New strategies for Europe wide communication

Downtime on your network? Nevertheless, the European Network and Information Security Agency (ENISA) survey shows that there is only 10 hours downtime a year and over 99.9% availability. The availability of networks, services and business continuity is of major concern for all business actors and consumers alike across Europe. As the number of disruptions increases, network operators and service providers put measures in place to ensure the resilience of public communication networks. However, today there are significant differences in the approaches deployed by network operators and service providers across Europe. The ENISA survey of network operators across the EU, polled by the end of 2008, is based on 54 responses. The survey found that operators take network resilience seriously:

–          Top network threats are hardware, software and location incidents, but also personnel incidents were also significantly represented

–          Operators describe their network and risk management procedures as fairly mature

–          There is no significant variation by size of operator regarding business continuity procedures.

The variety of rules, policies and practices throughout Europe has been instead analyzed in the ENISA Report Analysis of Member States’ Policies and Regulations – Policy Recommendations, published in April 2009, which also provides high level and context specific recommendations to both policy and decision makers in order to enhance the resilience of communication networks against any kind of threads. The report concludes with a list of identified good practices. The study was done in the context of ENISA‘S programme on Resilience of public communication network.

The seven main points recommended by this report are:

–          Member States may consider soft-law instruments, such as good practices and recommendations, as a mean to intervene in the market

–          Member State may consider relevant national authorities’ simplification and harmonization of competences and tasks

–          Member States using regularly enforcement practices to achieve operators’ compliance may consider worthwhile performing a systematic analysis of the added-value and impact of them

–          Member State may consider developing and implementing an integrated and holistic national risk management project

–          Member State should consider assessing the degree of operators’ adherence to preparedness measures

–          Each Member States must establish one national Computer Emergency Response Team (CERT)

–          Member States expressed the need for more good practice guidance on emerging policy issues (e.g.: trusted information sharing exchanges, incident reporting, exercises)

–          The European Commission should consider the development and implementation of a coherent pan European strategy based on Member States’ experience.

 

These results are the ENISA‘s contributions to the EU’s strategy on Critical Information Infrastructure Protection (CIIP).

 

 

Source:

www.enisa.europa.eu