Special FeaturesThe European Union Proposal for a Policy Towards Network and Information Security
Section snippets
Synopsis
The European Commission has published a Proposal which outlines a “European Policy Approach” towards “Network and Information Security.” The Proposal, if adopted by Member States of the European Union, will provide governments with more power to impose security obligations on organisations, will result in the implementation of European-wide security standards, provide for a uniform legislative framework to counter cyber-crime, and lead to the creation of specialist tasks forces which would be
Why a European policy towards security is needed
The European Commission has decided it cannot leave something as important as the security of information systems and telecommunications networks to the vagaries of market forces. It argues, in a Proposal which has been put to Member States of the European Union, that legislation and other harmonisation initiatives need to be commenced.
The Proposal states that this step is necessary because: “Governments have realised the extent to which their economies and their citizens are dependent on the
The main security threats
The Proposal notes that there are several security threats to e-commerce. As most readers will be very familiar with these, it will suffice to provide a list of the broad headings used in the Proposal — this means that the rest of the article can focus on the Commission’s action plan to improve security.
The security headings used in the Proposal are: unauthorised and authorised interception of communications; unauthorised access into computer and computer networks; network disruptions;
Legislative action
The Proposal argues for a legislative component to its security policy. There are three arms to this component: data protection and privacy (to protect individuals); a framework of legislative provisions in the field of telecommunications (to oblige organizations who supply services or networks to adopt standards); and penalties (to apply to those who deliberately misuse telecommunication systems).
In some cases, the legislation is already in place. For example: “Article 5 of the
Action by Government
The Commission recognizes that all Governments are exploring the electronic delivery of services to its citizens. This makes public administrations: “both potential exemplars in demonstrating effective security solutions and market actors with the ability to influence developments though their procurement decisions.” Public administrations are therefore in a position: “to develop a culture of security in the organization” which can extend to the population as a whole.
The Commission propose that:
Conclusion
The Proposal states that this Communication: “provides the strategic outline for action in this area.” By the end of this year, and following a consultation period with interested parties, the Commission promises to publish a roadmap of “final concrete set of actions.” So watch this space.
Chris Pounder can be contacted at [email protected] The Proposal can be obtained from: http://europa.eu.int/information_society/eeurope/news_library/pdf_files/netsec_en.pdf
References (0)
Cited by (4)
Assessing cyber-threats in the information environment
2004, Network SecurityReliability and security at the dawn of electronic bank transfers in the 1970s-1980s
2021, Revista de Historia IndustrialApplying Fuzzy AHP to study the KSFs of information security management
2011, IEEE International Conference on Fuzzy SystemsAnalyzing threat agents and their attributes
2005, 4th European Conference on Information Warfare and Security 2005, ECIW 2005