Debate on EU network and information security policy at Council level

EU Ministers meeting at the Transport, Telecommunications and Energy Council session taking place in Brussels on June 11th 2009, held an exchange of views on network and information security policy. The debate focused on the issue of critical information infrastructure protection, on the future of the European Network and Information Security Agency (ENISA) as well as on the general direction of European efforts in this field.

Enhanced protection is particularly required for some information and communication technology systems, services and infrastructures which play a vital role for society, especially for businesses and public administration, and are therefore considered "critical information infrastructures". Their disruption, due to man-made attacks, natural disasters or technical failures, can cause huge economic damage.

Recent events such as the cyber-attacks against Estonia in 2007 and the fractures in transcontinental cables in 2008 show the vulnerability of modern information networks and underline the importance of protective measures aimed at ensuring continuation of critical services. European Commission already called earlier this year on the need to take action and join all related parties efforts to protect Europe from cyber-attacks and disruptions.

Besides, in the context of the umbrella initiative on EPCIP (European Programme on Critical Infrastructure Protection), the European Commission has recently adopted a Communication on Critical Information Infrastructure Protection "Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience."

The Communication proposes a series of short-medium term (until 2011) actions on security and resilience of CIIs, including: fostering pan-European cooperation between National/Governmental Computer Emergency Response; engaging the private sector in information sharing and dissemination of good practices with the public sector; supporting the sharing of information as well as good policy practices between Member States, thus stimulating a stronger European cooperation between Member States via national and multinational contingency plans and regular exercises for large scale networks security incident response, as well as disaster recovery and continuing the development of the criteria to identify European Critical Infrastructures for the ICT sector.

The debate held by the European Council debate launched discussions at the Council level, and the  Swedish Presidency is expected to take the discussion forward and adopt conclusions or a resolution on this issue.

The role of the European Network and Information Security Agency (ENISA) is also now being re-examined with a view to defining the best way to tackle the main challenges of appropriate network and information protection.

The ENISA was created in 2004 to ensure a high level of security in its area of expertise and to assist the Commission and the member states in addressing related problems. Its tasks include collecting information with a view to risk analysis, developing common methodologies and enhancing cooperation. Last year, its mandate was extended unchanged, until March 2012.