Search form

LSUMEP - the only CERT we need

The European Network and Information Security Agency (ENISA) has been operating on Greek soil since 2004. Their task is to improve network and information security in Europe, and do research or help coordinate research and structural improvements in the member state. Exactly as any public organisation, sometimes their operations are evaluated and decisions are made on how or if (usually how) their operations can continue.

In a proposal from the Commission from 2010 it's quite clear that they are happy with the way ENISA has worked, they want to continue their operations. The MEPs working working on the file, though, want to expand their activities to include, say, cyber security. They suggest to enhance ENISA's cooperation with Europol (the pan-European police force established to coordinate national police forces in the fight against organised crime - they actually publish very nice terrorism reports every year if you're interested: TESAT 2010). This enhanced cyber security vision for European public institutions could take the shape of Computer Emergency Response Teams (CERTs) which are proposed to be established at a European level and in all the member states, later to enhance cooperation in between themselves to develop better resilience against situations where two or more member states are at risk of being exposed to a cyber attack.

It is undoubtedly so that the Committee appears to desire a kind of European NSA. It's cute, but inefficient, and the texts I've seen produced instead remind me rather vaguely of South Korea. As for CERTs, I must say that it is unfortunate that the Commission and some of the members have missed the fantastic services provided by the European Parliament's very own LSUMEP - Local Service Unit for Members of the European Parliament.

In a network, the biggest security risk are always the users. They are usually the least aware of how the systems work and are set up and therefore most prone to make mistakes that expose the system to vulnerabilities. For all the times when a user is insecure, LSUMEP is there for us. If you want to follow my office's interactions with LSUMEP, we have created a hashtag for them on Twitter.

Earlier today, inspired by the Polish turmoil around the ACTA, the European Parliament itself was exposed to a DDoS-attack by Anonymous. In only two hours, LSUMEP had sent a comforting e-mail assuring us that they were doing all they can to prevent further disturbance! Since I only noticed the disturbances after a journalist (from LeSoir!) wrote me to ask about it, they must be doing one hell of a job.

In the legislative debate, the importance of good IT support units in public institutions is unfortuntely over-shadowed by the desire to create more public institutions.

Comments

Add new comment