ENISA Considers Europe-wide Security Warning System

The EU Commission has requested the European Network and Information Security Agency ENISA to examine potential models for a European-wide warning system. The current ENISA Newsletter (PDF file) states that first results will be presented to the member states under the project title “European Information Sharing and Alert System (EISAS)” during April. The focus is on monitoring and early warning systems for the internet. At present, ENISA is examining a variety of initiatives targeted at warning network operators and users of security risks; these initiatives may serve as potential sources for a Europe-wide system.

According to an interim report by Marco Thorbruegge and Slawomir Gorniak, the easiest solution would be a simple portal providing links to the respective private and public initiatives and offerings. Another option would be an information portal integrating the results from such sources. However, similar initiatives have not been entirely successful in the past. Alternatively, a framework could be prepared for establishing national systems. A team of ENISA experts will provide recommendations to be presented during the planned security conference in June, which is hosted by Germany during its presidency of the EU.

The EU Commission has also requested ENISA to provide suggestions for a framework on exchanging information on security risks and incidents. According to ENISA expert Carsten Casper, there is no way to get hold of reliable information on threats and actual attacks, "not for love or money". "Everybody would like to know more, but nobody wants to share his own experiences", the expert sums up. Without accurate data on security incidents there is no way to judge the success of regulatory measures. In addition to a security survey, the EU Commission would also like to find out to what extent citizens trust the internet.

According to Casper, the primary goal of ENISA’s work in this area is to define a framework for information exchange that particularly encourages private providers to participate. ENISA imagines that vendor reports, government analyses, CERT statistics, market surveys and provider data could contribute to such a framework. ENISA has started to contact partners and is asking for comments and opinions.

At the end of 2003 the EU parliament gave the [ticker:uk_42225 go-ahead] for establishing ENISA as the central European information security agency. ENISA’s main task is to serve as a centre of expertise and to help achieve an EU-wide level of security. According to reports [ticker:uk_51564 on the occasion of the agency’s start of work], the agency has not been set up as an "operational centre”. Rather, its task is to gather and analyse security-relevant data, drive cooperation with various players in the network security arena, increase the perceived relevance of this issue and provide advice and help for security solution development. Another task is to monitor the development of standards, without getting involved in the standardisation processes themselves.

In the 2007 Work Programme (PDF file) of the Crete-based agency, the new activities requested by the EU Commission account for 75,000 Euro of the overall budget of 2.8 Million Euro. ENISA spends about 1.5 million Euro on various projects, workshops and studies on information security, with the largest share being invested in activities “bridging security gaps in Europe”, including assistance in setting up national CERTs and respective information exchange mechanisms, for instance in Lithuania, and work on a database on various authentication standards and providers in Europe. (Monika Ermert)

(mba)