More than 100 experts attend the joint NSA-ENISA Cybersecurity workshop in Bratislava

Back to News

ENISA and the National Security Authority of Slovakia organized a cybersecurity workshop, with the goal of bringing together cybersecurity experts working in critical sectors like energy and finance, experts from CSIRTs and experts working at the national authorities with supervision tasks under the NIS Directive.

The workshop featured a diverse set of over 100 participants from 15 countries from academia, research, finance, energy, European Commission, JRC, etc.

2018 is the year the NIS Directive gets implemented across the EU. Most countries have already transposed the NISD in their national laws and many countries are now in the process of fine-tuning and adapting their national laws and national setup to best fit their setting. This joint NSA-ENISA workshop had a focus on critical information infrastructure protection (CIIP) and the NIS Directive.

Ratislav Janota, director of the SK-CERT, said: “Cybersecurity is a national issue and the protection of critical sectors requires a partnership with the operators of essential services. For us it is a priority to engage with industry early and often. Not only to get the right laws and supervisory mechanisms in place, but also to ensure that we take the right practical steps to improve security. This joint NSA-ENISA workshop offered a great platform for discussions and engagement. “

Evangelos Ouzounis, Head of ENISA's Secure Infrastructures and Services Unit, said: “Slovakia is one of the front-runners when it comes to implementing the NIS Directive. For us, it is a useful learning experience to speak and engage with the national CSIRTs, the national authority, and the sector here in Slovakia, about how the cybersecurity framework is developing and what the challenges are. We look forward to organising more regional workshops in other parts of Europe, to better engage with industry and local players.“

The workshop was opened with welcoming words and a keynote from the Director of the NSA Office, Blažej Lippay, pointing out the importance of cooperation in the dealing with cybersecurity incidents.

Evangelos Ouzounis welcomed the participants on behalf of ENISA and gave a keynote address giving an overview of ENISA's work in the area of critical information infrastructure protection and the NIS Directive.

Jan Adamovský, Chief Security Officer from the Slovak Sporiteľňa, gave a presentation about cybersecurity challenges in digital banking, urging better cooperation between public and private sectors.

Massimo Rocca from Enel Security and chairman of the European Energy ISAC (EE-ISAC) spoke in his keynote about the importance of sharing information based on mutual trust and the need for the energy sector to address threats and vulnerabilities pro-actively.

There were two break-out sessions with more in-depth technical discussions. One break-out session, led by Marnix Dekker, ENISA, focussed on national supervision and incident response:

- Camilla Lundahl, head of IT security at Avanza, a Swedish bank, spoke about how to work with ethical (white-hat) hackers and how to leverage their skills;

- Fernando J. Sánches Gómez, the Director of the National Centre for Infrastructure Protection and Cybersecurity, spoke about the need to consider the CIP directive, and the subsequent CIIP and NIS Directive as a whole;

- Otmar Lendl, team lead at CERT.AT, spoke about the different national and sectorial CSIRTs, cooperation techniques and how important the social contacts are in this field;

- Ratislav Janota, director of the SK-CERT, spoke about the NIS Directive implementation in Slovakia, and how to make the new NIS Directive tasks and roles useful for industry.

The other break-out session, led by Athanasios Drougkas, ENISA, focused on cross-border and cross-sector dependencies:

- Marianthi Theocharidou, from the European Commission's Joint Research Center (JRC) showcased JRC's GRAASP tool for mapping interdependencies;

- Ulrich Latzenhofer, responsible for trust services and network security at RTR, the Austrian regulator, spoke about the Austrian approach to national risk assessments;

- Marián Trizuliak, Information Security Officer at ZSD, a Slovakian energy distributor, spoke about the importance of cross-sector dependencies.

The workshop was closed with a presentation by James Caffrey, from the European Commission, who explained the overall landscape of EU cybersecurity policy and focused on EU cybersecurity funding. Mr. Caffrey also highlighted the recently opened Connecting Europe Facility (CEF) funding calls for cybersecurity, which are a key instrument in financing public and private sector organizations in the EU, supporting cybersecurity improvements and the implementation of the NIS directive.