EU Cyber Agency Urges Action To Avoid Crisis

EU countries lack a harmonised framework to respond to the challenges of a large-scale cyber incident, according to a report by security agency Enisa

European Union cyber security agency Enisa is urging decision-makers in the region to take action to avoid a major cyber crisis.

The call comes as Enisa publishes a report recommending more efficient cyber crisis co-operation and management based on an analysis of current crisis management frameworks.

“Today, should a crisis arise from a large-scale cyber incident, EU member states would need a harmonised framework to effectively respond to the challenges posed by such an incident,” the report said.

Enisa has been supporting European cyber crisis management for several years, with activities including crisis simulation, training support to develop member states’ crisis plans and structures, international conferences, and reports.

The recommendations draw on challenges and lessons from decades of crisis management in the aviation, civil protection, border control, counter-terrorism, and health and disease control sectors.

According to Enisa, the promulgation of a legal framework for EU-level crisis management has drastically increased the efficiency of European’s response to crises in all sectors analysed.

“Clearly defining the roles and responsibilities of the key actors may speed up the response time considerably when faced with a crisis situation,” the report said. “Conversely, the lack of it was seen as an impediment for the relevant bodies to operate effectively as they lacked a common strategy and were not legally mandated to do so.

“Lastly, in areas related to sovereignty, it was recognised that the currently observed lack of trust has been a significant issue which legislation can help improve.”

The report makes five main recommendations about EU-level priorities to raise the maturity in cyber crisis management and reduce the impact of potential cyber crises.

Currently cyber crisis management at EU level lacks the proper mechanisms and consistency to support effectively the EU-wide cyber community in the event of a cyber crisis, the report said.

“The message we try to pass on with this study is that the effective mitigation of any type of crisis caused by cyber incidents does not only depend on the mitigation of the impacts of that crisis,” said Udo Helmbrecht, executive director of Enisa.

“It also depends very much on the effective mitigation of the cyber incidents that caused it. Today, EU decision-makers are in the privileged position to take action before such a cyber crisis occurs, and this study offers an insight into what can be done.”

  • The revision of current EU legislation on cyber crisis management to “better reflect the distinction between cause and effect” and “better leverage on the development of the cyber crisis management field” as an essential tool for the mitigation of crises caused by cyber incidents.
  • EU member states should develop and formally adopt an EU-level crisis management plan, specific to the crises induced by cyber security incidents.
  • The creation of an EU-level pool of cyber experts with the primary objective to exchange information and best practices.
  • The development and adoption of EU-level cyber standard operating procedures.
  • The design and development an EU-level cyber crisis co-operation platform to offer support to cyber crisis management and co-operation activities between member states in conjunction with the Core Service Platform of the Cyber Security Digital Services Infrastructure.

Enisa said it is “fully committed” to supporting the European Commission and the EU member states in implementing these recommendations.

Computer Weekly: http://bit.ly/1q2vre1

« Boardroom: Elevating Cybersecurity Discussions
SMEs Underestimate The PR Damage Caused By A Cyber Breach »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Clifford Chance

Clifford Chance

Clifford Chance are one of the world's pre-eminent law firms with resources across five continents. Practice areas include Cyber Security & Information Protection

Wavestone

Wavestone

Wavestone is a strategy and technology consulting company with areas of expertise including digital transformation and cybersecurity.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

TrainACE

TrainACE

TrainACE, is a professional computer training school offering courses in information technology with a focus on Advanced Security training.

The Cyber Security Expert

The Cyber Security Expert

The Cyber Security Expert delivers cyber security consultancy, website and cloud security monitoring services, and specialist training services.

Naval Dome

Naval Dome

Naval Dome provides the first maritime multilayer cyber defense solution for mission critical onboard systems.

ECOLUX

ECOLUX

ECOLUX is a professional IoT security service company committed to developing world-leading “IoT Lifecycle Security” technologies and products.

Lattice Semiconductor

Lattice Semiconductor

Lattice Semiconductor solves customer problems across the network, from the Edge to the Cloud, in the growing communications, computing, industrial, automotive and consumer markets.

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection Conference (HIP)

Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric cybersecurity practitioners charged with defending hybrid cloud environments.

OpenAVN (DefenseArk)

OpenAVN (DefenseArk)

Defending your life online, keeping your data safe and private. We detect digital threats magnitudes faster than the leading antivirus software.

Raiven Capital

Raiven Capital

Raiven Capital is a global early-stage technology venture capital fund. We focus on founder-led, driven companies on the leading edge of disruption.

RevealSecurity

RevealSecurity

RevealSecurity's TrackerIQ detects malicious activities in enterprise applications.

Securious

Securious

If you need to improve your cyber security or achieve cyber security accreditations, Securious provide an independent service that will identify and address your issues quickly and efficiently.

Obsidian Security

Obsidian Security

Protect your business-critical applications by mitigating threats and reducing risk with Obsidian, the first truly comprehensive security solution for SaaS.

ZEUSS

ZEUSS

ZEUSS is a diversified data center, cybersecurity, and green energy company.

42Crunch

42Crunch

42Crunch provides API security testing and threat protection. We proactively test, fix and protect your APIs from development to runtime.