European Commission: Communication on a Strategy for a Secure Information Society

IRIS 2006-7:1/7

Mara Rossini

Institute for Information Law (IViR), University of Amsterdam

The European Commission has issued a Communication outlining a strategy to improve network and information security in Europe. It notes businesses, individuals and public administrations underestimate the risks of insufficiently protecting networks and information as only 5 to 13% of IT expenditure is currently allocated to security. The Commission believes this rate of investment is alarmingly low and is promoting greater awareness through an open multi-stakeholder dialogue. Member States, the IT industry and users as well as the European Network and Information Security Agency, ENISA, should lead the way to more secure information and communication technologies by working together more closely.

An open dialogue involving all stakeholders is believed to be essential in building consumer trust, thus promoting widespread use of digital services. The main aim is to raise awareness of IT security matters and educate people and organisations on the actions that need to be taken in order to protect their own information and equipment. For users - be they public entities, private organisations or households - to be truly empowered, they must be provided with the necessary information relating to security “incidents” and analyses offering solutions and best practices. It is stressed public authorities play an important part in promoting awareness but it is ultimately up to the private sector to provide solutions.

Specific proposals of the Commission point to benchmarking national policies on network and information security in order to improve the dialogue between public authorities, to identify best practices and to raise the security awareness of end-users. ENISA will be entrusted with developing an appropriate data collection framework to store security incidents and surveys of EU consumer confidence. Member States and the private sector are for their part invited to play a more prominent role in this strategy for a secure information society.

The Commission is also carrying out a public consultation on the security and privacy implications of RFID (Radio frequency Identification) and is scheduled to present its conclusions later this year. These initiatives are part of a European policy on network and information security which covers spam and spyware, cybercrime, the integrity and protection of critical communication infrastructures as well.