"A change in the 'threat landscape' is currently taking place ..."
The proposed strategy emphasises the positive virtue of technological diversity as an integral component of security, as well as the importance of openness and interoperability. It also highlights the strategic importance that European industry be both a demanding user and a competitive supplier of network and information security products and services.
Why there is a need to deal with it at EU-level?
Individual users, companies and governments increasingly rely on communication networks and information technologies. Users expect reliable networks functioning without severe disruptions, a high level of protection for personal data, and high-quality software protecting them against malicious attacks, including denial-of-service, viruses and other forms of malware.
A change in the 'threat landscape' is currently taking place. Many current threats are now motivated by profit rather than 'fame' and increasingly use malicious code to expose confidential information. This is a very alarming trend, as threats to confidential information can result in identity theft and/or significant financial loss, particularly if credit card information or banking details are exposed.
Spending on security for large enterprises is at the level of 5–13% of the overall IT budget. This is alarmingly low, in particular when one considers the potential financial losses caused by security breaches and incidents.
The major challenge for European policy makers is therefore to:
- raise awareness on the security risks;
- establish a culture of security in which security is seen as a business value and an opportunity rather than a liability and an additional cost;
- foster appropriate framework conditions for interoperable, open and diverse solutions provided by a competitive, innovative European industry.
It is evident that both the public and the private sector have a pivotal role to play.
How does this fit into the EC's activities?
While trustworthy, secure and reliable ICT are crucial for a wide take up of converging digital services, security is just one objective besides others such as protection of fundamental (on-line) rights, the right to privacy/data protection, and freedom of speech.
In tackling network and information security (NIS) challenges for the Information Society, the European Community has therefore developed a three-pronged approach embracing:
- specific network and information security measures related to telecommunication policy;
- the protection of privacy and data;
- and, last but not least, the fight against cybercrime.
Although these three aspects can, to a certain extent, be developed separately, the numerous interdependencies call for a coordinated strategy. This Communication sets out the strategy and provides the framework to carry forward and refine a coherent approach to NIS.
Trust and security form an integral part of i2010 – A European Information Society for growth and employment', which highlights the urgent need to coordinate efforts to develop policies, regulations, technology and awareness in order to build trust and confidence of businesses and citizens in electronic communications and services.
Update 02 April 2007: Network availability and robustness
Alcatel-Lucent’s Bell Labs and professional services organizations carried out a study for the Commission on the availability and robustness of electronic communication networks. The study provides insights in the availability and security provisioning of electronic communication networks and makes a number of key recommendations to enhance their protection and resilience.
The report and its annexes are now available. The Commission is seeking comments on the findings of the study from all interested parties. More information