EU progressing on information infrastructure policy

The European Union is refining a set of guidelines that would strengthen its ability to respond to computer security crises as well as ensure Internet infrastructure in member countries is more resilient.

In late March, the European Commission adopted a set of recommendations called the Critical Information Infrastructure Protection (CIIP).

The proposals seek to improve Europe's ability to cope with large-scale cyberattacks or disruptions, said Andrea Glorioso, a policy officer in the Commission's Directorate-General for the Information Society and Media. Glorioso gave a presentation at the Conference on Cyber Warfare on Thursday in Tallinn, Estonia.

The proposals call for a range of measures, including agreeing on minimum standards for the capabilities of European Computer Emergency Response Teams (CERTs), government-run agencies dedicated to computer security.

Other suggestions include creating an agency that would foster closer cooperation between the private sector and government to increase the resilience of networks that could fall under attack as well as improve information sharing between E.U. countries.

By the end of 2010, Europe also hopes to have a roadmap for the European Information Sharing and Alert System (EISAS), which would distribute information on cyberthreats to businesses.

The CIIP plan also calls for E.U. members to run national cybersecurity exercises with a view to holding pan-European network security exercises.

"We want to know how good we are," Glorioso said.

Another focus is Internet stability. The Commission will work to define principles and guidelines for ensuring the robustness of networks along with identifying what is critical infrastructure.

One main motivation for the plan is the impact that cyberattacks can potentially have on economies. Glorioso cited a figure from the World Economic Forum from 2008 that there is a 10 percent to 20 percent possibility that a major critical information infrastructure breakdown could cost the world US$250 billion.

It is difficult to definitively estimate the economic impact, but "we could lose a lot of money," Glorioso said.

E.U member states are embracing the plan. In April, countries discussed and endorsed the CIIP at a meeting in Tallinn, Estonia. Last month, the E.U. Telecommunications Council also gave the plan full support.

Workshops to refine the plan are scheduled through the end of the year. The Council of the European Union could put the plan to a vote as soon as December.

The IDG News Service is a Network World affiliate.