ENISA NIS Threats & Prevention

Dr. Steve Purser

Head of Technical Competence Department,

European Network & Information Security Agency (ENISA)

31 August 2011

Attack Trends

The CERT published an overview of attack trends in

2002 (!).

The key points were as follows: Automation; speed of attack tools.

Increasing sophistication of attack tools.

Faster discovery of vulnerabilities.

Increasing permeability of Firewalls.

Increasing asymmetric threat.

Increasing threat from infrastructure attacks.

These trends remain valid to this day.

The Key External Threats

3

The Real Issue

Attackers have learnt how to exploit the weaknesses

created by the new business model and are

themselves becoming more efficient. The window between the publication of a vulnerability and the

appearance of exploit code is continually decreasing.

The real issue - As businesses strive for greater

speed and efficiency, it becomes more difficult to

maintain an effective system of internal

controls.

The solution to this problem lies in how

people react, not technology.

ENISA

The European Network & Information Security

Agency (ENISA) was formed in 2004.

The Agency is a Centre of Expertise

that supports the Commission and

the EU Member States in the area

of information security.

We facilitate the exchange of

information between EU institutions,

the public sector and the private

sector.

Increased Presence in the MS

Mobile Intervention Teams

An important goal of ENISA is to support the

exchange of experience and good practice

between Member States.

By brokering relationships between Member

States, we leverage the expertise in the market –

this is highly scalable.

ENISA will increase its ability to respond quickly in

this area by deploying highly mobile teams to assist

the Member States where the issues occur.

Agility – Mobility – Scalability.

www.enisa.europa.eu

“Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience” – published 30 March.

Proposes five areas, or „pillars‟, of action.

ENISA is explicitly called upon to contribute to three of these areas.

ENISA‟s role is to proactively support

Member States in achieving the

objectives of the CIIP action plan.

Member States must take the lead in addressing the issues.

The Commission CIIP Communication

www.enisa.europa.eu

The European Forum for Member States builds on national approaches to CIIP.

It will be used to foster common understanding of the issues and strategies for dealing with them.

The European PPP for Resilience will provide a framework for supporting collaboration between public and private sectors on NIS policy issues.

There are many challenges in establishing such a PPP, but we can learn a lot from national initiatives.

EFMS & EP3R

Table top exercise

Incidents affecting all Member States

Tested only communication aspects

Involvement of public authorities/bodies only

Concentrated on members of the CIIP community

– no political escalation

Test Carried out on 4 November 2010

First Pan European Exercise

Objectives - Measures

Measures to test:

The contact points in the MS.

The communications channels and the type of data

exchanged over these channels.

The understanding that MS have of the role and

mandate of their counterparts in other MS.

Participation

All EU Member States and 3 EFTA countries (Switzerland,

Norway, Iceland) participated

Profile of Participants:

Ministries, National Regulatory Agencies, CIIP and

Information Security related organisations, CSIRTs and

other related stakeholders

70 organisations and 150 experts

The role of ENISA was to help Member States to prepare -

facilitation and project management.

The role of the JRC was to provide

scientific and technical support for

the exercise itself.

Findings have been published and are

available on the ENISA web site.

These findings have been grouped:

Planning & Structure.

Building Trust.

Understanding.

Points of contact.

A set of recommendations can also be found in the final

report.

Findings

The main recommendations that arose out of

the exercise are as follows:

Future exercises should involve the private

sector.

Lessons-learned should be shared with other national or

international exercises.

Member States should be well-organised internally:

E.g. By developing national contingency plans.

A roadmap for pan-European exercises and

preparedness should be created.

This will include the definition of Standard Procedures.

Main Recommendations

Second pan European CIIP

exercise

Official kick off in May 2011.

Planning workshop held in June.

Liaising with other activities related

to exercises will be key to success.

Draft list of Standard Operating

Procedures.

Draft longer term Roadmap for

Exercises

CYBER EUROPE 2012 - Next Steps

EUROCYBEX : a pilot for Standard Operating Procedures

Time Plan and Relation to EuroCybex

1st Joint EU-US Exercise - key facts

Announced in April during the Hungary

Ministerial Conference

Table top, centralised, discussion based

Exploratory nature, how do we engage each

other?

Planning team with experts from 15 countries

Will be held in autumn 2011

Conclusions

ENISA‟s core business is to facilitate dialogue:

Between Member States.

Between the EU institutions and the Member States.

Between the public and the private sector.

As a Centre of Expertise in the area of Network and

Information security, we are ideally placed to

support the Commission and MS in all matters

relating to NIS – we have looked at CIIP today.

As an Agency that deals extensively with good

practice, we can also help industry face the day-to-

day challenges of the changing threat environment.

18