Contact
QR code for the current URL

Story Box-ID: 470509

ENISA - European Network and Information Security Agency P.O. Box 1309 71001 Heraklion, Crete, Greece http://www.enisa.europa.eu
Contact Mr Ulf Bergström +30 694 846 0143
Company logo of ENISA - European Network and Information Security Agency
ENISA - European Network and Information Security Agency

Clarifying cyber security incident reporting: guidelines on how to implement the new telecom legislation on security & integrity "Art 13a"

(PresseBox) (Heraklion, Crete, )
ENISA, the EU's 'cyber security' agency, has today issued two technical guidelines. The first describes how to implement the mandatory cyber security incident reporting scheme for telecom operators, parameters, thresholds, and how to report; the second describes specific security measures telecom operators should take.

The new telecommunications legislation (EU directive 2009/140/EC) among other things offers protection for consumers against security breaches. Article 13a of the new legislation requires telecoms operators to report security incidents and to take security measures to enable secure and uninterrupted delivery of communication services over European telecommunication networks.

In 2010, ENISA, the European Commission (EC), Member States' Ministries and Telecommunication national telecom regulatory authorities (NRAs), as the "Art13 Working Group" started work to bring clarity to the actual reporting, and to achieve a consistent implementation of Article 13a. This group of actors reached consensus on two guidelines: Technical guideline on cyber security incident reporting, and Technical guideline for minimum security measures.

"A clarification of how to report cyber incidents and how to implement article 13a in a consistent way provides a level playing field for the European telecom sector. This will remove the barriers for European telecommunications providers operating across borders." say Dimitra Liveri and Marnix Dekker, editors of the two documents.

"Incident reporting and minimal security measures are important tools to provide consumers, businesses and governments confidence in the security of telecommunication services. After the recent Diginotar case there is also growing support for broadening the scope of this kind of legislation beyond the telecom sector", says Professor Udo Helmbrecht, Executive Director of ENISA.

The guideline on incident reporting guides NRAs about two types of incident reporting mentioned in Article 13a: the annual summary reporting of significant incidents to ENISA and the EC, and ad hoc notification of incidents to other NRAs, in case of cross-border incidents. This guideline defines the scope of incident reporting, the incident parameters and thresholds. It also contains a reporting template for submitting incident reports to ENISA and the EC, and explains how reports will be processed by ENISA. The guideline for Minimum Security Measures advices NRAs on the minimum security measures that telecom operators should take to ensure security of these networks.

For full reports: https://resilience.enisa.europa.eu/...
The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.
Important note:

Systematic data storage as well as the use of even parts of this database are only permitted with the written consent of unn | UNITED NEWS NETWORK GmbH.

unn | UNITED NEWS NETWORK GmbH 2002–2024, All rights reserved

The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.