ENISA: Concerted EU efforts are needed to avoid a ‘digital 9/11’ and combat cyber threats ENISA, the EU Agency for European Network and Information Security, today highlighted key online security issues in Europe, showcasing how it helps to counter cyber attacks, spam and risks of online social networking. The Agency also underlined EU Member States’ imbalances in addressing security threats at a media briefing in Brussels. ENISA concludes that Member States have a long way to go in safeguarding the e-economy. Europe should not wait for a ‘digital 9/11’, but instead reduce imbalances in national security approaches.
ENISA presented a summary of its ‘General Report 2007’ and showcased some of its activities. The Agency underlined the crucial importance of Network and Information Security (NIS) for the European economy, in particular in regards to the i2010 goals. Today, 30% of global trade is ‘digitally dependent’. Spam costs business about €64,5bn in 2007, double the 2005 figure (Source: Ferris). As only 6% of spam reaches mailboxes, the problem is perceived to be under control. However, it is growing in quantity, size and bandwidth and remains a costly problem, with 94 % of spam being the invisible part of the ‘iceberg’. The Agency highlighted its success in mitigating cyber attacks by supporting the set up of ‘Computer Emergency Response Teams’ (CERTs), akin to ‘digital fire brigades’. In 2005, only eight EU Member States had governmental CERTs, whereas in 2008 the number has almost doubled to 14, with ten more planned within the next one to two years. CERTs are key components in combating cyber attacks such as those in Estonia, or spam generated by ‘botnets’; hijacked computers of which there are 6mn worldwide used by organised criminals for sending spam and committing online fraud.
At the same time, ENISA underlined a concerning imbalance in Member States’ security measures. The Executive Director of ENISA at the time commented:
“Europe must take security threats more seriously and invest more resources in NIS. Therefore, ENISA calls for the EU to introduce mandatory reporting on security breaches and incidents for business, just as the US has already done. The Member States should undertake concerted efforts to reduce the imbalances in security levels, with more cross-border cooperation. ENISA is confident that the need for secure networks to safeguard the European economy is a distinct driving force for Member States to cooperate more closely.”
The Agency stressed the risks of online social networking sites and recommended, for example, a review of the Regulatory Framework of Directive 2002/58 on privacy and electronic communications. ENISA has also produced a feasibility study on a European Information Sharing and Alert System for citizens and small business, with SMEs constituting 2/3 of the EU economy.
ENISA has launched a three-year program as of the beginning of 2008 to improve resilience to public e-communication networks, for Member States to mitigate the risks of a digital 9/11.
Upcoming future threats and risks beyond 2008 were identified: e.g. fraud in virtual worlds, where assets are estimated to be between €64,5mn and €100mn (in 2006). In the course of this year, the Agency will issue various Position Papers with recommendations, for example on interoperable e-ID for Europe.
The Agency is an Expert body, providing independent, expert advice to the EU and its Member States, in e.g. Risk Management/Assessment, Awareness Raising, security policies, resilience, etc.
General Report 2007: