Last week the EU Agency for Cybersecurity hosted the 30th Article 13a meeting in Brussels.
The first part of the meeting was open and attended by 150 telecom security experts from the public and the private sector including telecom operators, suppliers, industry associations, national authorities, cybersecurity experts and policy makers.
The second part of the meeting was closed and attended by 50 experts from European telecom security authorities, who extensively discussed legislation, reporting thresholds, amongst other topics.
Programme and speakers
The programme included talks on a wide range of telecom security talks, with speakers from the public and private sector. A short summary of the talks is as follows:
- Vangelis Ouzounis, EU Agency for Cybersecurity, Warna Munzebrock, Dutch Radiocommunications Agency and chair of the Article 13a group, and Jakub Boratyński, European Commission, gave opening statements to kick off the meeting.
- Oscar Koeroo, KPN, spoke about the security mix and meeting unknown expectations
- Thomas Tschersich, Deutsche Telekom, discussed zero-trust networks
- Tanja Lange, Eindhoven University of Technology, spoke about quantum computing and progress in post-quantum cryptography.
- Julie Ruff, European Commission, gave a presentation about the EU toolbox for 5G cybersecurity
- Mikko Karikytö, Ericsson, spoke about 5G Security from the supplier perspective.
- James Moran, GSMA, outlined the Network Equipment Security Assurance Scheme (NESAS).
- Bert van den Oord, Royal Netherlands Meteorological Institute, presented the impact of space weather (solar flare for example) on vital sectors.
- Lorelien Hoet and Florian Pennings, Microsoft, spoke about Microsoft as a global cloud player in a cybersecurity and telecom environment.
- Nina Cummins, Facebook, spoke about security reporting under the EECC, the new European telecom rules.
- Nicolas Mayer, LIST, and Kevin Cassoli, IRIS, presented a new tool for integrated and model-based Article 13a compliance.
- Benoit Vivier, European Emergency Number Association EENA112, spoke about the evolution of (112) access to emergency services.
- Marnix Dekker, EU Agency for Cybersecurity, discussed about the importance of securing DNS.
- Fennel Aurora, F-Secure, closed the day with a compelling talk about the importance of privacy in the electronic age.
Day Two
The second part of the meeting was closed and only for experts from telecom regulators and supervisory authorities from 30 EU and EEA/EFTA countries. In this closed part of the meeting, regulatory topics such as the new reporting thresholds for breach reporting under the new telecom security rules (the EECC) and how to update the Article 13a security framework to better fit the new telecom rules were discussed.
Other ENISA events back-to-back
To reduce the amount of air travel for these groups, ENISA organised other meetings back-to-back. Earlier in the week, the Agency hosted the 3rd meeting of national authorities for the security of digital infrastructures under the NIS Directive (TLD, IXP, DNS). At the end of the week, the Agency organised a 5G security seminar for the telecom security authorities to build up technical knowledge on 5G, mobile networks, interconnections and signalling.
Related Telecom Security Work
The new telecom rules will come into force at the end of 2020. The Agency recently published a paper listing the changes in telecom Security Supervision under the European Electronic Communications Code (EECC).
For the interested reader, the statistical data about telecom security 2018 incidents are available in the Telecom security incident reporting - Visual Tool, which allows custom data aggregations and analysis.
In the coming months ENISA will publish the ‘Annual Telecom Security Incident’ report, which aggregates and analyses the major incidents which were reported across Europe in 2019. The previous Annual Report Telecom Security Incidents 2018 showed interesting trends, regarding the size of system failures (decreasing) and the overall impact of natural phenomena (increasing, and for the first time the biggest share).
Background
Over the last 10 years, the EU Agency for Cybersecurity has worked closely with European telecom security authorities to implement Article 13a of the Framework directive, i.e. regarding incident reporting and security requirements for telecom operators. The Article 13a group meets 3 times per year. Once per year we organise a telecom security meeting for a broader audience.
The Article 13a Expert Group was set up 10 years ago by the Agency, under the auspices of the European Commission, to agree on a harmonised implementation of Article 13a of the Telecom Framework Directive, which requires EU countries to supervise the security of telecom networks and services in the EU.
Further Information
Details on the Article 13a Group are available on the Resilience portal - Article 13a
If you like to know more, or if you want to join our mailing lists to be kept up to date about our telecom security work or to receive invitations for future telecom security meetings, please contact us via resilience@enisa.europa.eu
For queries or interviews, please contact press@enisa.europe.eu