IfG.CC - The Potsdam eGovernment Competence Center

The European Commission is proposing a Regulation setting up a EuropeanNetwork and Information Security Agency. The objective of the Agency will be to serve as a centre of competence where both Member States and EU Institutions can seek advice on matters relating to cyber security. The Agency will play a key role for the security of Europe's digital economy and the development of the information society in general. The Agency will also provide assistance to Member States' authorities notably their Computer Emergency Response Teams. This assistance will for example be to help in ensuring interoperability of information security functions in networks and information systems. Erkki Liikanen, European Commissioner responsible for Enterprise and Information Society, said: "The EU will benefit from increased co-ordination between Member States to achieve a sufficiently high level of security in all Member States. The European Network and Information Security Agency will build on national efforts to enhance network and information security and to increase the ability of Member States and EU Institutions to prevent and respond to network and information security problems". Today both public and private organisations with different objectives gather data on IT incidents and other data relevant to information security. However, there is no central entity at European level that collects and analyses such data to support the EU policy work in that area, whilst at the same time providing added-value to national initiatives. Co-operation is key in this area. The European Network and Information Security Agency will launch co-operation initiatives between different actors in the information security field, e.g. to support the development of secure e-business. Erkki Liikanen said: "Such co-operation will be a vital prerequisite for the secure functioning of networks and information systems in Europe."

Today more than 90 percent of companies in the EU have an Internet connection and the majority of them operate a web site. In 2002 about 40% of EU households had their own Internet connections and more than two-thirds of the population used a mobile phone. Public administrations are moving towards electronic government. Computers and communication networks control critical infrastructures such as electricity and water supply or public transport systems. Already a lot depends on networks and information systems and their secure functioning has become a key concern, especially in the aftermath of the 11th of September events, for everybody: citizens, businesses and public administrations.

In the near future, security requirements will rapidly change as networking and computing develop further and electronic communicationsbecome more ubiquitous. For instance broadband connections offer peoplethe possibility to be connected to the Internet at all times which willmultiply the potential risks of cyber-attacks, and new wireless applications will enable the users to access the Internet from anywhere. From an EU-policy perspective the activities related to network and information security are interrelated with the legal framework on telecommunications, data protection and cyber-crime. Governments see a widening responsibility for society and are increasingly making efforts to improve security on their territory. Member States are however in different stages of their work and the approaches vary. Today there is no systematic cross-border co-operation on network and information security between Member States, although security issues cannot be an isolated issue for only one country. Network and information security issues are also of a global nature, as electronic communication channels do not stop at national or European borders. Enhanced international co-operation in this field is necessary. The Agency will provide support for the EU contacts with relevant parties in third countries. Erkki Liikanen said: "Society as a whole as well as individuals have to learn how to manage the risks involved in networks and information systems. The European Network and Information Security Agency will contribute to that process."

The text of the proposal can be found at: http://europa.eu.int/eeurope