The European Network and Information Security Agency (ENISA) is at the frontline of all the EU's IT security issues.

It was formed in March 2004 and is now based on the Greek island of Crete. Udo Helmbrecht was appointed executive director at the agency on 16 October.

Computing talked to Helmbrecht about ENISA's mandate and how the organsation intends to oversee information security in the EU going forward.

Computing: What is ENISA's mandate?

Helmbrecht: Our basic mission is to improve IT security across the EU. We will achieve this by bringing IT security people together and publishing best practices on different security issues. We recently published a report on resilience.

Different levels of IT security are required across the EU member states, and we have to allow for new member states joining the EU. At a higher level the European Services Directive, which aims to create a free market across Europe for the services sector, poses challenges for us.

The directive has to be implemented thoroughly. For instance, if you fall ill in another country, you will need to be able to use your health card for your country’s health provider to reimburse you.

We're trying to make sure this will work electronically, through interconnected procedures across different governmental departments. On a European level, this needs to be harmonised properly.

Identity cards are another big challenge for us. There are issues around securing your private data and your identity on the internet - there are also security issues around online banking, or just travelling from from one country to another. Again we will need standards to allow interoperability across the EU.

What's your view of IPv6 rollouts, given the stories about IPv4 IP address depletion?

The IPv4 address depletion is the result of the internet's success, and you have to remember that the TCP/IP protocols we are currently using were never designed to deal with the volume of traffic seen by the internet today. IPv6 will be implemented because of it offers more IP addresses and better security.

How will ENISA address the fact that some countries may want to move their public sector services onto a cloud computing platform such as Google's – or clouds that are not located in the EU?

We’ll be publishing detailed views on this later, but for now I’m unsure. Although the IT industry is pushing forward with cloud services, there are EU government institutions that already have big investments in public sector intranet infrastructures. How governments would build links from their infrastructures into any cloud computing rollouts would be critical. Governments would need to be sure of the service features and service levels they would get.

In addition, there are currently lots of security breaches and threats on the internet, and I think it will take a while to build up a secure, clustered cloud computing environment.

What are your views on some of the future services being explored by the EU such as ambient intelligence?

We will be working on a couple of projects around ambient intelligence. First we will co-operate closely with the European framework projects, which are looking into this type of technology. Second, we need to look at how this sort of technology is implemented in our society. An example might be the intelligent house in which IT products are deployed to support elderly people.

We need to consider whether these systems would be accepted by potential users as well as the time it takes to make such systems stable and secure.

What is the biggest problem facing Europe in terms of network security?

I think the big problem here is determining exactly how all the infrastructures in Europe are connected, which would mean working together with the service providers and other stakeholders. We would need data from all EU members that we could look at to provide a resistant network with a capable early warning system that would be used to keep the EU government up and running.

As a comparison, consider electricity companies - they know what’s happening on their electricity grids in real time – what areas have gone down and what they need to do to restore power. We depend on electricity and it is needed around the clock. I think a similar system is needed for the internet in Europe, but we need to exchange information at all levels involving all the stakeholders in European network security.