ENISA: Unreported Cybersecurity Incidents Bad for Consumers and Policymakers

The agency hopes that current and proposed legislation can address the current gaps

By on August 27th, 2012 12:56 GMT

The European Network and Information Security Agency (ENISA) has issued a report called “Cyber Incident Reporting in the EU.” The study analyzes the effects of security breaches and the problems that currently exist in the implementation of efficient reporting mechanisms.

In the past couple of years, a lot of security incidents have made headlines in mainstream media, including the one that affected LinkedIn, the storm that impacted communications in countries from Scandinavia, the BlackBerry outage, and the DigiNotar breach.

The fact that the media extensively covered these situations demonstrates their importance and their impact on society. However, many incidents remain undetected or unreported, leaving policymakers and consumers in the dark.

Such gaps prevent policymakers from determining the causes, interdependencies and the overall impact of data breaches, information that could be highly useful in preventing and addressing future incidents.

In the past period, many European countries have begun understanding the need for proper security policies, but not all of them apply the same approach and this has a couple of disadvantages.

Firstly, because some cyber security incidents affect individuals and companies from more than one country. Secondly, organizations, especially telecoms firms, are experiencing difficulties because they have to adapt their systems to each country’s legislation.

Currently, there are a number of laws and proposals which seek to address these issues, such as Article 13a of the Framework directive of the EU legislative framework on electronic communications.

The agency believes that the proper implementation of Article 13a, Article 15 of the e-ID regulation, and Articles 30, 31, and 32 of the Data Protection reform could make a considerable difference in improving reporting mechanisms and addressing the existing gaps.

“Incident reporting is essential to obtain a true cyber security picture. The EU’s cyber security strategy is an important step and one of its goals is to extend the scope of reporting provisions like Article 13a beyond the telecommunications sector,” Executive Director of ENISA, Professor Udo Helmbrecht, said.

Comments

ENISA warns of issues in cyber incident reporting mechanisms
   ENISA warns of issues in cyber incident reporting mechanisms