EU Cyber Agency Urges Action To Avoid Crisis

Uploaded on 2016-04-15 in FREE TO VIEW, GOVERNMENT-National, INTELLIGENCE--Europe, NEWS-Cybersecurity News

EU countries lack a harmonised framework to respond to the challenges of a large-scale cyber incident, according to a report by security agency Enisa

European Union cyber security agency Enisa is urging decision-makers in the region to take action to avoid a major cyber crisis.

The call comes as Enisa publishes a report recommending more efficient cyber crisis co-operation and management based on an analysis of current crisis management frameworks.

“Today, should a crisis arise from a large-scale cyber incident, EU member states would need a harmonised framework to effectively respond to the challenges posed by such an incident,” the report said.

Enisa has been supporting European cyber crisis management for several years, with activities including crisis simulation, training support to develop member states’ crisis plans and structures, international conferences, and reports.

The recommendations draw on challenges and lessons from decades of crisis management in the aviation, civil protection, border control, counter-terrorism, and health and disease control sectors.

According to Enisa, the promulgation of a legal framework for EU-level crisis management has drastically increased the efficiency of European’s response to crises in all sectors analysed.

“Clearly defining the roles and responsibilities of the key actors may speed up the response time considerably when faced with a crisis situation,” the report said. “Conversely, the lack of it was seen as an impediment for the relevant bodies to operate effectively as they lacked a common strategy and were not legally mandated to do so.

“Lastly, in areas related to sovereignty, it was recognised that the currently observed lack of trust has been a significant issue which legislation can help improve.”

The report makes five main recommendations about EU-level priorities to raise the maturity in cyber crisis management and reduce the impact of potential cyber crises.

Currently cyber crisis management at EU level lacks the proper mechanisms and consistency to support effectively the EU-wide cyber community in the event of a cyber crisis, the report said.

“The message we try to pass on with this study is that the effective mitigation of any type of crisis caused by cyber incidents does not only depend on the mitigation of the impacts of that crisis,” said Udo Helmbrecht, executive director of Enisa.

“It also depends very much on the effective mitigation of the cyber incidents that caused it. Today, EU decision-makers are in the privileged position to take action before such a cyber crisis occurs, and this study offers an insight into what can be done.”

  • The revision of current EU legislation on cyber crisis management to “better reflect the distinction between cause and effect” and “better leverage on the development of the cyber crisis management field” as an essential tool for the mitigation of crises caused by cyber incidents.
  • EU member states should develop and formally adopt an EU-level crisis management plan, specific to the crises induced by cyber security incidents.
  • The creation of an EU-level pool of cyber experts with the primary objective to exchange information and best practices.
  • The development and adoption of EU-level cyber standard operating procedures.
  • The design and development an EU-level cyber crisis co-operation platform to offer support to cyber crisis management and co-operation activities between member states in conjunction with the Core Service Platform of the Cyber Security Digital Services Infrastructure.

Enisa said it is “fully committed” to supporting the European Commission and the EU member states in implementing these recommendations.

Computer Weekly: http://bit.ly/1q2vre1

« Boardroom: Elevating Cybersecurity Discussions
SMEs Underestimate The PR Damage Caused By A Cyber Breach »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

C3IA Solutions

C3IA Solutions

C3IA Solutions is an NCSC-certified Cyber Consultancy providing assured, tailored advice to keep your information secure and data protected.

Tendo Solutions

Tendo Solutions

Tendo Solutions provides intelligence, security, forensics and risk solutions to clients across different sectors and jurisdictions.

MetaFlows

MetaFlows

MetaFlows’ SaaS malware detection & prevention software passively analyzes the behavior and the content of Internet traffic.

V-Key

V-Key

V-Key is a global leader in software based digital security, providing solutions for mobile identity, authentication, authorization, and mobile payments for major banks.

Avira

Avira

Avira provide a portfolio of antivirus, security and performance applications for Windows, Android, Mac, and iOS.

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) is the Directorate of MCIT responsible for the security of critical information infrastructures in Afghanistan.

Cytomic

Cytomic

Cytomic is the business unit of Panda Security specialized in providing advanced cybersecurity solutions and services to large enterprises.

BHC Laboratory

BHC Laboratory

BHC Laboratory is a cyber capabilities’ development company for a wide range of global customers.

Cyber@StationF

Cyber@StationF

Cyber@StationF is an up to 6 months international startup acceleration programme, whose members provide solutions for the Cybersecurity industry.

NexGenT

NexGenT

NexGenT have combined military-style training with decades of network engineering and cyber security experience into an immersive program to get people into cyber security fast and effectively.

TryHackMe

TryHackMe

TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

IgmGuru

IgmGuru

Igmguru offers certification online training courses for IT professionals and students. Get certified with high-in-demand job-oriented professional courses.

HCS

HCS

HCS is an IT Company and Telecoms provider with an experienced team who are dedicated to ensuring our clients business systems are protected.

Dion Training Solutions

Dion Training Solutions

Dion Training Solutions offer comprehensive training in areas such as project management, cybersecurity, agile methodologies, and IT service management.

North Green Security

North Green Security

North Green Security is a UK-based cyber security training and consultancy company.