ENISA calls for more security responsibility for ISPs

The European Network and Information Security Agency (ENISA) has called on European nation states to introduce incentives for ISPs to detect and clean up infected computers on their networks.

This was one of several recommendations aimed at improving internet security in its report 'Economics of Security: Facing the Challenges'.

The report also recommends that ISPs should collect data on security incidents, and establish common ground for comparing that data with European counterparts, meaning they can benchmark one another's performance.

"European institutions should establish a common incident taxonomy and data pool of security incidents along with their impact.

"On the other hand, national authorities and sector regulators should establish benchmarking methods with a view to facilitating effectiveness and efficiency," it said.

ENISA stated that national authorities should take the lead in improving the effectiveness of this information sharing.

It added that the economic perspective of all security incidents should be considered, along with the barriers and benefits of permanently implementing this new collaborative Europe-wide scheme.

This follows the government's recently released Cyber Security Strategy, in which it described its cyber security hub. This is designed to enable information sharing on security incidents between government and private organisations.