The Network and Information Security (NIS) public-private Platform held its second plenary meeting on 11 December 2013 in Brussels. 130 public and private organisations participated. The Chairs of Working Groups 1 (cybersecurity risk management), 2 (information exchange and incident notification) and 3 (secure ICT research and innovation) provided a state of play in terms of organisation, scope of work and issues already explored within each group. The ensuing discussion provided an opportunity to collect views and input from the plenary participants. The plenary meeting was followed by a meeting of WG3 on 12 December. The first draft deliverables of the Platform will be discussed at the next plenary meeting in April 2014.
In its opening remarks, the Commission reminded all involved stakeholders of their role in delivering swift and actionable results in the form of guidance. It reiterated the need for cooperation and coordination between public and private organisations in dealing with the common challenge of ensuring a secure, trustworthy and resilient digital society.
The co-chairs of Working Group 1, Carl Colwill and Miguel A. Sánchez Fornié, welcomed the increasing contribution from WG members. They said: "WG1's aim is now to produce practical guidelines on risk management. We want to recommend solutions that all organisations can apply in the same way across the EU. We will focus particularly on SMEs, which play a crucial role in maintaining supply chain security."
The work of WG1 has been shared between sub-groups, which will make recommendations on: existing risk management methods and gap analysis; existing risk metrics and the need to research new measures; and existing approaches to the application of frameworks and maturity models. Before the end of 2013, WG1 will update and reissue the Terms of Reference with the sub-groups' deliverables, and will produce a detailed project and delivery plan to April 2014.
Waldemar Grudzien and Will Semple, the co-Chairs of WG2, also welcomed the engagement of the participants: “We were greatly encouraged by the engagement and discussions on the progress of Working Group 2 and the draft deliverable. The WG2 sub-group participants will next meet in London during the first week of 2014 to review the current draft and plan the way forward. We readily welcome further input".
Following the plenary meeting, sub-groups will be established as part of WG2 to assess existing information sharing and incident notification practices in Europe and abroad; the practicalities of information sharing (how to establish trust? what information should be shared?); the protocols and standards used for information sharing and incident notification; and the services and incentives to be offered to promote adoption.
Fabio Martinelli and Raúl Riesco Granadino, co-Chairs of WG3, underlined the importance of sharing the progress of their group with the plenary: “The plenary meeting has been a unique opportunity to share with the overall NIS platform constituency our work plan and methodology. In particular, the focus on business and innovation aspects, which has been a distinctive feature that emerged from WG3 member discussion, has been well received."
On the day following the plenary, WG3 organised a meeting to progress in particular on the content of the Strategic Research Agenda for secure ICT, in the areas of citizens, organisations, and infrastructures.
The NIS Platform is part of the European Strategy for Cybersecurity (see IP/13/94), which calls on the Commission to set up a public-private platform to identify and develop incentives to adopt good cybersecurity practices and promote the development and the adoption of secure ICT solutions.
The NIS Platform, responding to the increasing cybersecurity challenge that public and private organisations now face, will issue guidance on risk management, information sharing and incident notification. Such guidance, delivered in spring 2014, will be applied on a voluntary basis. It will feed into Commission recommendations on cybersecurity, to be adopted in 2014. The Commission recommendations will serve as a reference document to help the organisations concerned to comply with the obligations contained in the proposed NIS Directive (see MEMO/13/71), once adopted and enacted into national law. The NIS Platform will advise the Commission on the implementation of the European research and innovation policy in the field of secure ICT, including future research work programmes under H2020 and industrial initiatives. The combination of legal action, operational recommendations and research and innovation funding is seen as essential to increase cyber-resilience in Europe.
At present, the NIS Platform has more than 200 members, including public organisations from 18 Member States, representatives from research and academia and various industry sectors.
The first meeting of the Platform took place on 17 June 2013, followed by kick-off meetings of the working groups between 25 and 27 September. The next plenary meeting will take place in April 2014.
More information on the NIS Platform and the work of the groups can be found on the online portal.