Submitted by Penta_Fronimos on Wed, 2012-04-25 11:40

Just before national elections take place, the risk level of politicians' safety is usually raised and relevant protection measures are adopted and properly applied. What about the risk level of Governmental Information Systems, Public Administration services and Critical Infrastructures? At the time of this writing, Greece is under constant cyber-attack of hacktivism nature. The attacks are ongoing, and increasing in frequency. This is reasonable. What is not is the absence of proactiveness. Is there a strategy? Do we have any protection and emergency response plans for such critical cases? Which EU country is next to follow?

Group audience:

Security

Comments

As each country has a CERT

Submitted by cputester on Mon, 2012-04-30 15:15

As each country has a CERT authority, could EU establish a central EU CERT that would also act as a network of alert for similar future incidents?

Having one national

Submitted by ross on Thu, 2012-05-03 11:38

Having one national/governmental CERT by 2012 will not solve the problem. What does matter in a CERT is the constituency i.e. a perimeter around the group to whom the team will provide service (RFC 2350).
For example we already have a CERT-EU but it is only in charge of the EU institutions, agencies and bodies. I believe that Europe has a matchless opportunity at the moment with the redefinition of the ENISA mission. Using this opportunity means set the fundamentals to leveraging incident response in Europe and pave the road to a real answer to the threats that can affect european networks. Estonia is the country to follow. CERT-EE and CERT-FI are perfect examples of how a national CERT should be organized and which constituency should supervise. On the contrary I would suggest to try to search which german or italian CERT should be considered as unique national point of contact in case of need.
Regarding the alert network, there are several different initiatives that are interesting but unfortunately haven't provide a real operative answer yet as NEISAS and FISHA. The problem is not developing new systems but to educate CERTs and align both organizational and information exchange practices.The ENISA reports are a good starting point but without a real coordinational and operational power of ENISA all these efforts risk to be vain.

Dear Ross, does ENISA has the

Submitted by prokopas on Fri, 2012-05-04 22:47

Dear Ross, does ENISA has the authorization to act as a European coordinator or it's scope have to be officially redefined?
Are European countries willing to accept this coordination?

At the moment ENISA is not in

Submitted by ross on Fri, 2012-05-11 08:47

At the moment ENISA is not in charge of the operational coordination and I believe the scope should be redefined as a backbone of the European Internet Security Strategy. There are only two recent reports regarding possible scenarios that I am aware of: REPORT on the proposal for a regulation of the European Parliament and of the Council concerning ENISA http://www.europarl.europa.eu/document/activities/cont/201202/20120215AT... and the CERT Operational Gaps and Overlaps Report http://www.enisa.europa.eu/activities/cert/other-work/files/operational-... . Regarding your question about countries, you raised a good point. Are european countries willing to accept? It seems not at the moment and with this scope and organization as you can read here http://www.publications.parliament.uk/pa/cm201012/cmselect/cmeuleg/428lv... regarding UK. Actually I was hoping to find in this forum more insights about this topic so if someone from the EU could share more information this could be of great help for the debate.

Regarding the first post on national strategies: ENISA has just released a study on it http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber... It only enlists 10 member states and I believe unfortunately helps to frame the real situation both of ENISA and of the actual level of the national strategies development.