Brussels, 01/04/2011 (Agence Europe) - Over the last two years, EU member states have made significant progress in protecting critical information infrastructures from cyber attack and disruption. That is what is revealed in a Commission report published on Friday 1st April taking stock of progress made in implementing its EU-wide 2009 Critical Information Infrastructure Protection (CIIP) action plan (see EUROPE 9873). The Commission says also, however, that further action is required notably to establish an efficient network of Computer Emergency Response Teams (CERTs) by 2012. It underlines that cyber security and the protection of critical information infrastructures are vital for people and companies to have trust in the internet and other networks. This is one of the key priorities of the Digital Agenda for Europe, says Digital Agenda Commissioner Neelie Kroes who states that, although “significant progress” has been achieved, “we must step up our efforts in the EU and at the global level to address ever-changing cyber-threats”.
Recent events have demonstrated that new and technologically more sophisticated cyber threats can disrupt or destroy vital societal and economic functions. Among examples are the attacks on the networks of the French Finance Ministry prior to the G20 summit, on the EU Emissions Trading System and, most recently, on the European External Action Service and the Commission itself. For the Commission, these events demonstrate the need to create a properly working network of governmental/national Computer Emergency Response Teams (CERTs) in Europe by next year, to organise more regular cyber attack simulations and to look into governance issues for the security of emerging technologies like cloud computing.
The main findings of the report are: - most member states have now set up national/governmental Computer Emergency Response Teams (CERTs); - cooperation among member states is improving as a result of the regular exchanges on good policy practices via the European Forum for Member States, which was set up in 2009; - establishing the European Public-Private Partnership for Resilience (EP3R) was key to engaging the private sector in increasing the level of security of our digital environment and developing a solid information security market in Europe.
The report outlines the way forward to reinforce international cooperation in this area. The Commission will engage with member states and the private sector at national, European and international levels by: - establishing CERTs in the remaining member states and for the EU institutions by 2012; - developing a European cyber-incident contingency plan by 2012, which will be based on national cyber incident contingency plans; - organising both regular exercises at national level (only 12 member states have done so to date), and pan-European cyber incident exercises like the 2010 exercise “Cyber Europe”; - promoting globally-agreed principles for the stability and resilience of the internet; - establishing strategic partnerships in this area with key non-EU countries (notably with the US), and promoting the discussion in international fora such as the G8; - seeking the best governance strategies for emerging technologies with a global impact, such as cloud computing. (O.L./transl.rt)