Cybersecurity for the EU telecom sector: The ENISA Article 13a Expert Group concludes a successful meeting in Stockholm, Sweden

The Article 13a Expert Group was set up almost 10 years ago by ENISA, under the auspices of the European Commission, to agree on a harmonised implementation of Article 13a of the Telecom Framework Directive, which requires EU countries to supervise the security of telecom networks and services in the EU. Information about workshops, guidelines, etc can be found at: http://resilience.enisa.europa.eu/article-13/  

Programme and speakers

The programme featured included talks from the private sector, as well as from public bodies,  on a wide range of topics relevant for security the EU telecom sector. 

  • Patrik Bystedt, Head of the Secure communications department, at PTS, the Swedish telecom regulator, and Evangelos Ouzounis, Head of the Secure Services and Infrastructures unit at ENISA, opened the event. Both underlined that in this period telecom security has only grown in importance and is now front and centre, not only at the political level, in the press, but also at technical level, for instance in the context of IoT.
  • Anders Lindell, from DG CNECT, the European Commission’s general directorate responsible for the telecom rules but also the NIS Directive, among other things, explained the new European Electronic Communications Code (EECC). The EECC was adopted end of last year and it updates many important telecom rules in the EU. Article 13a, which sets security requirements for telecom providers, will be replaced by Article 40, and will be broader in terms of services in scope as well as incidents in scope.  
  • Dirk Ytsma from the Dutch telecom regulator gave an update on their work to understand and analyse the impact of power outages in the telecom sector in the Netherlands.
  • Åsa Sjöström, from the Swedish Metoffice, gave an overview of the impact of climate change impact on Sweden and about the ongoing climate adaptation efforts in Sweden.
  • Carla Baker, from Symantec, gave an overview of the global cybersecurity threat landscape.  
  • Shahid Raza, Director Security, at RISE SICS, the Swedish government’s R&D institute, discussed RISE’s cybersecurity work and its relation with ongoing EU projects and funds.
  • Anders Broberg, from STOKAB, a Swedish dark fibre operator, discussed how STOKAB built an expansive fibre network, connecting even bus stops, and preparing for the smart city.
  • James Christie, from PTS, gave an overview of some of the issues and challenges we can expect in the future development and deployment of 5G.
  • Amy Lemberger, Director of Security at GSMA, the global industry association for mobile network operators, discussed e-SIMs and security, another step in the evolution of the telecom sector, set to replace the mobile phone SIM cards.
  • Jaya Baloo, CISO of KPN, the Dutch incumbent operator, covered a range of hot security topics, such as BGP and DDoS, and different important industry initiatives such as MANRS and the Dutch Continuity Board (which is not limited to Dutch operators). 
  • Sam Hitz, from Anapaya, explained SCION, a new and clean slate solution for the BGP routing problems based on paths. SCION is being tested in some first deployments for example between the offices of the Swiss ministry of foreign affairs in different countries.
  • Marnix Dekker, from ENISA, explained the upcoming ENISA paper on BGP, which shortlists 7 security steps to mitigate BGP security risk

Day two

The second day of the Article 13a EG meeting was attended by 40 experts from telecom regulators and supervisory authorities from 20 EU and EFTA countries, the European Commission and ENISA, in a more closed setting. In this closed part of the meeting, NRAs discuss specific supervision topics and joint activities such as the annual summary reporting of significant telecom security incidents. For the interested reader, the statistical data about these 2018 incidents is already available in the online visual analysis tool and can be used for custom data aggregations and analysis.   

For more info: www.enisa.europa.eu