View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Technology
  2. Software
September 16, 2009

EU agency calls for Euro security exchanges

Need for intelligence sharing in a trusted environment

By CBR Staff Writer

Enisa, the EU agency that coordinates information and network security policy, has called for the formation across Europe of public-private sector partnerships tasked with sharing intelligence on security incidents, vulnerabilities, threats and solutions.

These so-called Network Security Information Exchanges are not intended to have any operational role or respond to a crisis but would work at a tactical and strategic level by allowing bodies to exchange information in a trusted environment.

All members of a NSIE would actively share insights and intelligence and are to be distinguished from CERTs which tend to focus on issuing guidance and authoritative information.

The idea is that through sharing of experiences and sensitive information the groups jointly develop recommendations for mitigating risks and threats and continuously assess existing measures in light of new threats.

Information shared would include details on everything from security advisories to warnings and best practices on contingency planning, analysis on threats, risks, impact and vulnerabilities, on single point of failures, dependencies, crisis management arrangements, incidents, and exercises. 

Enisa said it found NSIEs were often set up after a major incident provided evidence that such an organisation was needed, or after a country became aware of ‘worst case scenarios’. 

Content from our partners
Webinar - Top 3 Ways to Build Security into DevOps
Tech sector is making progress on diversity, but advances must accelerate
How to bolster finance functions and leverage tech to future-proof operational capabilities

Help from governments and adherence to ‘Chatham House Rule’ were key ingredients Enisa suggested, while engaging permanently with law enforcement agencies or with any telecommunications regulator is normally discouraged.

The body said that the drivers for the setting up of an information exchange are the benefits of members working together on common problems of cyber attacks, disaster recovery or physical attacks and gaining access to information which is not available from any other source, but only from competitors and national security agencies. 

It called for NSIEs to develop a international perspective. “Risks, vulnerabilities and threats are global. Actually sharing of information at national level does not fully address the problem. As Member States develop effective information exchanges at national level they pave the way for wider collaboration and deployment at pan European level.”

It has just published a guide produced by Symantec which it hopes will pave the way for an accelerated deployment of national NSIEs and consequently of a pan European one.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU