Cybersecurity Ecosystem Luxembourg - 08/05/2019

No Description

PRESENTATION OUTLINE

Cybersecurity in Luxembourg

A Journey through the last 20 years
Photo by 55Laney69

RELIABLE - DYNAMIC - OPEN

the economy in brief

What about cybersecurity ?

it all started 20 years ago...

"ILOVEYOU" VIRUS (2000)

a wake up call
Photo by Julie Edgley

Key Milestones of the last 20 years

  • 2002 - First masterplan by the MECO
  • 2006 - CASES: "best awareness" by ENISA
  • 2008 - CIRCL: first CERT in Luxembourg
  • 2009 - BEE SECURE safer internet centre
  • 2010 - creation of SECURITYMADEIN.LU
  • 2011 - creation of CSB
  • 2017 - launch of C3
  • 2018 - national cybersecurity strategy III
Photo by randomwire

TODAY

A very DYNaMIC ecosystem

Cybersecurity Ecosystem Luxembourg

  • National Cybersecurity Board
  • Inter-ministerial coordination committee
  • HCPN, ANSSI, GOVCERT
  • SMILE, CASES, CIRCL, C3, BEE SECURE
  • CERT.LU community
  • Regulators (CNPD, CSSF, HCPN, ILNAS, ILR)
  • Providers, associations, user-communities
CSB - CyberSecuirty Board
Photo by Phil's 1stPix

2018 - 2020
1. BUILDING PUBLIC CONFIDENCE IN THE DIGITAL ENVIRONMENT
2. PROTECTING DIGITAL INFRASTRUCTURES
3. PROMOTING THE ECONOMY

Guideline 1. strengthening public confidence in the
digital environment

- Knowledge-sharing between all stakeholders
- Disseminating information on risks
- Raising awareness of all the parties concerned
- Responsible disclosure
- Combating cybercrime

Guideline 2. digital infrastructure protection

- Census of essential and critical digital infrastructure
- Security policies
- Crisis management
- Standardization
- Strengthen international cooperation
- Cyber defense
- Strengthening the resilience of the State’s digital infrastructure

Guideline 3. promotion of the economy

- Creating new products and services
- Pooling security Infrastructures
- Requirement benchmarks and contractor
- Creation of the Cybersecurity Competence Centre (C3)
- Risk management and informed governance
- Training and training aid
- Collaboration between parties in charge of information security
- Collaboration between experts in incident response
- Priority for research: start-ups
- Code disassembly and identifying vulnerabilities

National Protection (3)

  • PIU CYBER (HCPN)
  • GovPolSec (ANSSI)
  • CERC (GOVCERT)
  • DDoS Scrubbing Centre (HCPN)

Securing the Economy (4)

Threat Sharing

Risk Collaboration

COMPETENCE BUILDING

full immersive CYBERATTACK SIMULATOR

world's first

National CERT/soc Community (5)

CERT.LU community:

- 5 public
- 5 private

working together on a daily basis to cope with cyber incidents in Luxembourg and abroad.

Compliance (6)

  • GDPR (CNPD)
  • PSF (CSSF)
  • CIP (HCPN)
  • PSDC (ILNAS)
  • NIS (ILR, CSSF)

Threat Landscape

INCIDENTS IN LUXEMBOURG

BY TYPE

BY SECTOR

Don't suffer in silence

Guideline 1. strengthening public confidence in the
digital environment

- Knowledge-sharing between all stakeholders
- Disseminating information on risks
- Raising awareness of all the parties concerned
- Responsible disclosure
- Combating cybercrime

Guideline 2. digital infrastructure protection

- Census of essential and critical digital infrastructure
- Security policies
- Crisis management
- Standardization
- Strengthen international cooperation
- Cyber defense
- Strengthening the resilience of the State’s digital infrastructure

Guideline 3. promotion of the economy

- Creating new products and services
- Pooling security Infrastructures
- Requirement benchmarks and contractor
- Creation of the Cybersecurity Competence Centre (C3)
- Risk management and informed governance
- Training and training aid
- Collaboration between parties in charge of information security
- Collaboration between experts in incident response
- Priority for research: start-ups
- Code disassembly and identifying vulnerabilities
Photo by RebeccaBarray

FURTHER TOGETHER

Thank You

Pascal Steichen