OpenLobby.EU
Explore

Symantec Corporation

SYMC

Symantec Corporation provides global cybersecurity solutions, including identity protection and threat detection services.

Lobbying Activity

Meeting with Carl-Christian Buhr (Cabinet of Commissioner Mariya Gabriel)

5 Sept 2018 · ePrivacy, Cybersecurity, AI

Meeting with Laure Chapuis-Kombos (Cabinet of Vice-President Andrus Ansip), Vivian Loonela (Cabinet of Vice-President Andrus Ansip)

5 Sept 2018 · E-Privacy, Cybersecurity Act

Meeting with Věra Jourová (Commissioner) and

4 Sept 2018 · GDPR

Meeting with Laure Chapuis-Kombos (Cabinet of Vice-President Andrus Ansip)

23 Feb 2018 · e-Privacy Regulation

Meeting with Carl-Christian Buhr (Cabinet of Commissioner Mariya Gabriel)

24 Jan 2018 · Cybersecurity package, ENISA, ePrivacy

Meeting with Gertrud Ingestad (Director-General Informatics)

23 Jan 2018 · Handshake

Meeting with Věra Jourová (Commissioner) and

23 Jan 2018 · GDPR, e-Privacy

Meeting with Andrus Ansip (Vice-President) and

23 Jan 2018 · Cybersecurity, e-privacy

Meeting with Wojtek Talko (Cabinet of Commissioner Věra Jourová)

30 Oct 2017 · E-Privacy, GDPR

Response to Commission Implementing Regulation pursuant Art 16(8) of NIS Directive

10 Oct 2017

The proposed measure covers the key tenets of cyber resilience with two exceptions: Article 2(1) should include a sub-paragraph specifically on information security, which is distinct from network and system security as referenced in (c) and (d). Many disruptive cyber-incidents happen by compromising the integrity of information without necessarily impacting the functioning of the information networks and/or systems in which that compromised information resides. Stuxnet for instance sabotaged critical infrastructure by conveying wrong data over undisrupted networks, and ransomware often compromises data in systems that are otherwise up and running. This is adequately recognised in the proposed article 3(4) but needs to be reflected also in corresponding provisions under article 2(1). Additionally, there should also be a requirement for software vulnerability assessment, as such a vulnerability can sometimes suffice to undermine any and all other tenets of cyber resilience. To guide digital service providers’ efforts in that respect, in line with recital 2, article 2 of the implementing regulation could include an additional paragraph requiring providers to carry out and regularly maintain network and information security impact assessments so as (i) to document the process by which they assess and manage all ‘security elements’ listed in article 2, and (ii) to prepare in advance for the rapid and efficient evaluation of the impact of incidents if they occur. For the sake of accuracy, the term ‘anomalous events’ in article 2(2)(a) should be defined in a recital by reference to concepts of statistical sciences, such as for instance: ‘departure of a system’s performance or behaviour metrics from a pre-established variance baseline in a proportion that exceeds the acceptable standard error’. To help DSPs demonstrate their compliance with their obligations under the NIS Directive – especially to their customers who will often inquire about it – and to avoid the fragmentation of the Digital Single Market through national supervisory authorities referencing national standards, article 2(5) of the implementing measure should explicitly reference at least one example of an internationally recognised compliance framework which DSPs can certify against such as ISO27001/27002. The ‘substantial impact’ thresholds defined in article 4 are generally relevant. However, because the actual impact of incidents is often difficult to gauge accurately, and because evaluations are likely to increase over time as incidents get investigated, the wording of the introductory sentence of paragraph 1 should be refined to read: “An incident shall be considered as having a substantial impact where at least one of the following situations has taken place or is reasonably likely to take place:” This would ensure that incidents that have the potential of being or becoming significant are reported even before any of the absolute thresholds defined in article 4 is actually met. Finally recital 11 encourages providers to voluntarily report incidents whose characteristics have been previously unknown to them such as new exploits, attack-vectors, vulnerabilities and hazards. This is an understandable and welcome recommendation but it falls short of creating a real incentive. The kind of information mentioned here is highly sensitive, its voluntary sharing is difficult and can only happen in trusted circles with adequate information release control (e.g. Traffic Light Protocol) in place. For the recommendation to become an effective incentive, it would need to come with the explicit provision of safeguards against self-incrimination of the reporting service provider, as well as against any undue liability whether under privacy, intellectual property, competition, criminal or other rules governing the disclosure of sensitive information. A specific article in the implementing measure could be introduced to that effect, by reference to article 16(3) of the NISD.
Read full response

Meeting with Vivian Loonela (Cabinet of Vice-President Andrus Ansip)

10 Oct 2017 · cyberinsurance

Meeting with Carl-Christian Buhr (Cabinet of Commissioner Mariya Gabriel)

3 Oct 2017 · ePrivacy and cybersecurity

Meeting with Věra Jourová (Commissioner) and

6 Sept 2017 · Implementation of GDPR, EU-US Privacy Shiled, ePrivacy

Meeting with Andrus Ansip (Vice-President) and

5 Sept 2017 · Cybersecurity, e-privacy directive

Meeting with Julie Ruff (Cabinet of Commissioner Julian King)

5 Sept 2017 · Cybersecurity

Meeting with Andrus Ansip (Vice-President) and

10 Mar 2017 · Cybersecurity, free flow of data

Meeting with Severine Wernert (Cabinet of Commissioner Julian King)

27 Jan 2017 · Encryption

Meeting with Giorgios Rossides (Cabinet of Commissioner Dimitris Avramopoulos)

23 Jan 2017 · Digital Evidence

Meeting with Laure Chapuis-Kombos (Cabinet of Vice-President Andrus Ansip)

10 Dec 2015 · DSM, NIS, Safe harbour negociations

Meeting with Kevin O'Connell (Cabinet of Commissioner Věra Jourová)

30 Nov 2015 · GDPR

Meeting with Bodo Lehmann (Digital Economy)

28 Sept 2015 · Cybersecurity

Meeting with Polykarpos Adamidis (Cabinet of Commissioner Dimitris Avramopoulos)

29 May 2015 · Meeting with Symantec Corporation (Michael Brown, President and CEO, Ilias Chantzos, Senior Director EMEA, Global CIP and Privacy Advisor, Government Affairs) and Michael Palmer, DG HOME, Unit D2 Cybercrime

Meeting with Günther Oettinger (Commissioner)

26 May 2015 · Cybersecurity

Meeting with Andrus Ansip (Vice-President) and

26 May 2015 · Cybersecurity, privacy, cooperation with industry

Meeting with Laure Chapuis-Kombos (Cabinet of Vice-President Andrus Ansip)

5 Mar 2015 · Data protection and cyb ersecurity

Meeting with Laure Chapuis-Kombos (Cabinet of Vice-President Andrus Ansip)

27 Feb 2015 · Data protection and cybersecurity issues in relation to the Digital Single Market