The European Union Agency for Cybersecurity (ENISA) issues a report and a leaflet on how to ensure effective consumer outreach in relation to cyber threats in the telecommunications sector.
The European Electronic Communications Code or EECC, the current EU telecom framework, sets new requirements in relation to the notification of threats to users by their telecommunications services providers.
Under this new legislation, providers of public electronic communications networks or services are now required to notify their users when a particular and significant threat has occurred affecting their networks or services. Warning customers on cyber threats is already an industry good practice.
Scope and content of the report
The report published today provides a framework to help assess the necessity to carry out outreach activities.
The analysis revealed that the contents of the outreach messages disseminated by providers are usually adjusted to the knowledge and competency level of users. Communication about specific threats often includes facts about the nature of the threat, potential impact, measures taken by the provider, etc. Electronic communications providers generally target those users directly affected by the threat.
The outreach framework consists of 3 steps developed in the report. A checklist is also available to help structuring the information.
- Trigger: to assess the need of consumer outreach;
- Communication: to decide on the right channel, and on the right message;
- Evaluation: to define the parameters needed to measure the effectiveness of the outreach.
Although an important activity, consumer outreach is a complementary measure not intended to replace the mitigation and/or preventive actions by the relevant authorities or by the providers.
36th meeting of the ECASEC Expert Group
The ECASEC group met for the first time this year yesterday and today. The meeting was organised in a hybrid format, in Croatia and online. Almost 60 experts from national authorities from EU, EFTA, EEA, and EU candidate countries, who are supervising the European telecom sector attended the meeting.
The meeting engaged in discussions on the resilience of telecom networks particularly given the latest developments in Ukraine.
The group discussed their strategy in view of the revision of the Directive on Network and Information Security also referred to as NIS2. This was the opportunity to get an update on the activities of the 5G cybersecurity WS of the NIS Cooperation Group and of the ad-hoc working group on 5G certification.
The attendees had a chance to learn about the activities of the hosting regulatory Authority, HAKOM and also be informed by the Croatian CSIRT about the platform used for exchange of information on computer security incidents.
ENISA presented some first insights on the submitted security incidents for 2021 and discussed the work programme for 2022.
Finally, the Swedish competent Authority analysed their auditing mechanisms and the participants exchanged views on the supervision of the Number-Independent Interpersonal Communication Service (NI-ICS) providers under EECC.
Background on ECASEC Expert Group, formerly known as the ENISA Article 13a group
Established in 2010, the ENISA ECASEC expert group, formerly known as the ENISA Article 13a group, consists of about 60 experts from national telecom security authorities from EU Member States, EFTA countries, and EU candidate countries.
The group is a forum for exchanging information and good practices on telecom security. It produces policy guidelines for European authorities on the implementation of EU telecom security legislation, and publishes an annual summary report about major telecom security incidents.
This group meets 3 times a year in order to discuss and agree on a common approach to telecom security supervision in the EU.
Further Information:
Cyber Threats Outreach in Telecom
For more information about the ENISA ECASEC expert group see ENISA ECASEC EG portal
If you want to join the ENISA telecom security mailing list, to be kept up to date about this group and our telecom security work, and to receive invitations for events and projects, please contact us via resilience (at) enisa.europa.eu
ENISA Incident Reporting webpage
European Electronic Communications Code
Contact
For questions related to the press and interviews, please contact press(at)enisa.europa.eu