New European proposals – NIS2 and cybersecurity agenda – FS 03 2021: Difference between revisions

From EuroDIG Wiki
Jump to navigation Jump to search
Line 113: Line 113:


== Video record ==
== Video record ==
Will be provided here after the event.
https://youtu.be/qJGUfojw7nQ?t=1866s


== Transcript ==
== Transcript ==

Revision as of 16:57, 14 July 2021

30 June 2021 | 10:30-13:15 CEST | Studio Bruges | Live streaming | Live transcription
Consolidated programme 2021 overview / Day 2

Proposals: (#69) #84 #93

You are invited to become a member of the session Org Team! By joining an Org Team, you agree to your name and affiliation being published on the respective wiki page of the session for transparency. Please subscribe to the mailing list to join the Org Team and answer the email that will be sent to you requesting your subscription confirmation.

Session teaser

This session will provide insights from some of the key players in the co-legislative process and offer an opportunity to contribute to shaping the message from EuroDIG on the topics of NIS2 and the EU Cybersecurity Strategy. Expect 135 minutes of intense collaboration and informative discussions.

Session description

In December 2020, the European Commission adopted a proposal for a revised Directive on Security of Network and Information Systems (NIS 2 Directive) and presented a new EU Cybersecurity Strategy. Both documents sparked discussions in the technical community in the EU and globally with regards to their possible impact on the governance of technical internet infrastructure. The session will discuss the NIS2 Directive and the EU Cybersecurity strategy from the technical community perspective, assessing the broader implications of the proposed regulation in Europe and beyond. This session will start with some of the key actors sharing their views, followed by focussed discussions in small groups and concluded by a plenary session where we aim to get consensus messages on these focussed topics.

Format

This session consists of three parts:

Part I: Plenary: Laying out the landscape: (45 mins)

  • Introduction of the NIS2 proposal and the Cybersecurity Strategy by the Commission (Benjamin Bögel, DG CONNECT)
  • Reflections on NIS2 proposal by the EP rapporteur (Bart Groothuis, MEP)
  • Cybersecurity Strategy (Robert Schischka, Austrian CERT)
    • Speakers get 6 minutes each.
    • 20 mins Q&A with the room.

Part II: Break-out rooms: Focused discussion (45 mins)

  • The group will be able to choose which one of the 4 topics they would like to discuss in a breakout session:
    • NIS2: Scope and impact (Root, private DNS, …)
    • NIS2: Data Accuracy obligations (EDPS advice, data driven discussions on link between data accuracy and security)
    • NIS2: Encryption and minimum Cybersecurity risk management measures (Art 18)
    • Cybersecurity strategy and Multistakeholder Governance

Part III: Plenary: Download from break-out rooms and messaging (45 mins)

  • Download from each break-out room (5 mins each)
  • Come to a consensus based message from the attendants of this session. (25 mins)

Further reading

People

Until .

Please provide name and institution for all people you list here.

Focal Point

Focal Points take over the responsibility and lead of the session organisation. They work in close cooperation with the respective Subject Matter Expert (SME) and the EuroDIG Secretariat and are kindly requested to follow EuroDIG’s session principles

  • Peter Van Roste, CENTR

Organising Team (Org Team) List Org Team members here as they sign up.

Subject Matter Expert (SME)

  • Tatiana Tropina

The Org Team is a group of people shaping the session. Org Teams are open and every interested individual can become a member by subscribing to the mailing list.

  • Peter Van Roste, CENTR
  • André Melancia
  • Desara Dushi, Vrije University Brussels
  • Wout de Natris, De Natris Consult/DC-ISSS
  • Gergana Petrova, RIPE NCC
  • Marco Hogewoning, RIPE NCC
  • Andrea Beccalli
  • Fotjon Kosta, Coordinator of Albania IGF

Key Participants

  • Bart Groothuis
  • Benjamin Bögel
  • Robert Schischka

Moderator

Moderators: Overall moderator

  • Peter Van Roste

Break-out session leads:

  • NIS2: Scope and Impact [Marco Hogewoning]
  • NIS2: Data Accuracy [Polina Malaja]
  • NIS2: Encryption [Tatiana Tropina]
  • Cybsersecurity Strategy and Multistakeholderism [Andrea Beccalli]


Remote Moderator

Trained remote moderators will be assigned on the spot by the EuroDIG secretariat to each session.

Reporter

Reporters will be assigned by the EuroDIG secretariat in cooperation with the Geneva Internet Platform. The Reporter takes notes during the session and formulates 3 (max. 5) bullet points at the end of each session that:

  • are summarised on a slide and presented to the audience at the end of each session
  • relate to the particular session and to European Internet governance policy
  • are forward looking and propose goals and activities that can be initiated after EuroDIG (recommendations)
  • are in (rough) consensus with the audience

Current discussion, conference calls, schedules and minutes

See the discussion tab on the upper left side of this page. Please use this page to publish:

  • dates for virtual meetings or coordination calls
  • short summary of calls or email exchange

Please be as open and transparent as possible in order to allow others to get involved and contact you. Use the wiki not only as the place to publish results but also to summarize the discussion process.

Messages

  • FYI: companies outside EU have to choose a representative in EU (DNS, cloud, data centre, search engine)
  • Might be worth to further look into or discuss horizontal vs vertical approaches when defining scope and seeking alignment between NIS2 and other instruments (e.g. EECC)
  • Multistakeholder bodies rely on multilateral bodies for their support, rather then trying to immediately seek multi-lateral solutions
  • Need to educate companies on what is applicable to them, help them and guide them into compliance
  • Concerning registration data, GDPR defines the principles that data controllers should follow. NIS2 is compliant with these principles.
  • There are existing policies within European ccTLDs to ensure registration data accuracy, dependent on national laws and availability of eID solutions.
  • More clarity is needed on accountability and the roles of different entities under the scope of NIS2.

Video record

https://youtu.be/qJGUfojw7nQ?t=1866s

Transcript

Will be provided here after the event.