Brussels, 27/05/2011 (Agence Europe) - During the session devoted to telecommunications on Friday 27 May, the Council took stock of progress made on a draft regulation regarding a new mandate for the European Network and Information Security Agency (ENISA). The new mandate would extend over a five-year period (until 2017), in line with the European Commission's proposal. The aim is to modernise the ENISA and give it new tasks in order to focus on the development of new technology and answer the constant attacks by hackers who use methods that are continually being developed and perfected. The Council also adopted a regulation extending the current ENISA mandate for a further 18 months, i.e. until 13 September 2013, in order to avoid the legal vacuum that would be left if the new mandate were not adopted before expiry of the current one. Zsolt Nyitrai, Hungarian Information and Communications Minister, pointed out that the security of information networks is vital for information and communications technology, which in turn are vital for the economy. That is why, he added, ENISA is a key player in this field. Neelie Kroes, Commissioner for digital strategy, took up saying that time is against us when it comes to network security and ENISA has a major role to play. She said it was a matter of credibility compared to the EU's world partners, especially the United States.
The report by the Hungarian presidency on the state of progress for ENISA modernisation identifies the main areas in which member states agree, namely: 1) a clear list of tasks that would allow the agency to focus on its core business, which should not include operational tasks; 2) an agreement in principle that, as regards cybercrime, ENISA should liaise and exchange know-how and best practices with EU bodies and provide advice on network and information security aspects that might have an impact on their work; 3) the structure and the role of its bodies, for instance greater involvement of the management board in the planning of the main activities, priorities and objectives; and the post of executive director should be subject to an open competition; and 4) the planning of its work and its functioning.
Outstanding issues concern the way the ENISA works and, above all, the duration of its mandate. During the public session attended by 18 member states, nine delegations (Cyprus, France, Greece, Italy, Latvia, Malta, Portugal, Romania, and Slovenia) defended the idea of establishing a permanent mandate for ENISA. If this were the case, this would cause discrimination with the other European agencies which have permanent status. However, the fact that cyber-attacks cannot be limited in time make it necessary to unrelentingly protect networks and especially critical infrastructure, along the lines of the priorities of the Digital Agenda and the objectives of the EUROPE 2020 strategy, which make it essential to have a permanent mandate. Other delegations (the Netherlands, Finland, Ireland, Sweden and Poland in particular), on the other hand, follow the opinion of the Commission recommending a five-year mandate. According to Sweden, the duration of ENISA must remain limited in time as it is not intended to replace member state security systems, which must receive an incentive to develop their security infrastructure and to collaborate. Commissioner Kroes said it was necessary to ensure that ENISA supports member states in the best possible way, with technical assistance where necessary. Work on this issue will continue under Polish presidency of the EU Council when the European Parliament is expected to adopt its position on this issue at first reading in December 2011. (I.L./transl.jl)