Cyber Security Industry Alliance Newsletter • Volume 2, Number 1 • September 2005

Government Spotlight:
ENISA (EU Network and Information Security Agency)

Is there life without the Internet?

How would our lives be without the computer screens in our offices and schools, the mobile phones, and all the IT in our cars working properly? And even worse, a malfunctioning Internet? This month the new EU agency for network and information security, ENISA, started its activities in Crete. Just as Botticelli depicts the “Birth of Spring” in Crete, Crete is the cradle for much of the European culture. And now the new ENISA staff from all over Europe joined forces on 1 September in Crete to foster a new culture: a culture of security for Internet and networks to function appropriately. A total of 44 officials will eventually staff this pivotal European information security centre.

So what are ENISA’s tasks? Our main mission is to help create a culture of network and information security in Europe.

ENISA — switchboard of information

It has become increasingly clear to all governments, as well as to industry, that as we become more and more dependent on our electronic communication systems, we need to develop a common language for information security. Moreover, we need to start exchanging information and experience between countries and sectors in order to make these interrelated networks secure. ENISA’s mission in this quest is to act as a switchboard for sharing information throughout the EU, gathering information about security best practices and serving as a centre of expertise.

ENISA should be seen as a new, European approach to the information security issues, with the focus on the users in the European Internal Market and the needs of our daily lives. This approach also fits well with the i2010 initiative, recently launched by the European Commission. In the EU Commission’s “i2010”, information security plays an important role in creating a single European space by offering affordable and secure high bandwidth communications. We need to have available and trustworthy information and communication systems in order to make full use of the advantages of the information society.

In order to reach this goal, it is important to involve all stakeholders so they know what responsibilities they have in creating this culture of security. The individual user has a responsibility to behave in a secure manner when he or she uses the Internet. Those who provide the software and connections also have a responsibility to ensure that it is possible for the users to behave securely. Governments and public authorities, of course, have their responsibility in both serving as a good example from a security perspective and by putting the right regulations in place to facilitate and encourage secure use of our networks and information systems.

ENISA — the broker

ENISA acts as a broker for a partnership between the public and the private sectors. We bring together all stakeholders and ensure that knowledge, research results and experience are shared between relevant people in the Member States. We have stakeholder participants on the Management Board with members from all 25 EU countries. We have a Permanent Stakeholder’s Group, set up of 30 high level representatives from various sectors, that provides advice on programmes such as the ENISA work programme.

As the Agency is relatively small and only has a limited budget, we also make the most use we can of the expertise that already exists in the Member States. Consequently, we relay knowledge and have set up ad hoc working groups with experts from the Member States, who can assist us with more in-depth work for specific issues.

Our main objective is to advise and assist Member States, Member State’s bodies, and European institutions in their work to create a more secure information society. For example, ENISA will facilitate so that those who want to establish new CERTs (Computer Emergency Response Teams) or similar organisations can get help to do so. We will also prepare reviews of relevant methods of risk management and raising awareness, so those who want to take such actions will be able to find methods and good practices easily.

We know that these issues are more or less the same across all borders and sectors. In its challenging role of helping Europeans companies, organisations, and individuals become security conscious ICT-users, ENISA also aspires to strengthen the cooperation and information exchange with countries outside Europe.

I look forward to cooperating with the information security community to achieve a safe IT environment — for the sake of an efficient business climate and for the quality of life for all 457 million EU citizens who use IT in the bank, at work and at home. Will we bridge the gap not only within Europe, but also across the Atlantic with our American cousins and elsewhere in the world.