New Agency to Ensure Internet Security in Europe Adam Eisner, theWHIR.com
From Web Hosting Monthly, June 2003 edition
June 27, 2003 — (WEB HOST INDUSTRY REVIEW) — The European Commission has introduced the first European cyber-security agency.
When the European Commission implemented its ambitious eEurope action plans, one of its main objectives was to promote connectivity throughout Europe in an effort to boost business and improve the quality of life on a Pan-European level.
Less heralded, but equally important, were the security implications that accompanied an ambitious plan like the eEurope initiatives. And as such, the European Commission (EC) recently introduced the European Network and Information Security Agency, Europe’s first cyber-security agency, which aims to improve the level of IT security throughout European Union member nations and facilitate the sharing of information between the IT security agencies of individual countries throughout the EU. The Commission hopes the agency will be fully operational by 2004.
One of the biggest problems related to IT security that currently faces Europe, the Commission says, is that the focus and preparedness of each country differs. What’s more, there is no effective mechanism for communication between countries regarding security threats, and vendors and operators face differing attitudes and regulations between countries. “All this leads to a lack of interoperability that impedes a proper use of security products and services,” the Commission said in a published proposal on the issue.
The proposal also pointed out that a Pan-European IT security agency was necessary now that the Internet and technology have become intertwined in the everyday lives of individuals. According to the EC, more than 90% of companies located within the European Union have an Internet connection, and most of those operate a Web site. What’s more, approximately 40 percent of households located within the European Union have Internet connections, and the recent proliferation of wireless networks means even more people and devices are now online.
“Network failures and computer crashes are no longer an isolated problem for computer specialists,” the Commission’s proposal for a security agency reads. “The malfunctioning of networks and information systems concerns everybody: citizens, businesses and public administrations.”
While the agency’s broad objective would be to create “common understanding” issues related to IT security, the EC does not want it to become a bureaucratic organization that becomes mired in policy issues. Instead, it wants the agency to have both advisory and coordinating functions, and would like it to assist businesses and governments combat genuine threats, like viruses and hackers. This means its duties would include setting standards, coordinating communication between emergency response teams, and assisting in the development of a European information society.
“Today, there is no systematic cross-border co-operation on network and information security between member states, although security issues cannot be an isolated issue for only one country,” said Erkki Liikanen, European Commissioner for Enterprise and Information Society, earlier this year. “There is no mechanism to ensure effective responses to security threats.”
Liikanen said that co-operation between government, business and individuals will be crucial to the agency’s success. Since most networks are privately owned, industry involvement is important, while the governments of each member state play a key role in developing and enforcing policy. A Pan-European security agency would be able to provide a centralized source for information and policy, which the EC feels is key given Internet security is not a regional issue, but a global one.
Over the next several years, broadband and wireless technologies are expected to continue to penetrate Europe’s homes and businesses. At the same time, the spread of malicious viruses like the SQL Slammer worm are expected to continue as well. Combine these factors with the heightened state of alert most governments and large companies have been operating in since the events of September 11, and it becomes obvious that a Pan-European agency is not just a good idea – it’s necessary.
Given the expected involvement of the public, private and government sectors, executing the concept will at times be a challenge, but with the creation of this new agency, the eEurope initiative is now a safer one than it was 12 months ago.
