Our own ENISA Lounge will feature serving as a spot for discussion and exchange of views between high-ranking conference guests from politics, administration, business and media.
The hub brings disruptive trends, smart technologies and the people behind them to Berlin. Global players and startups, CEOs and CIOs, science and politics establish networks and shape the digital future.
For interviews and press enquiries please contact firstname.lastname@example.org
Amomg the themes to be discussed and presented at this year's Bitkom hub event are: digital sovereignty, industry 4.0, automotive, eHealth, smart drones and robots, thinking machines, augmented humans, and digital transformation.
ENISA, as Europe’s cyber security agency, is permanently studying on how cyber-security impacts different modern technologies. Below you can find some relevant work in areas closely related to the main topics in this year’s Bitkom event:
Securing Smart Homes
Currently “smart home environments” complement traditional home appliances with connected devices that collect, exchange and process data to create added-value services and enhance the quality of life of inhabitants.
Emerging smart homes’ cyber threats such as malware on Smart TV or remote access to baby monitors, underscore the dependence on various technologies. As the security and privacy implications are not always clear to developers and users, they lead to possible consequences on the life, health and safety of users. Smart homes face several challenges: traditional manufacturers develop connected objects with innovative functionalities but a limited investment to ensure their security. The rapid development of smart home devices reuses several third-party components such as hardware, software and services, while the security implications of these building-blocks still remain a difficult aspect.
This year, ENISA proposes a holistic approach with actionable good practices to secure smart home devices and services and has reported on good practices and common threats on Intelligent Transport Systems.The agency has analysed intelligent transport systems with a view to evaluate the current status of cyber security by public transport operators across the EU while in 2016, ENISA will focus on how to secure Smart Cars.
New technologies, such as cloud computing, smart devices and the Internet of Things, already provide the innovation drive eHealth needs. As cyber security challenges grow alongside services in 2016, ENISA focuses on the adoption of Cloud computing by healthcare providers and carry out an analysis regarding Smart Hospitals.
The term eHealth is widely used in academia, private and public sector, standardisation bodies, manufacturing organisations and vendors. eHealth systems extend from regional systems, where patients can access online basic data on their treatment, to national schemes like ePrescription services or cross border eHealth information sharing.
ENISA acknowledges the significance of eHealth not only as a major contributor to the societal and financial welfare but more specifically as a critical information infrastructure and focuses for the first time on the security challenges and risks of ICT of the health sector in the Member States. Given that healthcare services have been recognized as a critical societal function, it is important to analyse the degree to which various eHealth systems and infrastructures are critical for the secure provision of healthcare services.
ENISA Threat Landscape
The ENISA Threat Landscape (ETL) provides an overview of threats, together with current and emerging trends. It is based on publicly available data and provides an independent view on observed threats, threat agents and threat trends. It is a collection of threats. It contains identified threats, trends observed and threat agents involved. ETL consists of a list with top threats prioritized according to the frequency of appearance and NOT according to the impact caused. It is a report summarizing cyber threats that have been accessed by collecting publicly available information. This report appears on a yearly basis. Moreover, every year thematic threat landscapes are developed.
Privacy enhancing Technologies (PETs)
With the progress in the field of information and communication technologies, and especially due to the decrease in calculation and storage costs, new challenges to privacy and data protection have emerged. One important element in this endeavour are technical mechanisms, most prominently so-called Privacy-Enhancing Technologies (PETs).
ENISA contributes to bridging the gap between the legal framework and the available technological implementation measures by providing an inventory of existing approaches, privacy design strategies, and technical building blocks of various degrees of maturity from research and development. Moreover, ENISA provides tools to assess the maturity and quality of these building blocks as well as their limitations.
For more information visit the link.
The security of ICS-SCADA (Industrial Control and Supervisory Control and Data Acquisition Systems) is increasingly recognized as a high priority area among European Critical Infrastructure operators due to its strategic impact on processes essential for uninterrupted functioning of the EU industries and economy.
A rapidly increasing number of incidents in the ICS-SCADA domain, many of which are confirmed or believed to result from cyber-attacks, reveals the vulnerability and fragility of this area and highlights the importance of continuous improvement of ICS-SCADA security for critical service providers. Furthermore, dependencies of Critical Infrastructure across the EU increases the attack surface and potential impact of cyber incidents. ENISA, as part of its activities, released a series of reports and documents tackling the topic of cyber security in industrial control systems.
ENISA has recognised that smart grids, as a Critical Infrastructure, should operate securely and by respecting end users’ privacy. For that reason, it has decided to further investigate the challenges of ensuring an adequate smart grid protection in Europe, in order to help smart grid providers to improve the security and the resilience of their infrastructures and services.
Defining a common approach to addressing smart grid cyber security measures will help achieve this. The adoption of a particular set of security measures needs the consensus and cooperation of various stakeholders in the smart grid community. A coordination initiative could allow a common and generally accepted approach to addressing smart grid security issues. Moreover, the development of a common approach to addressing smart grid cyber security measures will help not only regulators by harmonising the complex smart grid’s environment but also by providing incentives to other involved stakeholders to continuously strive for the improvement of their cyber security. In this light ENISA, has performed a number of studies in the area of smart grid security
eIDAS / TSPs
In order to remove barriers for cross-border trust services and having regard to results from successful European projects like STORK, which have shown that technical issues of interoperability can be overcome, the European Parliament and the Council of the European Union adopted the Regulation on electronic identification and trust services for electronic transactions in the internal market, which provided for the legal recognition of electronic signatures.
The Regulation strengthens the provisions for interoperability and mutual recognition of electronic identification schemes across borders, enhances current rules for electronic signatures and provides a legal framework for other types of trust services (electronic seals, electronic delivery services, electronic documents, time stamping services and web site authentication). ENISA collaborates very closely with the Commission on the technical aspects of the introduction of eIDAS.
For more information visit the link
ENISA’s work does not stop here, as cyber-security is reaching also other areas, that are not necessarily the focus of this conference. Below you can find, a short overview in some related ENISA work:
Cloud Security for SMEs
The target of this initiative is public and private sector information security officers that are using and have integrated cloud services in their everyday life or would consider procuring cloud services for their business. It also addresses all digital users that are using everyday popular cloud services (social media etc.) e.g. Facebook, Dropbox, Instagram, Twitter and many more, so that they know how the cloud model functions, which are the benefits and which are the drawbacks and to be in the position to assess what kind of information they should or should not put in the “cloud”.
ENISA focuses more on supporting SMEs and public administration bodies to assess the situation before moving to cloud services. For more information visit the link
Network information Security in Finance Sector
The growing relevance of information and communication technologies in the essential functions of the economy has reinforced the necessity of prevention and protection measures in all sectors, naturally including the finance sector. This report aims at understanding and comparing the obligations relevant to Information Security within the finance sector in the EU Member States, to compare them with the Industry’s prospects, and to draw a clear vision of important priorities.
Art. 13a and the telecom sector
In today’s interconnected world, telecommunications are transforming the way people engage in their everyday lives. Economic development is strongly related to the existence and well-functioning of the telecommunication networks. Art. 13a, of the Directive 2009/140 EC, is part of the Telecom Package and aims at ensuring the security and integrity of electronic communication networks and services (telecom). In this area, ENISA has the responsibility of collecting incidents and actions taken within member states telecom sectors, and contribute to the “harmonization of appropriate technical and organizational security measures by providing expert advice” and by “promoting the exchange of best practices”.
As incident reporting within the telecom sector, became one of the most important pillars in the Agency’s activities, some considerable work has been produced in this area over time:
Impact evaluation on the implementation of Article 13a incident reporting scheme within EU, Annual Incident Reports 2014, Technical Guideline on Incident Reporting, Technical Guideline on Security Measures, Guideline for Threats and Assets
Supply chain integrity
ENISA has identified what supply chain integrity means in the ICT context and it has proposed measures to improve assurance in supply chain integrity. The support of ENISA for network and information security in finance, aim at the outsourced assets of the finance sector, the supply chain and the reporting of breaches.
National Cyber Security Strategies
In a constantly changing cyber threats environment, EU Member States need to have flexible and dynamic cyber security strategies to meet new, global threats. A national cyber security strategy (NCSS) is a plan of actions designed to improve the security and resilience of national infrastructures and services. ENISA is helping the MS create their own strategy and keeps an updated map of all existing maps in the EU and worldwide
Cyber Crisis Cooperation
Crises originating in cybersecurity incidents are no more science fiction. European companies regularly face such situations which, in several cases already, escalated in national and multinational crises. ENISA assists EU public and private cybersecurity experts in preventing and reacting to future crises. In particular, ENISA organises regular crisis exercises with hundreds of participants to train experts, foster cooperation amongst them and provide guidance on best practices. The Agency also provides expert trainings on crisis management, crisis planning or exercise development, conducted several studies and organised international conferences on the topic of cyber crisis cooperation.
For more information visit the link
ENISA Cyber Security Training
ENISA Cyber Security Training material was introduced in 2008, and was complemented ever since. The material contains essential material for success in the CSIRT community and in the field of operational security.
In the link you will find all the needed material to organise a successful training like tutorials for teachers, handouts for students and virtual image to support hands on training sessions.Some of the highlights of training scenarios are available here.
The European Cyber Security Month (ECSM) is an EU advocacy campaign that promotes cyber security among citizens and advocates for change in the perception of cyber-threats by promoting data and information security, education, sharing of good practices and competitions. The European Union Agency for Network and Information Security (ENISA), the European Commission DG CONNECT and Partners are deploying the European Cyber Security Month (ECSM) every October.
The European Cyber Security Month (ECSM) is about capacity building by empowering EU citizens to build up their e-skills.
#digitaleducation #eskills #coding #e-jobs #digitalmarket #PPP #training