Discussion on the NIS Directive and on the protection of critical infrastructure is still needed

This second event organised by both the National Security Authority (NSA) and European Network and Information Security Agency (ENISA) took place on November 30th 2018 in Bratislava. During the workshop it was again approved that constructive dialogue on the needs and experience in application of the NIS Directive and the protection of critical infrastructure among security specialists, public authorities and relevant sectors has to be kept on.

The workshop attended more than 100 participants from more than 15 countries. The participants had a chance to enter discussions during presentations of specialists who are able to review the impact of the NIS Directive on their working areas. The high attendance on the workshop indicate that these topics are not closed for EU member states even despite the fulfilment of requirements to transpose the NIS Directive into the national legislation.

The opening of the workshop was launched by the Director of the NSA Office, LTC. Blažej Lippay, who invited guests, introduced speakers and pointed out the importance of the cooperation in the fight against security incidents in cyberspace. As it was presented „we have to realise that the protection of critical infrastructure within EU member states is not finished by gathering of all of the rules into national legislation. This is just the basis on which the long-term process will begin. It is important to be able to implement these procedures in practice reflecting many of technical and organisational aspects. The open discussion with all stakeholders is therefore beneficial for all of us, since only together we are able to evaluate which way will help us to reach the common target – to ensure secured cyberspace within the EU”.

Subsequently the floor was given to Dr. Evangelos Ouzounis, Head of Unit, Secure Infrastructures and Services, ENISA, presenting experience of ENISA in reaching the high level of critical infrastructure protection, and Mr. Jan Adamovský, Chief Security Officer from Slovak Sporiteľňa, presenting the necessity of ensuring cybersecurity from the perspective of digital banking. In the presentation, there was appeal for strengthening the cooperation between public and private sectors.

The keynote speech was closed by Mr. Massimo Rocca, Chairman, EE-ISAC Chair and Enel Security, European Energy, who reminded the audience that for energy organizations it is essential to share information based on mutual trust. He also warned that only by the proactive analysis of threats, vulnerabilities, incidents, solutions and opportunities the most effective security measures in energy sector could be taken.

For the content diversity the workshop was divided into two parallel sessions. In the first one, focused on National supervision and incident response, there were renowned experts on cybersecurity from national CSIRTs and bank sector. The NIS Directive transposition into Spanish legislation was introduced by Mr. Fernando J. Sánches Gómez from Spanish Ministry of the Interior, the Director of the National Centre for Infrastructure Protection and Cybersecurity and the Secretary of State for Security. Slovak National Unite, SK-CERT, was represented by its Director, Mr. Rastislav Janota. He clarified how the communication procedure works at national level within the Slovak Republic, how his team minimizes reaction time and ensures the all stakeholders are properly informed on incidents, for instance by simplifying and automatization of the report notification process, by the distribution of information related to an incident and other relevant notifications. “Gathering incident notification on national level is not an easy task. This information is supposed to be distributed to all relevant institutions including SK/CERT, and each CSIRT team responsible for each sector and organization and in accordance to the situation to other specialized agencies as well. The ability to react quickly and adequately on cyber incidents depends on the quality of communication between SK-CERT and subjects involved. Therefore, we are constantly trying to improve it”.

The second parallel session opened the view of experts from the private sector and public institutions on the topic of cross-border and cross-sector issues. Interested presentations were presented by Mrs. Marianthi Theocharidou, the project offcer from EC Joint Research Center, by Mr. Ulrich Latzenhofer, the expert in trust services and network security, or by Mr. Marián Trizuliak, the Information Security Officer form ZSE, a.s. The experience of ENISA with the NIS Directive was shared with the audience by Mr. Athanasios Drougkas.

The workshop was closed with the last presentation by Mr. James Caffrey, the policy officer from DG Connect, European Commission. He offered the audience the view on the Connecting Europe Facility (CEF) Telecom, which is the key instrument in financing the EU in the support of growth, employment and competitiveness through targeted investments to the infrastructure. It supports the development of highly effective, sustainable and effectively interconnected trans-European networks in the area of transport, energy and digital services.