How to best alert European SMEs and citizens of cyber attacks? ENISA presents a study on a European Information Sharing and Alert System (EISAS) for SMEs and citizens: EU’s role proposed to be a ‘clearing house’.
ENISA is presenting the first feasibility study on a European Information Sharing and Alert System (EISAS) to inform SMEs and citizens in the European Union (EU) on threats, vulnerabilities and attacks. The feasibility study concludes that the most optimal way for the EU to facilitate the information sharing is to assume the role of a facilitator, moderator of discussion and a “keeper of good practice” between national information sharing and alert systems, rather than taking a central, operational function by itself. The proposed next steps and a “proof of concept” scenario are also outlined.
After careful analysis of various perspectives, an operational role for the EU is deemed as unsuitable. A decentralised system on a national basis is more effective, as technical/organisational, cultural/social, and political obstacles make other, centralised operational approaches less feasible. The main proposed scenario for the EU includes the role to:
- Act as a "clearinghouse" for good practice to support new national systems in the Member States;
- Act as a fosterer and facilitator of discussions between the national ISAS in the Member State, to achieve the following goals: help the existing activities to learn from each other, continuously update the good practice collection, and together identify fields or areas to improve the service level of all activities;
- Act as an analyst of the collected good practice and, if appropriate, propose areas of optimisation.
Why are citizens and SMEs in focus?
The Agency Expert Mr Thorbruegge commented that computers of home-users and SMEs are the most popular targets for targeted attacks, as they often are considered easy victims. On the other hand SMEs are important to Europe’s economic growth. However, due to size, SMEs rarely employ dedicated security personnel for protecting information assets.
Background
The EISAS feasibility study of ENISA is a response to a request from the European Commission (COM(2006) 251).