The Directive on Security of Network and Information Systems (NIS Directive) aims to achieve a high common level of network and information systems security across the European Union. NIS will improve cyber security capabilities at the national level; increase cooperation on cyber security among EU member states; and introduce security measures & incident reporting obligations for operators of essential services (OESs) in critical national infrastructure and digital service providers (DSPs). In addition to this, financial institutes [being one of these operators of essential services] are subjected to the revised Payment Services Directive, effective from 13 January 2018. The PSD2 aims in particular at ensuring that all payment services offered electronically are carried out in a secure manner, adopting technologies able to guarantee the safe authentication of the user and to reduce, to the maximum extent possible, the risk of fraud.
The Impact of the NIS & PSD2 Directive
On Member State governments:
Member States themselves are required to be appropriately equipped, e.g. via a Computer Security Incident Response Team (CSIRT) and a competent national NIS authority. They must take part in cross border activities and join a cooperation group to ensure cooperation among all the Member States, to support and facilitate strategic cooperation and the exchange of information. They will also need to set a CSIRT Network, in order to promote swift and effective operational cooperation on specific cybersecurity incidents and sharing information about risks. In addition to this, each Member State must identify the businesses in sectors that are vital for our economy and society and moreover rely heavily on ICTs and ensure that they take appropriate security measures and notify serious incidents to the relevant national authority. They are required to set their own national rules on financial penalties and must take the measures necessary to ensure that they are implemented. [It is likely that Member States will implement tough penalties similar to that of the GDPR].
On operators of essential services and digital service providers
The NIS Directive will introduce security measures and incident reporting obligations to these entities including financial penalties if these obligations are not met. They must take appropriate technical and organizational measures to secure their network and information systems; Take into account the latest developments and consider the potential risks facing the systems; Take appropriate measures to prevent and minimize the impact of security incidents to ensure service continuity; and notify the relevant supervisory authority of any security incident having a significant impact on service continuity without undue delay.
Banks face an additional challenge with the revised Payment Services Directive [PSD2]
In addition to this, financial institutes [being one of these operators of essential services] are subjected to the revised Payment Services Directive, effective from 13 January 2018. The PSD2 aims in particular at ensuring that all payment services offered electronically are carried out in a secure manner, adopting technologies able to guarantee the safe authentication of the user and to reduce, to the maximum extent possible, the risk of fraud.
• Implementation of the NIS Directive, by Member State representatives
• Key learnings from Critical Infrastructure Operators, keynotes & panel discussions
• Preventive measures, active monitoring
• Incident Response & breach notification
• Additional challenges for Banks: Open Banking Revolutions & PSD2 RTS Security Challenges
• Opening Keynote: Cyber Security, EU Directives & the impact on Enterprises, by the Chair of VBO - The Belgian Federation of Enterprises [Confirmed]
• Panel Discussion: Impact of NIS, with representatives from Critical Infrastructure Operators [Confirmed]
• Panel Discussion: Impact of PSD2, with representatives from Banks [Confirmed]
• Experiences from France - Work from ANSSI : Requirements Framework for Security Incident Detection Service Providers & Operational Cooperation between Member States [TBC]
On 15 February 2018, the French Parliament voted in favour of the legislative proposal on the NIS Directive, thus making an important step towards the full transposition into France’s national law. As the French coordinator for the transposition, ANSSI welcomes the adoption of the law and is working alongside all relevant stakeholders to prepare all the executive acts (decrees) that will follow. Building on ANSSI’s and operators’ experience, the transposition benefitted from the work already accomplished within the framework of the implementation of the 2013 “Critical Infrastructures Information Protection” (CIIP) law co-drafted with public and private operators. ANSSI is particularly supportive of the operational cooperation established between EU Member States, through the existing cyber security incident response teams (CSIRTs) network which was created by the NIS directive. The large-scale attacks that all countries face in 2017 confirmed the need for an overall threat evaluation and enhanced coordination in handling incidents.
• Pierre Buijsman, Senior Technical Director at FireEye [Confirmed]
Pierre Buijsman currently serves as the Sr Technical Director for the Nordics and Benelux at FireEye. Mr Buijsman has been working in the cyber security space for the last 15 years and prior to his work he worked in similar roles at Blue Coat and Cisco. Mr Buijsman is a frequent speaker at public events and works closely with the top companies within the public and private sector. In his current role he leads the technical sales team of FireEye and is a trusted advisor for many governmental institutions, financials and high tech companies.
• Member State representatives and ENISA representative: NIS expectations & Requirements, speaker [TBC]
• Breach notification as part of your Incident Response Plan & Operations, by Resilient Systems - an IBM Company [TBC]
• Ulrich Seldeslachts, CEO of LSEC [ Confirmed ]
Ulrich Seldeslachts is executive director of LSEC.eu, a not for profit industry association focused on Cyber Security and Data Protection in Europe, based in Belgium and with operations in the Netherlands, UK and Germany. As a spinoff of KU Leuven university, LSEC is a thought leader on Cyber Security since 2002. LSEC is actively involved in initiatives and collaboration projects in data protection, Cyber Threat Intelligence (CTI), Insider Threats, , Cyber Security Market Analysis, Industrial Cyber Security and targeting Organized Crime and Terrorist Networks from a Cyber Crime perspective. LSEC has been a contributing partner to the European Network and Information Security Directive (NIS) in the WG3 on secure ICT research and innovation, and has been a local awareness informer in UK, Luxemburg, France, the Netherlands and Belgium.
• Pepijn Janssen, Founder & CTO at RedSocks [Confirmed]
At the start of the millennium Pepijn was recruited by the Cyber Crime unit of the National Police Agency while still doing his computer sciences studies. 4 years later he joined the High Tech Crime Center of Europol to combat Cyber Crime on a larger scale. From 2008 he worked as independent consultant in the areas IP-interception and botnet monitoring. He founded RedSocks in 2012.
• eIDAS Certificates by QSTP to power PSD2 trust ecosystem, by Kannan Rasappan – Open Banking / PSD2 Architect & Founder of PSD2 Enabler [Confirmed]
PSD2 RTS mandates secure communication between Third Party Providers (TPPs) and ASPSP. eIDAS standard can help to address this with its QWAC & QCSEAL. QWAC between the parties need to build mutually authenticated TLS while QCSEAL authenticates origin of application message with legal assurance. eIDAS is being adapted to include PSD2 specific attributes and a technical standard is likely to be published by May 2018. In this presentation I will go over PSD2 requirements and how eIDAS can help along with a demo with test certs with a QTSP.
About Kannan: Kannan is a hands on Solution Architect actively involved in PSD2 Compliant IAM implementation in Tier-1 Banks like RBS, HSBC, Worldpay and Lloyds Banking Group. He is a strong advocate on adopting industry standards and advising organisations on Best practices for an end to end IAM solution. Annan has explored GDPR impacts on banks and AISP/PISPs (third parties) who will consume banking data. Kannan is an Applied Mathematics post-graduate who started career as backend developer in 2000 & has worked on diverse domain in varying capacity leading up to architect role in IAM. He has been an entrepreneur at heart, co-founded a big data company and is an active member in security & payments Hackathons.
• Nick Caley, Vice President Privacy & Security at ForgeRock [TBC]
With twenty years' experience covering all aspects of Information Security, Nick Caley has advised global clients in industry and government on security strategy and the operational capabilities that enable organisations to protect their most valuable assets. With ForgeRock, Nick is responsible for Financial Services and Regulatory with a focus on guiding organisations to deliver successful outcomes beyond compliance with GDPR, PSD2 and Open Banking.
Registration is now open for:
Free entrance for :
• LSEC Community Members: LSEC Expert Members for Industry & CISO Community
• Cyber Security Coalition Community Members
Registration will open April 5th for:
Discounted fee of EUR 100 for:
• Enterprise CISO’s / Security Managers
• Critical Infrastructure Operators
- Banking and financial market infrastructures;
- Digital infrastructure.
• NIS Directive "Significant Market Operators"
- cloud & data center operators
- internet and telecom services providers
• Government / CERTS / CSIRTs
• ISAC Members
EUR 350 Entrance Fee for:
• Companies that are offering Cyber Security Services and / or products [ and that are not a LSEC member]. Limited tickets are available, and partticipants must have the appropriate level of expertise to participate in the discussions
You may confirm your participation via the event registration page