...
Supported by NIS Coordination Group but work of this group is not yet clear.
NREN Overviews
NREN / Speaker | Notes | Critical Infrastructure? |
|---|---|---|
JISC: Henry Hughes | NCSC Cyber Essentials. Required for offering services to UK gov. Minimum standard, aimed at SMEs. Checklist - self assessed. NCSC Cyber Assurance Framework. Required for UK public sector. Outcome based, auditor assessed. UK Telecomms Security Act Center for Internet Security Critical Secutity Controls v8 NIST CyberSecurity Framework v.1.1 Looking to map all of these to create a single picture of complex framework | not required to comply with NIS2 currently |
DFN: Christian Grimm | Big question for DFN - what will change? Not enough information at the moment. It is on the NREN to decide whether it is a critical infrastructure or not. No one is going to announce this. Around 20 criteria to look at, some are fairly arbitrary regarding thresholds - these are national criteria. Parts of NREN might be declared critical infrastructure, not necessarily the whole organisation. Certificate Service has been declared critical infrastructure. | Partly - has defined certificate service as critical infra |
MARNET: Vladislav Bidikov | Government making new strategies - Cybersecurity Strategy in discussion phase but based on NIS2. Very slow process, still in initial discussions before first draft. Synchronisation between strategies complex as crosses different departments. MARNET supporting discussions. Jumping straight to NIS2 but there needs to be more of a baseline first. Moving to reality will be some way out, but pressure of joining EU is driving this. | not required to comply with NIS2 currently |
HEANET: Brian Nisbet | Government CyberSecurity Baseline standard - HEANET doing some auditing against that. Irish NCSC don’t think they will have anything this year. Expecting new legislation to go through in 2024. | |
DEIC: Henrik Larsen | Contacting agency for education and research for guidance but not much information at the moment. Part of National Cyber Information Strategy which covers 22-24. DEIC is running an internet exchange so NIS2 must apply. | yes - internet exchange |
SURF / GÉANT: Ilse Koning / Alf Moens | Have reached out to the government and hope to talk directly with the ministry of education but that is lack of clarity. Implementation text is being written at the moment and will be out for consultation later this year. Want to do an impact analysis later. Alf notes that this is also the same situation for GÉANT. SURF has clearly been established NOT as a telecom. Supply chain responsibility is a “catch” that might cause problems if one of your constituency is in scope. Difficult to speak to "an" authority as this is split across the sectors. Not enough expertise within these authorities. | |
RESTENA: Gilles Massen | Current information is informal. For timeline, NIS authorities themselves won’t be ready in time so won’t be able to enforce. Lack of consensus in working groups as to whether R&E is covered. May be important or essential entity but do not expect us to be a priority for the authorities. Would be good to have a commonality of approach to sectors and who is covered or not (based on DNS?). | |
LITNET: Sarunas Grigaliunas | NCSC in Lithuania has been appointed at this authority. Have not started on requirements. LITNET has started using Security Baseline to position themselves. Have identified that they do have a critical infrastructure: DNS. Will create a group to help ministry of education to manage this process. | yes - DNS service. |
CARNET: Ivana Jelacic | Part of a working group to help define requirements. Not able to share information out of this group yet. | yes - registry for .hr and national CERT |
...