際際滷

際際滷Share a Scribd company logo
ASECAPS COPER III
TASK FORCE ON
CYBERSECURITY
MASSIMILIANO MASI
<mmasi@autostrade
.it>
AUTOSTRADE PER
LITALIA
11-10-2023 TASK FORCE CYBERSECURITY 2
THE TASK FORCE
 Cybersecurity is a key aspect of the
everyday life of citizens
Most industrial activities underwent the
digital transformation
 The Road Transportation sector is not
yet mature
No common understanding on what to
protect
No common guidance on how to protect
No common method to respond to
incidents
A Cybersecurity Task Force has been
launched in ASECAP under the COPER
III initially to represent the
stakeholder sector with ENISA
11-10-2023 TASK FORCE CYBERSECURITY 3
THE LEGAL CONTEXT
 The EU commission regulate sectors
with High Criticality with the NIS 2
Directive (EU 2022/2555)
Road Authorities are mentioned in Annex
I
 The NIS 2 directive must be
implemented by each member state
 Other sectors already adopted
cybersecurity countermeasures to
fulfil the NIS requirements
11-10-2023 TASK FORCE CYBERSECURITY 4
THE ASECAP TASK FORCE
QUESTIONNAIRE
Divided in four parts
 Part 1: to discover which
NIS-digital services are
operated and how the
member states regulated
them
 Part 2: to discover the
status of the cybersecurity
governance of the
associates (ISMS, CSMS)
 Part 3: to discover the
cybersecurity organization
of the associates
 Part 4: to discover the
international activities
ongoing
Innovation Activities
 Activity 1:
Stocktaking the
existent MS
regulations and
provide a guideline
 Activity 2: initiate a
standardization
effort to as other
sectors
 Activity 3:
cybersecurity is
scarce. Provide a set
of curricula to have
good candidates
 Part 4: Engagement
international bodies
Received answers from 8 ASECAP members
representing around 40 companies
11-10-2023 TASK FORCE CYBERSECURITY 5
MAIN FINDINGS
 ASECAP members operate services with high
criticality falling under the NIS 2 definition
(e.g., Traffic Management, ITS)
 2/8 EU member states adopted specific
regulations
 Only 3 companies operates a certified
governance (Information Security
Management System)
 Few companies have a CISO and run a Cyber
Risk Assessment
 5/9 ASECAP members want to join the task
force to increase their cybersecurity
posture in a harmonized way among the
concessionaries and engaging in
international activities
6
THANK YOU
 Massimiliano Masi -
mmasi@autostrade.it
 +393420001300
 Joint work with Lara
Malfatti and Fabrizio
Paoletti

More Related Content

Cybersecurity Task Force at ASECAP Days 2023

  • 1. ASECAPS COPER III TASK FORCE ON CYBERSECURITY MASSIMILIANO MASI <mmasi@autostrade .it> AUTOSTRADE PER LITALIA
  • 2. 11-10-2023 TASK FORCE CYBERSECURITY 2 THE TASK FORCE Cybersecurity is a key aspect of the everyday life of citizens Most industrial activities underwent the digital transformation The Road Transportation sector is not yet mature No common understanding on what to protect No common guidance on how to protect No common method to respond to incidents A Cybersecurity Task Force has been launched in ASECAP under the COPER III initially to represent the stakeholder sector with ENISA
  • 3. 11-10-2023 TASK FORCE CYBERSECURITY 3 THE LEGAL CONTEXT The EU commission regulate sectors with High Criticality with the NIS 2 Directive (EU 2022/2555) Road Authorities are mentioned in Annex I The NIS 2 directive must be implemented by each member state Other sectors already adopted cybersecurity countermeasures to fulfil the NIS requirements
  • 4. 11-10-2023 TASK FORCE CYBERSECURITY 4 THE ASECAP TASK FORCE QUESTIONNAIRE Divided in four parts Part 1: to discover which NIS-digital services are operated and how the member states regulated them Part 2: to discover the status of the cybersecurity governance of the associates (ISMS, CSMS) Part 3: to discover the cybersecurity organization of the associates Part 4: to discover the international activities ongoing Innovation Activities Activity 1: Stocktaking the existent MS regulations and provide a guideline Activity 2: initiate a standardization effort to as other sectors Activity 3: cybersecurity is scarce. Provide a set of curricula to have good candidates Part 4: Engagement international bodies Received answers from 8 ASECAP members representing around 40 companies
  • 5. 11-10-2023 TASK FORCE CYBERSECURITY 5 MAIN FINDINGS ASECAP members operate services with high criticality falling under the NIS 2 definition (e.g., Traffic Management, ITS) 2/8 EU member states adopted specific regulations Only 3 companies operates a certified governance (Information Security Management System) Few companies have a CISO and run a Cyber Risk Assessment 5/9 ASECAP members want to join the task force to increase their cybersecurity posture in a harmonized way among the concessionaries and engaging in international activities
  • 6. 6 THANK YOU Massimiliano Masi - mmasi@autostrade.it +393420001300 Joint work with Lara Malfatti and Fabrizio Paoletti