EU progressing on information infrastructure policy

Guidelines would strengthen computer security response centers across Europe, increase Internet resiliency

The European Union is refining a set of guidelines that would strengthen its ability to respond to computer security crises as well as ensure Internet infrastructure in member countries is more resilient.

In late March, the European Commission adopted a set of recommendations called the Critical Information Infrastructure Protection (CIIP).

The proposals seek to improve Europe's ability to cope with large-scale cyberattacks or disruptions, said Andrea Glorioso, a policy officer in the Commission's Directorate-General for the Information Society and Media. Glorioso gave a presentation at the Conference on Cyber Warfare on Thursday in Tallinn, Estonia.

The proposals call for a range of measures, including agreeing on minimum standards for the capabilities of European Computer Emergency Response Teams (CERTs), government-run agencies dedicated to computer security.

Other suggestions include creating an agency that would foster closer cooperation between the private sector and government to increase the resilience of networks that could fall under attack as well as improve information sharing between E.U. countries.

By the end of 2010, Europe also hopes to have a roadmap for the European Information Sharing and Alert System (EISAS), which would distribute information on cyberthreats to businesses.

The CIIP plan also calls for E.U. members to run national cybersecurity exercises with a view to holding pan-European network security exercises.

"We want to know how good we are," Glorioso said.

Another focus is Internet stability. The Commission will work to define principles and guidelines for ensuring the robustness of networks along with identifying what is critical infrastructure.

One main motivation for the plan is the impact that cyberattacks can potentially have on economies. Glorioso cited a figure from the World Economic Forum from 2008 that there is a 10 percent to 20 percent possibility that a major critical information infrastructure breakdown could cost the world US$250 billion.

It is difficult to definitively estimate the economic impact, but "we could lose a lot of money," Glorioso said.

E.U member states are embracing the plan. In April, countries discussed and endorsed the CIIP at a meeting in Tallinn, Estonia. Last month, the E.U. Telecommunications Council also gave the plan full support.

Workshops to refine the plan are scheduled through the end of the year. The Council of the European Union could put the plan to a vote as soon as December.

Join the CSO newsletter!

Error: Please check your email address.

Tags Critical Information Infrastructure ProtectionECeusecurity

More about European CommissionSAS

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts