A Data Collection Framework on security incidents for Europe- a way to increase resilience of eCommunication systems in Europe?

(PresseBox) (Heraklion, Crete, ) ENISA has in the first study ever in this field investigated the feasibility of a European Data Collection Framework on security incidents. This study will help policymakers to define more cost-effective security policies. ENISA is now presenting the feasibility study on a European Data Collection Framework. As a result, it proposes to establish a new “Partnership for ICT Security Incident and Consumer Confidence Information Exchange (PISCE)”. PISCE will allow public and private policy makers, EU and national organisations with an ‘NIS spectrometer’ to take more informed decision based on more reliable data and knowledge of security incidents. And, by doing it, this will contribute to improve the resilience of eCommunication systems in Europe.

The ENISA feasibility study underlines that EU-wide data collection is a complex matter. ENISA identified ca 100 potential partners and evaluated >60 existing data collection initiatives. A single and centralised EU data collection partnership (“one-size-fits-all”) is neither feasible nor desirable. Conversely, new and innovative partnerships to move forward in this area are both needed and possible. In this context, ENISA supports the creation of a new partnership (PISCE) to tie together existing/new data collection initiatives to improve information & data exchange, promote common collection methodologies, and build trusted relations between partners. PISCE may become a powerful European area for information exchange on IT security and consumer confidence trend data. ENISA advocates to first concentrate on a selection of the most promising partners but keeping the door open to new entrants.

Time to act for decision makers: no free NIS lunch

EU wide data collection is hindered by 2 factors – a weakness of expressed demand by policy makers and the absence of a driving force with a long-term mandate. Nevertheless, the involvement of dozens of organisations and 100’s of data collection reports do not exist without a reason, but still a more direct commitment by policy makers is needed. A wealth of data exists: of different nature and from different sources, but the question is how to assess their reliability, and how to combine it. Not all want to share the information they have on embarrassing security incidents. Moreover, data collectors want a return on their investment. Collecting, aggregating and sharing data needs a sustainable business model.
The Executive Director of ENISA, Mr Andrea Pirotti, comments:
“ENISA will support the establishment of PISCE, a partnership open to security researcher, business partners, and public policy makers.”

Kontakt

ENISA - European Network and Information Security Agency
P.O. Box 1309
GR-71001 Heraklion, Crete
M.A. Ulf Bergström
Press- and Communications Officer
Dr. Alain Esterle
Bereichsleiter
Social Media