EC shows leadership on security

European Commission is urging industry and the public sector to shore up security

As part of a new Europe-wide IT security initiative, the European Commission (EC) is urging the public sector and industry to step up efforts to protect their equipment from attacks and to share their knowledge and experience.

In a policy document the EC expressed concerns about the increasing problems of malware, data breaches and potential vulnerabilities in mobile devices. European commissioner Viviane Reding called for “a renewed strategy based on dialogue, partnership and empowerment”.

The EC’s proposals include the benchmarking of policies related to national IT security, so the best can be used as models by member states. The document also encourages firms to see IT security as an asset instead of a “negative cost”. It calls on businesses to invest in training and to make more use of certification schemes for security products and services.

The European Network and Information Security Agency (Enisa) was singled out by the EC to develop a framework to collect data on security incidents and to investigate the feasibility of an online EU portal to provide threat data and security alerts.

Enisa executive director Andrea Pirotti said that sharing information across Europe would make all stakeholders more aware of security issues.

But Graham Titterington of analyst Ovum argued that time and budgetary constraints mean most firms would find it difficult to follow all the suggestions without support. “The best thing for the European Commission to do is to promote training and awareness-raising projects,” he added.