A bill proposed this week by the US government, which would allow intelligence agencies to share details of cyber-attacks with the businesses that operate telecommunications networks and power grids, demonstrates the need for cooperation between private and public organisations in tackling Internet-based attacks on national infrastructure.
But a report from the House of Lords’ Europe Union Committee has today questioned the European Union’s engagement with businesses in its cyber-attack prevention measures.
In a document published this year, the EU’s legal and regulatory body said that “while member states remain ultimately responsible for defining critical information infrastructure (CII)-related policies, their implementation depends on the involvement of the private sector, which owns or controls a large number of CIIs.”
Interesting Links
Protecting Europe against large-scale cyber-attacks – House of Lords European Union Committee report
However, when the committee asked Andrea Servida, deputy head of the EU’s cyber-security unit, what steps had been taken to engage with the private sector, “the most he could say was: ‘We have started a process to engage at the European level with private sector and public bodies in Member States in order to see how to establish it. By the end of this year [2009] we will come forward with the road map and the plan is to launch it by mid 2010,” the report claims.
“He added that the Commission, while agreeing on the need to engage the private sector, saw this as a reason ‘why the private sector should come forward’,” it explains. “We suggest that, on the contrary, this is a reason for the Commission to take the initiative, rather than wait for the private sector to do so.”
This stands in contrast to the US government, which under bill proposed yesterday would define which infrastructure is critical. Intelligence agencies would then give senior executives at the companies that operate that infrastructure security clearance to receive information about suspected forthcoming attacks, so that they might defend against them.
According to the Financial Times, the bill has support from both political parties although the newspaper also notes that the cooperation of intelligence bodies and Internet infrastructure providers have angered civil rights campaigners in the past.