<h2>Hi</h2>

Digital Agenda: Commission reviews Member States' protection against cyber attacks

4 Apr 2011 09:42 AM

In a report taking stock of progress made in implementing its EU-wide 2009 action plan, the European Commission praises Member States' efforts to protect critical information infrastructures from cyber attacks and disruptions (see IP/09/494). However, the report underlines that further action in this area is required, notably to establish an efficient network of Computer Emergency Response Teams (CERTs) by 2012. Cyber security and the protection of critical information infrastructures are vital for people and companies to trust the internet and other networks and are a key priority of the Digital Agenda for Europe (see IP/10/581, MEMO/10/199 and MEMO/10/200).

Neelie Kroes, Commission Vice-President for the Digital Agenda said: "Europeans need and expect to have access to secure, resilient and robust online networks and services. In the past two years we have achieved significant progress but we must step up our efforts in the EU and at the global level to address ever-changing cyber-threats."

Recent events have demonstrated that new and technologically more sophisticated cyber threats can disrupt or destroy vital societal and economic functions. Examples include the attacks on the networks of the French Finance Ministry prior to the G20 summit, on the EU Emissions Trading System and most recently on the European External Action Service and the Commission itself. These events demonstrate the need to create a well functioning network of governmental/national Computer Emergency Response Teams (CERTs) in Europe by next year, to organise more regular cyber attack simulations and to look into governance issues for the security of emerging technologies like cloud computing.

The main findings of the report are:

  • A majority of Member States have now set up national/governmental Computer Emergency Response Teams (CERTs),.

  • Member States' cooperation is improving as a result of the regular exchanges on good policy practices via the European Forum for Member States, which was set up in 2009.

  • Establishing the European Public-Private Partnership for Resilience (EP3R) was key to engaging the private sector in increasing the level of security of our digital environment and developing a solid information security market in Europe.

The report outlines the way forward to reinforce international cooperation in this area. The Commission will engage with Member States and the private sector at national, European and international level by:

  • establishing CERTs in the remaining Member States and for the EU institutions by 2012,

  • developing a European cyber-incident contingency plan by 2012, which will be based on national cyber incident contingency plans;

  • organising both regular exercises at national level (only 12 Member States have done so to date), and pan-European cyber incident exercises like the 2010 exercise "Cyber Europe" (see IP/10/1459),

  • promoting globally-agreed principles for the stability and resilience of the internet;

  • establishing strategic partnerships in this area with key non-EU countries (notably with the US), as well as promoting the discussion in international fora such as the G8,

  • seeking the best governance strategies for emerging technologies with a global impact, such as cloud computing.

Background

In March 2009, the Commission adopted a Communication on Critical Information Infrastructure Protection – ‘Protecting Europe from large scale cyber-attacks and cyber-disruptions: enhancing preparedness, security and resilience’ (COM(2009)149) which set out an Action Plan to protect critical information infrastructures by making the EU more prepared for and resistant to cyber attacks and disruptions.

The 2010 Digital Agenda for Europe stressed the importance of trust and security and highlighted the pressing need for all stakeholders to join forces and develop effective and coordinated mechanisms to respond to new and increasingly sophisticated cyber risks.

On 30 September 2010, the Commission adopted a proposal to strengthen and modernise the European Network and Information Security Agency (ENISA) (IP/10/1239).

The full text of the Communication on Critical Information Infrastructure Protection ‘Achievements and next steps: towards global cyber-security’:

http://ec.europa.eu/information_society/policy/nis/strategy/activities/ciip/index_en.htm

Neelie Kroes' website: http://ec.europa.eu/commission_2010-2014/kroes/

Digital Agenda website:

http://ec.europa.eu/information_society/digital-agenda/index_en.htm

Follow Neelie Kroes on Twitter:

http://twitter.com/NeelieKroesEU