Cyber Security Industry Alliance Newsletter • Volume 2, Number 1 • September 2005

Global Perspectives


Viviane Reding, Commissioner for the Information Society, presented the Commission’s Communication on i2010 to the Telecoms Council (consisting of Ministerial representatives from each of the 25 EU member states) on 27 June 2005. Member states welcomed the proposal. In a speech delivered at the EU-Japan Business Dialogue Round Table on 8 July, Commissioner Reding spoke about “the challenge of security”. She said that “Security is only as good as the weakest link. (…) Significant investment in security measures on one part of a network can be dramatically undermined by the presence of unprotected machines elsewhere on the network. In addition, in a global world these threats have no geographical boundaries and international cooperation is also required to address the problem properly.

Link to Commissioner Reding’s speech, 8 July 2005

In a speech at the European Institute in Washington on 18 July 2005, Commissioner Reding referred to the security element of i2010. She said that the Commission is working on a Strategy for a Secure Information Society, which would consider how to enhance the interoperability of security solutions and services; the need for further research addressing Internet stability and network information security; and the means to raise awareness of users to benchmark progress and encourage the exchange of best practices.

Link to Commissioner Reding’s speech, 18 July 2005

Data Retention

There is a political tussle as to where a new initiative on data retention should come from. The Council (representing the governments of the 25 EU member states) has the legal grounds to initiate a proposal on its own, but the Commission (a 20+ member organization that acts in an executive capacity) also has legal competence to put forward a proposal and both institutions are preparing separate initiatives.

At an extraordinary meeting of the Justice and Home Affairs Ministers on 13 July, the Council condemned the London bombings and declared that it would agree the draft Framework Decision on Data Retention in October 2005. The draft was originally proposed by the UK, France, Ireland and Sweden in early 2004 and requires unanimous backing of all member states to pass.

Peter Hustinx, the European Data Protection Supervisor who was appointed in January 2004 by the European Parliament (elected by the peoples of the Member States) and Council of Ministers for a 5-year term, has expressed strong doubts about EU-wide obligations to retain telecom data for police use. Jack Straw, the UK Foreign Secretary said that “provided there are proper safeguards, no one’s civil liberties are threatened”. Mr. Hustinx questioned whether there are adequate safeguards and stressed the cost to industry of blanket data retention. He also questioned whether the proposed Decision was the best way to proceed as it does not allow for the European Parliament to input. The Civil Liberties Committee at the European Parliament is currently discussing the draft Framework Decision on data retention but does not have a formal role in the legislative process.

In parallel, the Commission is preparing a draft Directive on Data Retention. It is expected to consult Mr. Hustinx on its proposal but has not yet approached him. The Commission is also preparing a draft Decision on the related subject of data protection when exchanging crime-related data.

Link to minutes of Justice and Home Affairs Council Meeting, 13 July 2005

In a speech at the European Institute in Washington on 18 July 2005, and referring to the political disagreement between the Council and the Commission on this issue, Commissioner Reding stressed the importance of avoiding a patchwork of different data retention obligations across Europe. She said that the Commission’s proposal for a Directive would allow a fully transparent debate, including Parliament, and this would help find the right balance in terms of privacy and consumer confidence, but also cost for the affected industry.

Link to Commissioner Reding’s speech, 18 July 2005

ENISA Update

ENISA published its first newsletter in June 2005. ENISA newsletters will cover:

  • Technical developments
  • Policy developments
  • Conferences/events/workshops
  • European and international developments (with an initial focus on Europe)
  • Trend watching, particularly for new technologies
  • Sharing experiences, mistakes made, best practices, etc
  • Providing a bird's eye view of what is going
  • ENISA's own activities

Link to ENISA's June newsletter

Nick Coleman, a member of the Permanent Stakeholder’s Group who works for IBM, submitted an article to the newsletter about professional standards in information security. He referred to a group called SAINT: Security Alliance for Internet and New Technologies. Established in 2001, it brings vendors, government and business together to promote security awareness and best practice in the UK. Business is represented through Intellect, the trade association for the UK-based information technology, telecommunications and electronics industry. SAINT’s current work programme includes an initiative to set up a security industry website.

Link to SAINT

For information about ENISA’s ISSE 2005 (Information Security Solutions Europe) conference in Budapest 27-29 September, see Upcoming Events.

Internet Governance and WSIS (World Summit on the Information Society)

On 2 June 2005, the European Commission published a Communication outlining the EU’s priorities for the World Summit on the Information Society (WSIS). The paper insists on the importance of promoting an information society for all. The Commission also points out that a revised cooperation model is needed to allow different stakeholders (governments, private sector, civil society and international organisations) to play an active role within Internet governance.

Link to Commission Communication

At its meeting on 27 June 2005, the Telecoms Council (made up of Ministerial representatives from each of the 25 member states) adopted conclusions on the WSIS and in particular on Internet governance. Relevant paragraphs include:

“The question of internationalisation of the management of the Internet’s core resources, namely the domain name system, IP addresses, and the root server system, are the main issues in this debate.

The Council advocates a new cooperation model regarding the crucial role of all actors within Internet Governance, including governments, the private sector, civil society and international organisations”

The Council stresses:

“That governments have a specific mission and responsibility vis-à-vis their citizens, and their role within this new cooperation model should be mainly focused on principle issues of public policy, excluding any involvement in the day-to-day operations.

That stability, dependability and robustness of the Internet remain a high priority; security and spam are important issues in this field.

A global common understanding of the issue of internet security must be developed. This includes the use of security policies in general at all relevant levels.”

Link to minutes of Telecoms Council meeting, 27 June 2005 (see page 10)

Commissioner Reding spoke at the ICANN meeting in Luxembourg on 11 July 2005. She noted that the security and stability of the Internet is essential and that “it is of crucial importance that the future approach to Internet governance is led by the principles of efficiency and openness, and not by considerations of internal policy.” She added that a monopolistic oversight of the Internet would at the end of the day lead to “less efficiency and less security.”

Link to Commissioner Reding’s speech, 11 July 2005

Online Public Procurement

The European Commission published a document on 15 July 2005 explaining and interpreting the rules on electronic public procurement that are part of the new public procurement directives adopted in 2004. The aim is to assist member states when transposing the directives into national law.

Link to relevant documents

Another CSIA

The UK Government’s Cabinet Office has a unit responsible for safeguarding the nation's IT and telecommunications service. It is called the Central Sponsor for Information Assurance, and abbreviated to CSIA.

Link to Cabinet Office CSIA website


The European Commission received a mandate from the Council to negotiate on behalf of the EU a draft UN Convention aiming to make it easier to conclude international business-to-business contracts electronically. The negotiations will take place within the United Nations Commission on International Trade Law (UNCITRAL). The Commission will, amongst other things, try to ensure the compatibility of this initiative with the electronic commerce directive, for example in relation to contracts concluded by electronic means.

Link to Commission press release


The European Commission launched a public consultation on the e-money directive to analyse whether it is completely fulfilling its objectives and is conducive to the competitiveness of the industry. Independent consultants are due to come forward with a study on this issue by Spring 2006.

Link to relevant documents