Video on major cyber incident reporting in the electronic communications sector; (Article 13a Expert Group)
The electronic communications networks and services (internet access, mobile networks, IXPs, submarine cables etc.) are the backbone of the EU's digital society. The security of these networks and services is crucial, because incidents can have a major impact in the EU.
Obligations on service providers
Since 2009, the EU legislation (Article 13a in the Framework Directive of the Telecom Reform) asks EU countries to ensure that the electronic communications service providers are taking the right steps to protect the networks and services from incidents. Article 13a also obliges providers to report significant outages to government authorities, and in turn, asks government authorities to share these reports with the European Commission and ENISA.
In 2010, ENISA set up an expert group of experts from EU Member States (from regulators and ministries) to discuss and agree on how to implement Article 13a. The discussions focus, for example, on how to collect incident reports, and how to supervise that providers take appropriate security measures. In these meetings experts also discuss how to mitigate incidents and impact from incidents; for example by discussing frequent root causes, such as storms, human errors or malicious actions.
To highlight the importance of incident reporting and to explain how the Article 13a Expert Group works, we have made a 5 minute video, containing interviews with ENISA experts and some of the key stakeholders.
The work on Article 13a is especially important as a pilot for security legislation in other sectors. One of the pillars of the EU’s cyber security strategy is to extend Article 13a to cover also other sectors.
More information about the Article 13a expert group can be found at: https://resilience.enisa.europa.eu/article-13. Every year ENISA also publishes an annual report about the impact and causes of major outages in the electronic communications sector. Annual reports can be found at: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents-reporting/annual-reports
The video was launched in conjunction with a visit by the Swedish National Regulatory Agency, the Swedish Post and Telecom Authority, (“PTS”) to the ENISA Athens office.
The objective of the meeting was to give a comprehensive overview of ENISA activities, as PTS is the main Swedish contact and liaison point to other Swedish authorities for ENISA. More in detail, the meeting focused on incident reporting in the telecoms sector, according to Art13a, which lies under the responsibility of PTS.