|what can one learn from large-scale cyber attacks?|
|whenever a fire alarm is in progress, the system works like a well oiled machine. Fire marshall and team, emergency vehicles and staff all know what they have to do.|
|Fire departments demonstrate how well tried and tested procedures can help safe lives, why can we not do the same for our critical communciation and information infrastructure?|
We have addressed this important issue previously here:
The issues addressed here related to the Estonian attacks during 2007.
INSTITUTIONS – international response – could it be changed?
- Finnish national CERT + US CERT as coordinators – where these the best choices and if so what does this tell us for the handling of future events?
- managing the attacks with the help of the CERT community – is it formalized enough or too much ad-hoc?
- localization + cleaning of compromised machines – was this the right way to do it or could it have been done faster and more effectively?
- notification of ISPs, system administrators via national CERTs – could it be done faster and more systematic?
- there seemed to be no formal procedures on which organization to approach for what type of support
- time is being lost by not having procedures beyond national borders in place beforehand
- there does not seem to be an international framework that regulates or facilitates the establishing of and respons to attacks in progress across national borders
- while the EU does not have a procedure it is considering policy issues
CyTRAP Labs take on this issue
Considering the above we should also look at the Commission calling for an integrated and coordinated strategy to address the policy issues related to enhancing the security of the information society from three different perspectives:
i) reinforcement of measures to secure networks and information;
ii) development of a common regulatory framework for electronic communications; and
iii) improved coordination in fighting cybercrime.
As well, the European Commission intends to launch in 2008 a policy initiative on Critical Information Infrastructure Protection (CIIP) under the broader framework of the European Program on Critical Infrastructure Protection. The objective of this initiative will be to ensure that adequate and consistent levels of preventive, detection, emergency and recovery measures are in place across the EU.
We are convinced that based on the lessons learned from various large-scale attacks in recent years, we can expect some coordinatory efforts amongst EU Member States to improve cross-national response capabilities. These efforts are likely to include better coordination, agreed upon procedures and rapid response capabilities to protect critical communication and information infrastructure across Europe.