The proposed strategy emphasises the positive virtue of technological diversity as an integral component of security, as well as the importance of openness and interoperability. It also highlights the strategic importance that European industry be both a demanding user and a competitive supplier of network and information security products and services.
Individual users, companies and governments increasingly rely on communication networks and information technologies. Users expect reliable networks functioning without severe disruptions, a high level of protection for personal data, and high-quality software protecting them against malicious attacks, including denial-of-service, viruses and other forms of malware.
A change in the 'threat landscape' is currently taking place. Many current threats are now motivated by profit rather than 'fame' and increasingly use malicious code to expose confidential information. This is a very alarming trend, as threats to confidential information can result in identity theft and/or significant financial loss, particularly if credit card information or banking details are exposed.
Spending on security for large enterprises is at the level of 5–13% of the overall IT budget. This is alarmingly low, in particular when one considers the potential financial losses caused by security breaches and incidents.
The major challenge for European policy makers is therefore to:
It is evident that both the public and the private sector have a pivotal role to play.
While trustworthy, secure and reliable ICT are crucial for a wide take up of converging digital services, security is just one objective besides others such as protection of fundamental (on-line) rights, the right to privacy/data protection, and freedom of speech.
In tackling network and information security (NIS) challenges for the Information Society, the European Community has therefore developed a three-pronged approach embracing:
Although these three aspects can, to a certain extent, be developed separately, the numerous interdependencies call for a coordinated strategy. This Communication sets out the strategy and provides the framework to carry forward and refine a coherent approach to NIS.
Trust and security form an integral part of i2010 – A European Information Society for growth and employment', which highlights the urgent need to coordinate efforts to develop policies, regulations, technology and awareness in order to build trust and confidence of businesses and citizens in electronic communications and services.
Alcatel-Lucent’s Bell Labs and professional services organizations carried out a study for the Commission on the availability and robustness of electronic communication networks. The study provides insights in the availability and security provisioning of electronic communication networks and makes a number of key recommendations to enhance their protection and resilience.
The report and its annexes are now available. The Commission is seeking comments on the findings of the study from all interested parties. More information