ENISA publishes joint supervision tool for telecom security

The joint framework is intended as a tool for authorities supervising the electronic communications sector in accordance with Article 13a and Article 4.  The benefits from the development of this single framework are two-fold:

  • for telecom providers: simplifies compliance
  • for authorities (telecom regulators, data protection authorities): enables consistent supervision and facilitates collaboration between authorities, nationally and cross-border.

The framework contains 26 high-level security objectives, grouped in 7 domains. Each security objective is marked to indicate relevance for Article 13a and/or Article 4. For every security objective detailed security measures are listed as well as evidence that measures are applied. To highlight the fact that one size does not fit all, measures are grouped in 3 sophistication levels: basic, industry-standard, state-of-the-art.

Staffan Lindmark, Deputy Head of Section at the Swedish Post and Telecom Authority and member of ENISA’s expert group of Telecom Regulators, said on the initiative: “Access to dependable electronic communications is vital in today’s society. Together, Article 13a and Article 4 form a comprehensive network and information security regulation for the telecom sector, which aims to ensure that users are provided with services that are reliable, and that the vast amount of data that is being transferred across the communications networks every day, is sufficiently protected. The joint framework developed by ENISA enables competent authorities to apply these rules in a consistent way across Europe.”

ENISA’s Executive Director, Udo Helmbrecht commented on the project: “Security is a complex topic with a top priority for the EU. We have to avoid overlaps and inconsistencies between different laws. Experts from national authorities highlight there is roughly an 80 % overlap in the security measures that the telecom providers need to take to protect the security of networks and services, and the processing of personal data. ENISA acts as a liaison among the telecom regulators, the data protection authorities and the providers with the goal to assist Member States in implementing the legislation effectively and cost-efficiently.”

The framework was developed with input from a group of experts from competent national authorities (NRAs and DPAs), based on earlier experience and discussions about how to supervise Article 13a and Article 4. The report follows the ENISA Article 13a guideline on security measures and subsumes the technical and organisational measures addressed in the ENISA Recommendations for technical implementation of Article 4 (Section 5.2).  ENISA will continue its work together with the national authorities across the EU and provide support in the supervision of security measures in the telecom sector.

For full report please click here



Neueste Artikel

Städte und Gemeinden sehen auch nach den Ergebnissen der Neuauflage des Zukunftsradar Digitale Kommune im Jahr 2019 einen hohen Nutzen durch die Digitalisierung. Gleichzeitig werden auch in diesem…

Die Startups in Deutschland werden skeptischer. Aktuell sagen nur noch 39 Prozent der Gründer, dass sich in den vergangenen zwei Jahren die Lage für ihr eigenes Startup verbessert hat….

Seit Mai 2019 stellt das BSI ein zweistufiges Schulungskonzept zum Erwerb eines neuen Nachweises zum IT-Grundschutz-Praktiker und IT-Grundschutz-Berater zur Verfügung. Auf der BSI-Webseite steht nun der Antrag zur Zertifizierung…