EU Cyber Agency Urges Action To Avoid Crisis

Uploaded on 2016-04-15 in FREE TO VIEW, GOVERNMENT-National, INTELLIGENCE--Europe, NEWS-Cybersecurity News

EU countries lack a harmonised framework to respond to the challenges of a large-scale cyber incident, according to a report by security agency Enisa

European Union cyber security agency Enisa is urging decision-makers in the region to take action to avoid a major cyber crisis.

The call comes as Enisa publishes a report recommending more efficient cyber crisis co-operation and management based on an analysis of current crisis management frameworks.

“Today, should a crisis arise from a large-scale cyber incident, EU member states would need a harmonised framework to effectively respond to the challenges posed by such an incident,” the report said.

Enisa has been supporting European cyber crisis management for several years, with activities including crisis simulation, training support to develop member states’ crisis plans and structures, international conferences, and reports.

The recommendations draw on challenges and lessons from decades of crisis management in the aviation, civil protection, border control, counter-terrorism, and health and disease control sectors.

According to Enisa, the promulgation of a legal framework for EU-level crisis management has drastically increased the efficiency of European’s response to crises in all sectors analysed.

“Clearly defining the roles and responsibilities of the key actors may speed up the response time considerably when faced with a crisis situation,” the report said. “Conversely, the lack of it was seen as an impediment for the relevant bodies to operate effectively as they lacked a common strategy and were not legally mandated to do so.

“Lastly, in areas related to sovereignty, it was recognised that the currently observed lack of trust has been a significant issue which legislation can help improve.”

The report makes five main recommendations about EU-level priorities to raise the maturity in cyber crisis management and reduce the impact of potential cyber crises.

Currently cyber crisis management at EU level lacks the proper mechanisms and consistency to support effectively the EU-wide cyber community in the event of a cyber crisis, the report said.

“The message we try to pass on with this study is that the effective mitigation of any type of crisis caused by cyber incidents does not only depend on the mitigation of the impacts of that crisis,” said Udo Helmbrecht, executive director of Enisa.

“It also depends very much on the effective mitigation of the cyber incidents that caused it. Today, EU decision-makers are in the privileged position to take action before such a cyber crisis occurs, and this study offers an insight into what can be done.”

  • The revision of current EU legislation on cyber crisis management to “better reflect the distinction between cause and effect” and “better leverage on the development of the cyber crisis management field” as an essential tool for the mitigation of crises caused by cyber incidents.
  • EU member states should develop and formally adopt an EU-level crisis management plan, specific to the crises induced by cyber security incidents.
  • The creation of an EU-level pool of cyber experts with the primary objective to exchange information and best practices.
  • The development and adoption of EU-level cyber standard operating procedures.
  • The design and development an EU-level cyber crisis co-operation platform to offer support to cyber crisis management and co-operation activities between member states in conjunction with the Core Service Platform of the Cyber Security Digital Services Infrastructure.

Enisa said it is “fully committed” to supporting the European Commission and the EU member states in implementing these recommendations.

Computer Weekly: http://bit.ly/1q2vre1

« Boardroom: Elevating Cybersecurity Discussions
SMEs Underestimate The PR Damage Caused By A Cyber Breach »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

a1qa

a1qa

a1qa specializes in the delivery of full-cycle software QA and application testing services.

Secusmart

Secusmart

Secusmart provide highly secure and encrypted speech and data communication solutions.

Learning Tree International

Learning Tree International

Learning Tree's comprehensive cyber security training curriculum includes specialised IT security training and general cyber security courses for all levels of your organisation including the C-suite.

Balbix

Balbix

Balbix BreachControl™ is the industry’s first system to leverage specialized AI to provide comprehensive and continuous predictive assessment of breach risk.

ST Engineering

ST Engineering

ST Engineering is a leading provider of trusted and innovative cybersecurity solutions.

CybExer Technologies

CybExer Technologies

CybExer provide an on-premise, easily deployable solution for complex technical cyber security exercises based on experience in military grade ranges.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

Armenia Startup Academy

Armenia Startup Academy

Armenia Startup Academy is a pre-acceleration program for selected Armenian tech companies and startups in areas including cybersecurity.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.

Wazuh

Wazuh

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Superus Careers - Cyber Career Exchange

Superus Careers - Cyber Career Exchange

The Cyber Career Exchange is a specialized recruiting platform focused specifically on cybersecurity.

Airgap Networks

Airgap Networks

Airgap is fixing the fundamental flaw of excessive trust. We help enterprises modernize their network for a simple and secure infrastructure.

Tenet3

Tenet3

Tenet3's vision is to make optimal cyber strategy development tractable, data driven, with concrete success metrics. The result is cost effective cyber resilience for our customers.

Lakera

Lakera

Lakera empowers developers and organizations to build GenAI applications without worrying about AI security risks.

Badge

Badge

Badge authenticates you on-demand for every application, on any device, without storing any secrets.

INTfinity Consulting

INTfinity Consulting

The INTfinity team brings together decades of professional experience in cybersecurity. We're here to apply that same experience and proficiency in defending your networks.