ENISA talks up European security plans
Posted in: Legal, Privacy & Security at 29/05/2008 13:23
ENISA, the EU Agency for European Network and Information Security, has today been speaking about the most pressing online security risks facing internet users.
Hackers make way for criminals in cyberspace
Attacking the European Union's Internet backbone is now the preserve of organised crime, not young hackers out to prove a point, the head of the bloc's Web security body said on Tuesday.
Andrea Pirotti, executive director of the European Network and Information Security Agency (ENISA), said public authorities have been able to hold their own in the contest -- so far.
EU Internet agency urges action to avoid 'digital 9/11' [news release]
Cyber threats need to be tackled more vigorously by member states in order to preserve the European economy, said Europe's internet security agency as it showcased its achievements in Brussels on 27 May.
A co-ordinated approach to new security threats related to electronic communications is crucial, according to European Network and Information Security Agency (ENISA) Executive Director Andrea Pirotti. "Infosecurity is a serious concern," he said, adding that unless action is taken by member states to alleviate the problem of emerging threats ranging from spam to full on cyber-attacks, "critical infrastructures could collapse".
"We don't want a digital 9/11," said Pirotti.
ENISA was set up three years ago to enhance network and information security in the EU. Currently, 30% of global trade is digitally dependent, which is why ENISA is pushing member states to become more aware of information security threats.
One of the agency's key aims is to secure safe e-communications for SMEs, as these make 99% of businesses in the EU but often do not know how to implement security measures.
According to Pirotti, EU companies already spent a massive €64.5 billion in 2007 on tackling spam emails - double what they spent in 2005, only 6% of which actually make it into our inboxes. However, this was "only the tip of the iceberg" as spam was "growing in quantity, size and bandwidth".
Another aspect of work the agency highlighted was its focus on combating cyber attacks, such as those experienced in Estonia in Spring 2007 (EurActiv 13/02/08), through the use of 'digital fire brigades'. These 'Computer Emergency Response Teams' (CERTs) are now present in 14 member states, with about ten more scheduled to be created in the next two years.
Pirotti urged governments to concentrate on alleviating the "information security imbalance" between them. In this regard, ENISA is calling for the "EU to introduce mandatory reporting on security breaches" in member states and to enhance cross-border cooperation. ENISA has already acted as a broker between member states and engaged in information sharing in awareness raising campaigns in Hungary, Bulgaria, Slovenia, Finland and the Netherlands among others.
Social networking sites were described as providing a useful social function, but ENISA officials warned against the privacy dangers associated with these websites, warning of a possible 'digital hangover' if personal information is shared unknowingly. ENISA called for a review on the Directive on privacy and electronic communications to address these concerns.
Nevertheless, Pirotti conceded that we would have to "live in uncertainty" due to the potential size of the security threat.
Pirotti wants ENISA to become a hub of expertise for at least fifteen member states. Due to a sunset clause, this could last up to its expected closure in 2012, according to a Commission spokesperson.