European Countries Need Better Infosec Cooperation, ENISA Chief Says
Stuck in an “embryonic” stage of sharing cybersecurity information, many European countries look to govt. for encouragement, the head of the European Network & Information Security Agency (ENISA) said in an interview. Despite claims of willingness to work together, a lack of actual cooperation is the chief roadblock to better infrastructure protection, said ENISA Exec. Dir. Andrea Pirotti, adding that many stakeholders want national or European Union authorities to nudge them. ENISA will be the “director of the orchestra” beginning later this year, Pirotti said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The new agency has created working groups on security awareness-raising, risk analysis and assessment, and computer emergency response teams (CERTs), Pirotti said. The CERT panel will devise an effective way to stimulate cooperation among European nations and to establish as many CERTs as possible, he said. In smaller communities, ENISA may also push for warning, advice and reporting points (WARPs), sometimes called “mini-CERTs.” Often set up and run by volunteers, WARPs field network threat information from and report problems to the larger CERTs, Pirotti said. But unlike CERTs they don’t provide technical fixes.
ENISA working groups will set best practices with detailed procedures for establishing CERTs and WARPs, Pirotti said. ENISA officials then will take the ideas to national officials and push for their creation. “We shall do our best, but this is just the beginning,” he said. Local authorities are keen on the idea but want ENISA to give them a framework and suggestions. Most know the risks of not having CERTS, he said, and are willing to invest in them.
ENISA is beginning to develop a presence, joining the ITU at a June forum on network security in central and east Europe, the former Soviet bloc and the Baltic states (WID May 23 p6). The group also plans a late Sept. information security conference in Budapest.
A permanent ENISA stakeholder group has 30 members from industry, academia and the consumer community, Pirotti said. The group, which first met in March, convenes June 2 to discuss mobile phone security, among other issues.
ENISA’s workforce is far from complete -- of 40 workers authorized, 4 have been hired -- but a massive recruiting effort for agency administrative and technical personnel now underway will end in late July, Pirotti said. ENISA will occupy its permanent hq in Heraklion, Greece, in Sept. and start work in earnest in Oct. or Nov.