EU Cyber Agency Urges Action To Avoid Crisis

Uploaded on 2016-04-15 in FREE TO VIEW, GOVERNMENT-National, INTELLIGENCE--Europe, NEWS-Cybersecurity News

EU countries lack a harmonised framework to respond to the challenges of a large-scale cyber incident, according to a report by security agency Enisa

European Union cyber security agency Enisa is urging decision-makers in the region to take action to avoid a major cyber crisis.

The call comes as Enisa publishes a report recommending more efficient cyber crisis co-operation and management based on an analysis of current crisis management frameworks.

“Today, should a crisis arise from a large-scale cyber incident, EU member states would need a harmonised framework to effectively respond to the challenges posed by such an incident,” the report said.

Enisa has been supporting European cyber crisis management for several years, with activities including crisis simulation, training support to develop member states’ crisis plans and structures, international conferences, and reports.

The recommendations draw on challenges and lessons from decades of crisis management in the aviation, civil protection, border control, counter-terrorism, and health and disease control sectors.

According to Enisa, the promulgation of a legal framework for EU-level crisis management has drastically increased the efficiency of European’s response to crises in all sectors analysed.

“Clearly defining the roles and responsibilities of the key actors may speed up the response time considerably when faced with a crisis situation,” the report said. “Conversely, the lack of it was seen as an impediment for the relevant bodies to operate effectively as they lacked a common strategy and were not legally mandated to do so.

“Lastly, in areas related to sovereignty, it was recognised that the currently observed lack of trust has been a significant issue which legislation can help improve.”

The report makes five main recommendations about EU-level priorities to raise the maturity in cyber crisis management and reduce the impact of potential cyber crises.

Currently cyber crisis management at EU level lacks the proper mechanisms and consistency to support effectively the EU-wide cyber community in the event of a cyber crisis, the report said.

“The message we try to pass on with this study is that the effective mitigation of any type of crisis caused by cyber incidents does not only depend on the mitigation of the impacts of that crisis,” said Udo Helmbrecht, executive director of Enisa.

“It also depends very much on the effective mitigation of the cyber incidents that caused it. Today, EU decision-makers are in the privileged position to take action before such a cyber crisis occurs, and this study offers an insight into what can be done.”

  • The revision of current EU legislation on cyber crisis management to “better reflect the distinction between cause and effect” and “better leverage on the development of the cyber crisis management field” as an essential tool for the mitigation of crises caused by cyber incidents.
  • EU member states should develop and formally adopt an EU-level crisis management plan, specific to the crises induced by cyber security incidents.
  • The creation of an EU-level pool of cyber experts with the primary objective to exchange information and best practices.
  • The development and adoption of EU-level cyber standard operating procedures.
  • The design and development an EU-level cyber crisis co-operation platform to offer support to cyber crisis management and co-operation activities between member states in conjunction with the Core Service Platform of the Cyber Security Digital Services Infrastructure.

Enisa said it is “fully committed” to supporting the European Commission and the EU member states in implementing these recommendations.

Computer Weekly: http://bit.ly/1q2vre1

« Boardroom: Elevating Cybersecurity Discussions
SMEs Underestimate The PR Damage Caused By A Cyber Breach »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Infinigate UK

Infinigate UK

Infinigate is a value-added distributor of IT security solutions to protect and defend IT networks, servers, devices, data, applications, as well as the cloud.

City Security Magazine

City Security Magazine

City Security magazine helps promote best security practices and keep businesses informed on a wide variety of security-related issues.

Panzura

Panzura

Panzura optimizes enterprise data storage management and distribution in the cloud, making cloud storage simple and secure.

Matta

Matta

Matta is a cyber security consulting company providing information security services and solutions including vulnerability assessments, penetration testing and emergency response.

Sabasai

Sabasai

Sabasai specialises in all aspects of insider threat management from training and education to building security frameworks and insider threat programs to on-site risk & vulnerability assessments.

Olfeo

Olfeo

Olfeo is a content filtering software vendor. Our proxy and filtering solution helps our customers to manage, monitor and secure their Internet traffic.

Trapmine

Trapmine

TRAPMINE is an innovative cybersecurity products company mainly focusing on protecting organizations from Advanced Persistent Threat & Zero-Day attacks.

Archivo

Archivo

Archivo is a value added reseller focused on Disaster Recovery as a Service (DRaaS), backup, hyper-convergence, hybrid storage and Cyber security.

In-Sec-M

In-Sec-M

In-Sec-M is a non-profit organization that brings together companies, learning and research institutions, and government actors to increase competitiveness of the Canadian cybersecurity industry.

Blue Hexagon

Blue Hexagon

Blue Hexagon is a deep learning innovator focused on protecting organizations from cyberthreats.

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

Future Planet Capital

Future Planet Capital

Future Planet is the impact-led, global venture capital firm built to invest in high growth potential companies from the world's top research centres.

Salus Cyber

Salus Cyber

Salus is a provider of world-class cyber security services, enabling our clients to identify and manage their cyber risks proactively and effectively.

Cloudsmith

Cloudsmith

Cloudsmith is the only cloud-native, global, universal artifact management platform for securely developing and distributing software.

Simpson Associates

Simpson Associates

Simpson Associates is a Data Transformation and managed services provider that helps organisations gain valuable insights from their data and make better-informed decisions.

Tria Federal

Tria Federal

Tria Federal is the premier middle-market Technology and Advisory services provider delivering digital transformation solutions to federal health and public safety agencies.