MEPs approve strengthen the European Network and Information Security Agency
MEPs at the Industry Committee want to prolong the European Network and Information Security Agency mandate further than 2013. The reason behind the extension is that ENISA can help the EU, Member States and private stakeholders to develop their capabilities to prevent, detect and respond to network and information security problems and incidents.
The European Network and Information Security Agency (ENISA) whose current mandate expires in September 2013, could be extended and strengthen after such date in order to help the EU, Member States and private stakeholders develop their capabilities and preparedness to prevent, detect and respond to cyber-attacks. The Industry Committee at the European Parliament approved to prolong its mandate further than 2013, for seven more years.
In addition, the proposal approved also include strengthen the ENISA's governance structure with a stronger supervisory role for the Management Board. ENISA has its seat in Heraklion. However, according to an EP amendment, technical staff engaged in the operational implementation of its mandate should be based in a branch office in Athens.
According to the proposal approved by the Industry Committee, in the event of a severe cyber-threat, and at the request of a Member State or an EU institution or body, ENISA will assist it in operational tasks to secure the affected network or data. Furthermore, ENISA will support the establishment and the functioning of a full-scale European Union Computer Emergency Response Team (EU CERT) if the proposal is adopted, to counter cyber attacks against the EU institutions, bodies and agencies. In December 2011, ENISA published a study which shows the legal and regulatory aspects of information sharing and cross-border collaboration of national/governmental Computer Emergency Response Teams (CERTs) in Europe. It should also require the agency to promote and support cooperation among national CERTs in Member States and EU CERTs in the event of incidents, attacks or disruptions on networks or infrastructure managed or protected by them.