EU Cyber Agency Urges Action To Avoid Crisis

EU countries lack a harmonised framework to respond to the challenges of a large-scale cyber incident, according to a report by security agency Enisa

European Union cyber security agency Enisa is urging decision-makers in the region to take action to avoid a major cyber crisis.

The call comes as Enisa publishes a report recommending more efficient cyber crisis co-operation and management based on an analysis of current crisis management frameworks.

“Today, should a crisis arise from a large-scale cyber incident, EU member states would need a harmonised framework to effectively respond to the challenges posed by such an incident,” the report said.

Enisa has been supporting European cyber crisis management for several years, with activities including crisis simulation, training support to develop member states’ crisis plans and structures, international conferences, and reports.

The recommendations draw on challenges and lessons from decades of crisis management in the aviation, civil protection, border control, counter-terrorism, and health and disease control sectors.

According to Enisa, the promulgation of a legal framework for EU-level crisis management has drastically increased the efficiency of European’s response to crises in all sectors analysed.

“Clearly defining the roles and responsibilities of the key actors may speed up the response time considerably when faced with a crisis situation,” the report said. “Conversely, the lack of it was seen as an impediment for the relevant bodies to operate effectively as they lacked a common strategy and were not legally mandated to do so.

“Lastly, in areas related to sovereignty, it was recognised that the currently observed lack of trust has been a significant issue which legislation can help improve.”

The report makes five main recommendations about EU-level priorities to raise the maturity in cyber crisis management and reduce the impact of potential cyber crises.

Currently cyber crisis management at EU level lacks the proper mechanisms and consistency to support effectively the EU-wide cyber community in the event of a cyber crisis, the report said.

“The message we try to pass on with this study is that the effective mitigation of any type of crisis caused by cyber incidents does not only depend on the mitigation of the impacts of that crisis,” said Udo Helmbrecht, executive director of Enisa.

“It also depends very much on the effective mitigation of the cyber incidents that caused it. Today, EU decision-makers are in the privileged position to take action before such a cyber crisis occurs, and this study offers an insight into what can be done.”

  • The revision of current EU legislation on cyber crisis management to “better reflect the distinction between cause and effect” and “better leverage on the development of the cyber crisis management field” as an essential tool for the mitigation of crises caused by cyber incidents.
  • EU member states should develop and formally adopt an EU-level crisis management plan, specific to the crises induced by cyber security incidents.
  • The creation of an EU-level pool of cyber experts with the primary objective to exchange information and best practices.
  • The development and adoption of EU-level cyber standard operating procedures.
  • The design and development an EU-level cyber crisis co-operation platform to offer support to cyber crisis management and co-operation activities between member states in conjunction with the Core Service Platform of the Cyber Security Digital Services Infrastructure.

Enisa said it is “fully committed” to supporting the European Commission and the EU member states in implementing these recommendations.

Computer Weekly: http://bit.ly/1q2vre1

« Boardroom: Elevating Cybersecurity Discussions
SMEs Underestimate The PR Damage Caused By A Cyber Breach »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ANS Group

ANS Group

ANS are a strong team of straight-talking tech and business experts. Our mission is to make digital transformation accessible to all.

Synology

Synology

Synology provides high-performance, reliable, and secure Network Attached Storage (NAS) products.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

Luxar Tech

Luxar Tech

Luxar's network visibility products enable enterprises and service providers to monitor network traffic, improve security and optimize efficiency.

Galvanize

Galvanize

Galvanize is a leading provider of award-winning, cloud-based security, risk management, compliance, and audit software for some of the world’s largest organizations.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

BwCIRT

BwCIRT

BwCIRT is the Computer Incident Response Team (CIRT) for Botswana and provides an official point of contact for dealing with computer security incidents.

Defendify

Defendify

We built Defendify to help small businesses navigate the cybersecurity landscape with cybersecurity that is dead simple, affordable, and works around the clock.

Automox

Automox

Remediate vulnerabilities 30X faster than the industry norm – and dramatically reduce your risk with simple, fast, and cloud-native endpoint hardening from Automox.

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance is a global, non-profit industry association which is working to enable a secure connected future.

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance provides an array of cybersecurity services including cybersecurity policy management, risk assessments and regulatory compliance consulting.

InfoSystems Inc

InfoSystems Inc

InfoSystems provides reliable IT solutions to build and maintain strong and secure systems for both SMB and enterprise organizations.

In Fidem

In Fidem

In Fidem specializes in information security management, with a bold approach that views cybersecurity as a springboard to organizational transformation rather than a barrier to innovation.

Oman Data Park

Oman Data Park

The Data Park is Oman’s premier IT Managed Services provider. We offer a superior Tier 3 Data Center network providing cyber security and cloud services.

IDECSI

IDECSI

IDECSI delivers cutting-edge technology and engages all employees in the security system for effective and cost-efficient data protection.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.