Information exchange, good practices and approaches that reflect the institutional and cultural realities can help Member States improve network dependability and realiability.
ENISA’s recent workshop on network resilience brought forard a nice set of effective approaches for strengthening national and international efforts across Europe in this domain.
The post provides some links for you to download material that might support you in your own work in this area.
We all know that in today’s world, public e-communication networks are becoming ever more important.
Recently (Nov. 12-13) ENISA held a workshop in Brussels. Amongst various sessions, there were also Member States reporting about various activities that one might consider good practice helping improve resilience of public e-com networks in Europe.
We – CyTRAP Labs – did a presentation about a stock taking exercise investigating what countries had achieved so far.
You can download this presentation right here:
The slideshow, amongst other things, discusses how an individual state or government agency might be able to use ideas, approaches from other Member States to improve their own situation (see below for download link of the full study). We used a cube that can be used by anybody helping in structing findings while allowing comparisons across national borders. The cube looks as follows:
Resilience and the CyTRAP Cube – Information Exchange in Practice
The above cube illustrates that a county will have to structure its resilience and information security efforts including regulatory provisions. On a continuum, a country or regulator must make things work in such a way that they fit in a more federalistic (or de-centralized) or else centralized system of governance. The outcomes may be similar but how we got there will be quite different.
As well, better information security and network resilience is a never ending journey that will require many small steps to find approaches that can be considered good practice.
One of the outcomes should be developing a framework for effective information sharing and, as importantly, good practices. Even imperfect Key Performance Indicator(s) are better than not having any. Focusing on what one intends to achieve (i.e. objectives) and measuring the results using some metric will facilitate continous improvement on the road to better network resilience.
So what do you get?
You can download the complete report about how 22 EU Member States and 2 EFTA countries implemented various regulations, good practices and so forth in order to strengthen the resilience of public e-communication networks. What is different to some other work in this area is that telephone interviews were used for cost and time considerations in contrast to having respondents just fill in a paper-and-pencil survey.
The advantage of doing phone interviews are several including but not limited to:
- participants can be asked to clarify their more general responses — ‘what does it mean in practice;’
- respondents can be asked to provide examples that illustrate what kind of incident requires what type of response and reporting (be concrete, specify);
- responses obtained indicate that whilst European Union directives have been put in place across Europe, how these are implemented, administered and used to strengthen network dependability and reliability is vastly different across Member States; and
- finally, what is most encouraging is that how Member States master some great challenges in unique ways to move foward and, thereby, improve network resilience – can be very creative in order to get where the nation needs to get with its e-communication infrastructure.
So if you can spare the time, have a look at the summary here where you can also download the final report for free:
Regarding the ENISA workshop from Nov. 12-13 this week in Brussels, you can download what you would like to study more close using this link:
Please keep updated about security, risk and resilience events, subscribe here (get about 1 e-mail a week with a blog post, no more – no less):
Just recently, ENISA published report regarding data and privacy protection challenges.
Tax break incentives as well as a comprehensive security breach notification law are just two of the 13 recommendations proposed in this report on privacy & technology launched by the EU Agency ENISA.