1 / 11

Auditing Cybersecurity policy and measures

Auditing Cybersecurity policy and measures. Danièle Lamarque, Member of the European Court of Auditors. What is cybersecurity?. No universally accepted definition of cybersecurity

rnunez
Download Presentation

Auditing Cybersecurity policy and measures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Auditing Cybersecurity policy and measures Danièle Lamarque, Member of the European Court of Auditors Page 27

  2. What is cybersecurity? Page 27 • No universally accepted definition of cybersecurity • Provision of security capabilities that apply to cyberspace (set of links and relationships between objects that can be accessed through electronic communication networks or by common interface between connected devices, thus enabling control of them or access to their data by remote means) • Cybersecurity involves the prevention and detection of and response to cyber incidents

  3. A rapidly growing risk Page 27 • Types of cyber attacks: malicious software, ransomware, distributed denial of service, phishing, advanced persistent threats, disinformation campaigns, … • A serious cyberattack could cost the global economy more than 100 billion euros • 80% of EU businesses experienced at least one cybersecurity incident in 2016 • Security incidents rose by 38% from 2015 to 2016, cyber insurance premiums increase • In 2017 Wannacry ransomwareand NotPetya malwareaffected 320 000 victims in around 150 countries • Cyberspace has become increasingly militarised and weaponised

  4. The EU cybersecurity policy Page 27 • A top priority reaffirmed by the current Commission • The aim is to make the EU’s digital environment one of the safest while not compromising on privacy and the right to free speech and improve the judicial response to cybercrime • The objectives of the EU Cybersecurity Strategy (2013) are to increase cyber resilience, reduce cybercrime, develop cyber defence policies and capabilities, and develop industrial and technological cybersecurity resources • Itinterlinks with the European Agenda on Security (2015), the Digital Single Market Strategy (2015) and the 2016 Global Strategy

  5. The EU cybersecurity policy (cont’d) Page 27 • The Network and Information Security Directive (2016), to be transposed by May 2018, is the first EU wide legislation on cybersecurity. It aims to achieve a minimum level of harmonised cabalities in the MS • The GDPR (General Data Protection Regulation, 2016) applied from May 2018, aims at protecting citizens’ personal data

  6. The EU cybersecurity policy (cont’d) Page 27 • A complex landscape with many stakeholders : EU institutions and agencies (Europol, ENISA -European Network and Information Safety Agency- and CERT-EU - Computer Emergency Response Team-), Member States, NATO, private sector … • … where coordination and information sharing are key • A prerogative of the Member states, the EU facilitating cooperation and incentives for improving capacities • EU spending is implemented through a complex set of instruments and is estimated to be at least 1,4 billion euros (2014-2018)

  7. A topical audit issue Page 27 • Half of EU SAIs have published cyber-related audits • The European Court of Auditors will very soon publish a briefing paper on « Challenges to effective EU cybersecurity policy » • The briefing paper provides an overview of the EU’s complex cybersecurity policy landscape and identifies the main challenges to effective policy delivery

  8. Audit issues and Policy challenges Page 27 • Evidence based policy making depends on the availability of sufficient reliable data to help monitoring it. This is often not available • In the EU context, the transposition of EU legislation in the Member States gives legislation its full potential • The audit of funding and spending requires reliable statistics and a clear overview of the resources used • Building a cyber-resilient society needs strengthening govenance and standards, training, and raising skills and awareness in all sectors (justice, administration, army…)

  9. Audit issues and Policy challenges (cont’d) Page 27 • In the EU context, improving information exchange and coordination among EU institutions and with Member States, and with the private sector, is a key challenge • Responding effectively to cyber incidents needs a rapid detection and response : once a breach has been detected and analysed, swift reporting is necessary, so that other public and private entities can take preventive action (people are often reluctant to recognise and report an incident). Early involvement of law enforcement is essential. • In the EU, protection of critical infrastructure and societal functions is key (e.g. elections)

  10. Conclusion Page 27 • Cybersecurity is on top of the agenda of the Union and its Member States • The ECA’s report highlights some of the main challenges to the EU’s ambition of becoming the world’s safest digital environment and enhancing its autonomy to address the risk of technological dependence and vulnerability to non-EU operators

  11. Page 27 Thank you for your attention daniele.lamarque@eca.europa.eu

More Related