Cybersecurity Task Force at ASECAP Days 2023
Download as PPTX, PDF0 likes27 views
This document discusses the launch of a Cybersecurity Task Force within ASECAP to address cybersecurity issues in the road transportation sector. It notes that while most industries have undergone digital transformation, the road sector's cybersecurity maturity is still developing. The task force aims to initially represent the sector to the European Union Agency for Cybersecurity (ENISA). It conducted a questionnaire of ASECAP members that found most operate critical digital services but few have certified security governance. The task force seeks to increase harmonization of cybersecurity postures among members and engage in international cooperation activities.
Cybersecurity Task Force at ASECAP Days 2023
- 1. ASECAP’S COPER III TASK FORCE ON CYBERSECURITY MASSIMILIANO MASI <mmasi@autostrade .it> AUTOSTRADE PER L’ITALIA
- 2. 11-10-2023 TASK FORCE CYBERSECURITY 2 THE TASK FORCE • Cybersecurity is a key aspect of the everyday life of citizens Most industrial activities underwent the digital transformation • The Road Transportation sector is not yet mature No common understanding on what to protect No common guidance on how to protect No common method to respond to incidents A Cybersecurity Task Force has been launched in ASECAP under the COPER III initially to represent the stakeholder sector with ENISA
- 3. 11-10-2023 TASK FORCE CYBERSECURITY 3 THE LEGAL CONTEXT • The EU commission regulate sectors with High Criticality with the NIS 2 Directive (EU 2022/2555) Road Authorities are mentioned in Annex I • The NIS 2 directive must be implemented by each member state • Other sectors already adopted cybersecurity countermeasures to fulfil the NIS requirements
- 4. 11-10-2023 TASK FORCE CYBERSECURITY 4 THE ASECAP TASK FORCE QUESTIONNAIRE Divided in four parts • Part 1: to discover which NIS-digital services are operated and how the member states regulated them • Part 2: to discover the status of the cybersecurity governance of the associates (ISMS, CSMS) • Part 3: to discover the cybersecurity organization of the associates • Part 4: to discover the international activities ongoing Innovation Activities • Activity 1: Stocktaking the existent MS regulations and provide a guideline • Activity 2: initiate a standardization effort to as other sectors • Activity 3: cybersecurity is scarce. Provide a set of curricula to have good candidates • Part 4: Engagement international bodies Received answers from 8 ASECAP members representing around 40 companies
- 5. 11-10-2023 TASK FORCE CYBERSECURITY 5 MAIN FINDINGS • ASECAP members operate services with high criticality falling under the NIS 2 definition (e.g., Traffic Management, ITS) • 2/8 EU member states adopted specific regulations • Only 3 companies operates a certified governance (Information Security Management System) • Few companies have a CISO and run a Cyber Risk Assessment • 5/9 ASECAP members want to join the task force to increase their cybersecurity posture in a harmonized way among the concessionaries and engaging in international activities
- 6. 6 THANK YOU • Massimiliano Masi - mmasi@autostrade.it • +393420001300 • Joint work with Lara Malfatti and Fabrizio Paoletti