Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
ENISA NIS Threats & Prevention
Dr. Steve Purser
Head of Technical Competence Department,
European Network & Information Security Agency (ENISA)
31 August 2011
Attack Trends
The CERT published an overview of attack trends in
2002 (!).
The key points were as follows: Automation; speed of attack tools.
Increasing sophistication of attack tools.
Faster discovery of vulnerabilities.
Increasing permeability of Firewalls.
Increasing asymmetric threat.
Increasing threat from infrastructure attacks.
These trends remain valid to this day.
The Key External Threats
3
The Real Issue
Attackers have learnt how to exploit the weaknesses
created by the new business model and are
themselves becoming more efficient. The window between the publication of a vulnerability and the
appearance of exploit code is continually decreasing.
The real issue - As businesses strive for greater
speed and efficiency, it becomes more difficult to
maintain an effective system of internal
controls.
The solution to this problem lies in how
people react, not technology.
ENISA
The European Network & Information Security
Agency (ENISA) was formed in 2004.
The Agency is a Centre of Expertise
that supports the Commission and
the EU Member States in the area
of information security.
We facilitate the exchange of
information between EU institutions,
the public sector and the private
sector.
Increased Presence in the MS
Mobile Intervention Teams
An important goal of ENISA is to support the
exchange of experience and good practice
between Member States.
By brokering relationships between Member
States, we leverage the expertise in the market –
this is highly scalable.
ENISA will increase its ability to respond quickly in
this area by deploying highly mobile teams to assist
the Member States where the issues occur.
Agility – Mobility – Scalability.
www.enisa.europa.eu
“Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience” – published 30 March.
Proposes five areas, or „pillars‟, of action.
ENISA is explicitly called upon to contribute to three of these areas.
ENISA‟s role is to proactively support
Member States in achieving the
objectives of the CIIP action plan.
Member States must take the lead in addressing the issues.
The Commission CIIP Communication
www.enisa.europa.eu
The European Forum for Member States builds on national approaches to CIIP.
It will be used to foster common understanding of the issues and strategies for dealing with them.
The European PPP for Resilience will provide a framework for supporting collaboration between public and private sectors on NIS policy issues.
There are many challenges in establishing such a PPP, but we can learn a lot from national initiatives.
EFMS & EP3R
Table top exercise
Incidents affecting all Member States
Tested only communication aspects
Involvement of public authorities/bodies only
Concentrated on members of the CIIP community
– no political escalation
Test Carried out on 4 November 2010
First Pan European Exercise
Objectives - Measures
Measures to test:
The contact points in the MS.
The communications channels and the type of data
exchanged over these channels.
The understanding that MS have of the role and
mandate of their counterparts in other MS.
Participation
All EU Member States and 3 EFTA countries (Switzerland,
Norway, Iceland) participated
Profile of Participants:
Ministries, National Regulatory Agencies, CIIP and
Information Security related organisations, CSIRTs and
other related stakeholders
70 organisations and 150 experts
The role of ENISA was to help Member States to prepare -
facilitation and project management.
The role of the JRC was to provide
scientific and technical support for
the exercise itself.
Findings have been published and are
available on the ENISA web site.
These findings have been grouped:
Planning & Structure.
Building Trust.
Understanding.
Points of contact.
A set of recommendations can also be found in the final
report.
Findings
The main recommendations that arose out of
the exercise are as follows:
Future exercises should involve the private
sector.
Lessons-learned should be shared with other national or
international exercises.
Member States should be well-organised internally:
E.g. By developing national contingency plans.
A roadmap for pan-European exercises and
preparedness should be created.
This will include the definition of Standard Procedures.
Main Recommendations
Second pan European CIIP
exercise
Official kick off in May 2011.
Planning workshop held in June.
Liaising with other activities related
to exercises will be key to success.
Draft list of Standard Operating
Procedures.
Draft longer term Roadmap for
Exercises
CYBER EUROPE 2012 - Next Steps
EUROCYBEX : a pilot for Standard Operating Procedures
Time Plan and Relation to EuroCybex
1st Joint EU-US Exercise - key facts
Announced in April during the Hungary
Ministerial Conference
Table top, centralised, discussion based
Exploratory nature, how do we engage each
other?
Planning team with experts from 15 countries
Will be held in autumn 2011
Conclusions
ENISA‟s core business is to facilitate dialogue:
Between Member States.
Between the EU institutions and the Member States.
Between the public and the private sector.
As a Centre of Expertise in the area of Network and
Information security, we are ideally placed to
support the Commission and MS in all matters
relating to NIS – we have looked at CIIP today.
As an Agency that deals extensively with good
practice, we can also help industry face the day-to-
day challenges of the changing threat environment.
18