EUIST

We have addressed this important issue previously here:

7 lessons learnt from the Estonian attacks

Estonia – lessons learnt in terms of detection and response capabilities

3 national action: cyber security and critical infrastructure protection

LESSONS LEARNED

The issues addressed here related to the Estonian attacks during 2007.

INSTITUTIONS – international response – could it be changed?

- Finnish national CERT + US CERT as coordinators – where these the best choices and if so what does this tell us for the handling of future events?

- managing the attacks with the help of the CERT community – is it formalized enough or too much ad-hoc?

- localization + cleaning of compromised machines – was this the right way to do it or could it have been done faster and more effectively?

- notification of ISPs, system administrators via national CERTs – could it be done faster and more systematic?

PROCEDURES

- there seemed to be no formal procedures on which organization to approach for what type of support

- time is being lost by not having procedures beyond national borders in place beforehand
POLICY

- there does not seem to be an international framework that regulates or facilitates the establishing of and respons to attacks in progress across national borders

- while the EU does not have a procedure it is considering policy issues

CyTRAP Labs take on this issue

Considering the above we should also look at the Commission calling[1] for an integrated and coordinated strategy to address the policy issues related to enhancing the security of the information society from three different perspectives:

i) reinforcement of measures to secure networks and information;

ii) development of a common regulatory framework for electronic communications; and

iii) improved coordination in fighting cybercrime.

As well, the European Commission intends to launch in 2008 a policy initiative on Critical Information Infrastructure Protection (CIIP)[2] under the broader framework of the European Program on Critical Infrastructure Protection[3]. The objective of this initiative will be to ensure that adequate and consistent levels of preventive, detection, emergency and recovery measures are in place across the EU.

We are convinced that based on the lessons learned from various large-scale attacks in recent years, we can expect some coordinatory efforts amongst EU Member States to improve cross-national response capabilities. These efforts are likely to include better coordination, agreed upon procedures and rapid response capabilities to protect critical communication and information infrastructure across Europe.