Malström’s security cure for Europe: “The EU Internal Security Strategy in Action”  30.11.10

Commissioner Cecilia “Censilia” Malmström has launched the European Commission’s EU Internal Security Strategy, “The EU Internal Security Strategy in Action”. One of the five “strategic objectives for internal security” mentioned in the document: “Raise levels of security for citizens and businesses in cyberspace.”

According to her plans, Europe will have a built capabilities to smoothly respond to cyber attacks (contingency plans, sharing and alert systems) by 2013. Most likely, attacks won’t be successful anyway, because Europe’s internet will by then be roughly resilient thanks to the European Partnership for Resilience (EP3R). In case something goes wrong, there will be well-connected governmental/national CERTs all over Europe. Perpetrators will be identified and prosecuted by the European cybercrime centre and LE staff in member states. And handling of illegal content is an security issue: ISPs, LE and non-profit orgs will find a cure for that security threat.

Toward a European Cybercrime Centre as the “focal point” for law enforcement, govCERTs as helpers:

“By 2013, the EU will establish, within existing structures, a cybercrime centre, through which Member States and EU institutions will be able to build operational and analytical capacity for investigations and cooperation with international partners. The centre will improve evaluation and monitoring of existing preventive and investigative measures, support the development of training and awareness-raising for law enforcement and judiciary, establish cooperation with the European Network and Information Security Agency (ENISA) and interface with a network of national/governmental Computer Emergency Response Teams (CERTs). The cybercrime centre should become the focal point in Europe’s fight against cybercrime. At national level, Member States should ensure common standards among police, judges, prosecutors and forensic investigators in investigating and prosecuting cybercrime offences”

Some self-help for users/citizens:

“This guidance should include how people can protect their privacy online, detect and report grooming, equip their computers with basic anti-virus software and firewalls, manage passwords, and detect phishing, pharming, or other attacks. The Commission will in 2013 set up a real-time central pool of shared resources and best practices among Member States and the industry.”

Internet resilience organisationally by some PPP arrangement:

“Cooperation between the public and private sector must also be strengthened on a European level through the European Public-Private Partnership for Resilience (EP3R). … EP3R should also engage with international partners to strengthen the global risk management of IT networks.”

Securitization of illegal content. The paper carefully avoids the word “filtering“.

“The handling of illegal internet content – including incitement to terrorism – should be tackled through guidelines on cooperation, based on authorised notice and take-down procedures, which the Commission intends to develop with internet service providers, law enforcement authorities and non-profit organisations by 2011.”

Improve cyber attack response capabilities:

“Firstly, every Member State, and the EU institutions themselves should have, by 2012, a well-functioning CERT. … [A]ll CERTs and law enforcement authorities cooperate in prevention and response. Secondly, Member States should network together their national/governmental CERTs by 2012 …. … developing, with the support of the Commission and ENISA, a European Information Sharing and Alert System (EISAS) to the wider public by 2013 …. Thirdly, Member States together with ENISA should develop national contingency plans and undertake regular national and European exercises….”