Over 120 organisations took part in the first working group meetings of the Network and Information Security (NIS) public private Platform last week. They will work to provide input on how to improve cybersecurity risk management and information sharing with the first output expected to be guidance from the Commission next year. They will also contribute to devising the European secure ICT Research and Innovation agenda.
The meetings, which took place in Brussels on 25, 26 and 27 September attracted participants from the public sector (national authorities, research agencies), academia and the private sector (including companies from ICT, finance, post, transport, healthcare, defence and energy sectors).
The NIS Platform was set up as part of the European Strategy for Cybersecurity. The NIS Platform will help public and private organisations improve cybersecurity risk management and information sharing. It will assist and provide the groundwork for the implementation of the proposed NIS Directive.
The NIS Platform will further prepare a Strategic Research Agenda for secure ICT. A key focus will be on turning research results into commercial products, to serve Europe's growth and jobs objectives.
Vice-President Neelie Kroes expressed satisfaction after the first working group meetings: "I am worried about cyber-incidents, cybercrime and weak protection of the digital world. Earlier this year Catherin Ashton, Cecilia Malmström and I put forward a European Cybersecurity Strategy. It is great that today many from the field are actively engaged and cooperating in the NIS platform. That builds trust, that is what we need for our Connected Continent in Europe, and also worldwide. My appeal to you is: deliver practical results, sooner rather than later".
The NIS Platform is part of the European Strategy for Cybersecurity (see IP/13/94). It serves the 2 priorities of achieving cyber-resilience in the EU and developing industrial and technological resources for cybersecurity.
The NIS Platform will provide the groundwork for the implementation of the proposed NIS Directive, which contains general obligations of risk management and incident notification for critical market operators and public administrations (see MEMO/13/71). Guidance from the NIS Platform will feed into Commission recommendations on cybersecurity to be adopted in 2014.
In addition to promoting existing best practices, the NIS Platform will help define the technologies and the processes needed to increase cybersecurity in the future, in an environment that will increasingly rely on ICT to provide other services (e.g. smart electricity grids). The NIS Platform will develop a Strategic Research Agenda for secure ICT, which will serve as a key input to the European Research and Innovation agenda.
The NIS Platform is an inclusive and multi-stakeholder platform, driven by the participants. The work of the Platform has been divided between 3 working groups, chaired by Platform members:
- WG1 on cybersecurity risk management
Chair: Mr. Carl Colwill, Head of Security Risk Management, BT
Co-chair: Mr. Miguel A. Sánchez Fornié, Director Control Systems and Telecoms, Iberdrola
- WG2 on information exchange and incident coordination
Chair: Mr. Waldemar Grudzien, Director, Association of German Banks
Co-chair: Mr. Will Semple, Head of Threat and Vulnerability Management Team, NYSE Euronext
- WG3 on secure ICT Research and Innovation
Chair: Mr. Fabio Martinelli, Security Group Istituto di Informatica e Telematica, CNR
Co-chair: Mr. Raúl Riesco Granadino, Cybersecurity Excellence Program Manager, Inteco
The first working group meetings attracted a lot of interest. Participants welcomed the initiative and actively contributed to defining the areas of work and the working modalities of each working group.
In the course of the discussions, participants stressed the need to raise awareness on cybersecurity risks and on the benefits of risk management and information sharing, in particular for SMEs. They welcomed the risk-based approach promoted by the Commission and insisted that any guidance in this area should be pragmatic and affordable. They stressed the importance of two-way sharing and of having simple incident reporting processes in place, for example by using similar templates when reporting to different authorities. When discussing European research in cybersecurity, participants insisted on the need to secure ICT systems from the design phase. They also agreed that secure ICT developments should focus on the end-user needs.
One participant said: "It is motivating to see the contribution from such a dynamic and diverse community", while another participant mentioned that he "was surprised by the openness of conversations, even with so many different stakeholders present".
Following the first working group meetings, the chairs will organise the work within each group, with the help of a secretariat provided by the Commission and ENISA. The progress of each group will be discussed at the next plenary meeting of the NIS Platform, scheduled before the end of the year.The work of the Platform started during a first plenary meeting in June, following a call for expression of interest organised by the Commission between April and May 2013.