In a report taking stock of progress made in implementing its EU-wide 2009 action plan, the European Commission has highlighted Member States' efforts to protect critical information infrastructures from cyber-attacks and disruptions. However, the report underlines that further action in this area is required, especially regarding the establishment of an efficient network of Computer Emergency Response Teams (CERTs) by 2012.

In its Communication on Critical Information Infrastructure Protection ‘Achievements and next steps: towards global cyber-security’, the European Commission stressed the key role playes by cyber security and the protection of critical information infrastructures for people and companies to trust the internet and other networks, which are among the key priority objectives of the Digital Agenda for Europe.

Recent events such as the attacks on the EU Emissions Trading System which caused important market disruptions and most recently on the European External Action Service and the Commission itself, have demonstrated that new and technologically more sophisticated cyber threats can disrupt or destroy vital societal and economic functions. For that reason, the report says, it is crucial to create a well functioning network of governmental/national Computer Emergency Response Teams (CERTs) in Europe by 2012, to organise more regular cyber attack simulations and to look into governance issues for the security of emerging technologies like cloud computing.

Main findings of the Critical Information Infrastructure Protection report

• A majority of Member States have now set up national/governmental Computer Emergency Response Teams (CERTs).
• Member States' cooperation is improving as a result of the regular exchanges on good policy practices via the European Forum for Member States, which was set up in 2009.
• Establishing the European Public-Private Partnership for Resilience (EP3R) was key to engaging the private sector in increasing the level of security of our digital environment and developing a solid information security market in Europe.

The report also outlines the way forward to reinforce international cooperation in this area. The Commission has already announced that it will engage with Member States and the private sector at national, European and international level by establishing CERTs in the remaining Member States and for the EU institutions by 2012, developing a European cyber-incident contingency plan by 2012, which will be based on national cyber incident contingency plans as well as organising both regular exercises at national level and pan-European cyber incident exercises like the 2010 exercise "Cyber Europe".

Furthermote, it will promote globally-agreed principles for the stability and resilience of the internet, establish strategic partnerships in this area with key non-EU countries and specially with the US, and will also seek the best governance strategies for emerging technologies with a global impact, such as cloud computing.