ENISA calls for an EU security response team

gallery

The European Union needs its own Computer Emergency Response Team (CERT) to handle community-wide IT threats.

This was the clarion call yesterday at the annual Network and Information Security (NIS) Summer School in Crete.

The call was made at the meeting of the influential European Network and Information Security Agency (ENISA), charged by the European Community with ensuring the security of Europe's information society.

"We are on the threshold of a new era in network and service infrastructures, called the Future Internet," said Constantine Stephanidis, director of the Institute of Computer Science at the Foundation of Research and Technology – Hellas (FoRTH). FoRTH is a co-sponsor of the event.

He said that Europe is seeing increasing bandwidth, a rapidly growing number of mobile devices, and new network services providing important economic and social opportunities. Along with these benefits, we are also seeing privacy and security challenges that need to be addressed, he added.

Romanian MEP Silvia Adriana Ţicău pointed out: “The role of ENISA needs to be extended because we live in an increasingly networked information society. ENISA should be given greater importance as an international coordinator and provide a Computer Emergency Response Team to protect EU institutions.”

She suggested that an initial stage would be for each member state to implement a national CERT by 2012.

The CERT concept is based on the US body based at Carnegie Mellon University in Pittsburgh. It was formed following the Morris worm incident, which brought 10 per cent of internet systems to a halt in November 1988.

The US CERT Coordination Centre (CERT/CC) watches for new attack methods, responds to major security incidents and analyses product vulnerabilities. It is part of the CERT Programme which develops products and promotes best practices to resist attacks on networked systems.

A report released at the Summer School highlights the difficulties that a European body would have to address. Academics in ENISA see the sharing of information between the public and private sector as crucial to combating new threats but businesses may be less cooperative.

The Information Sharing Exchange report identifies the most important barriers. Poor quality information, bad management and risks to the reputation of individual companies are seen as the main dangers that a CERT would have to overcome. Incentives would be to promote the cost savings and show the value that shared information can bring.

The study concludes with 20 recommendations on participation for public decision-makers and private sector stakeholders.

Email to a friend

Print this page