Who is who in the EU Security Directives?

I have finished reading the Security Directives for the European Union last week, but I would like to highlight this time the group of people and organizations that have to work together to achieving a high common level of security of network and information systems (NIS) within the Union. Mainly, I have drawn the main actors that play an important role in the European Union when an incident takes place within the Union, as this is a significant fact that involves incident reports from the bottom to up.

Reporting Hierarchy


The first thing that Member States have to do is to make a list of operators of essential services to ask them for notifying incidents to the CSIRT. What are essential sectors? Energy like electricity, oil and gas; Transport; Banking; Financial market infrastructures; Health sector; Drinking water supply and distribution; and Digital Infrastructure like IXPs, DNS service providers and TLD name registries. This list should be done by 9 November 2018.


As operators of essential services, Member States have to identify digital service providers as well, and these should report incidents to the CSIRT too. What types of digital services they have to identify? Online marketplace, online search engines and cloud computing services. This list, along with the operators of essential services, should be done by 9 November 2018.


Each Member State shall designate one or more CSIRTs (Computer Security Incident Response Team) with adequate resources to effectively carry out their tasks. CSIRT can use the CSIRT Networks for cooperation and to be able to do their tasks efficient and effective. This team should be done, and performing their tasks, by 9 February 2017.


The CSIRTs Network is composed of representatives of the Member States' CSIRTs and CERT-EU, where the Commission and ENISA also participate. Their tasks are exchanging information, discussing and identifying a coordinated response to an incident within the EU; provinding Member States with support in addressing cross-border incidents; discussing, exploring and identifying further forms of operational cooperation; informing the Cooperation Group of its activities; discussing lessons learnt; issuing guidelines in order to facilitate the convergence of operational practices, etc.


Each Member State shall designate a national single point of contact who exercise a liaison function to ensure cross-border cooperation. In addition, this single point of contact should be able to consult and cooperate with the relevant national law enforcement authorities and national data protection authorities. By 9 August 2018, and every year thereafter, the single point of contact shall also submit a summary report to the Cooperation Group on the notifications received, including the number of notifications, the nature of notified incidents and the actions taken.


The European Network and Information Security Agency helps Member States in developing national strategies on the security of NIS and in developing national CSIRTs. Moreover, ENISA collaborates with the Cooperation Group to exchange best practice between Member States and helps them in building capacity to ensure the security of networks and information systems.


The Cooperation Group will support, facilitate strategic cooperation and exchange information among Member States with the goal of developing trust and confidence with a view of achieving a high common level of security of network and information systems in the Union. By 9 August 2018, and every year and a half thereafter, the Cooperation Group shall also prepare a report assessing the experience gained with the strategic cooperation. In addition, this group, along with the CSIRTs networks, shall begin to perform their tasks by 9 February 2017.


The Commission will submit a report to the European Parliament and to the Council assessing the consistency of the approach taken by Member States in the identification of the operators of essential services by 9 May 2019. Moreover, the commission will also take into account the reports of the Cooperation Group and the CSIRTs network on the experience gained at a strategic and operational level for reporting to the European Parliament and to the Council by 9 May 2021.

And this is all we have till now. Next step? Developing the Cooperation Group and CSIRTs by next February. We'll wait for it.

Regards my friends, drop me a line with the first thing you are thinking!!!