Towards a Strengthened Network and Information Security in Europe Questionnaire

The European Commission started a call for comments concerning issues towards a Strengthened Network and Information Security in Europe. We still have to decide whether to give them a joint response. This page is there to draft our response which should be done until January 9th. 2009. Please discuss things on the discussion page.

To be taken into account

• The EC consultation must be answered in this page; however, one has only 90 minutes available to do it so do not enter that page until this draft is completed.
• Please note that many of the issues questioned are out of PPI bounds; however, as security policies on the Internet may affect civil rights and liberties, we can nevertheless contribute with our viewpoint concerning how to avoid that such policies lessen civil rights and liberties within the EU.
• Please note that most of the issued questions are optional; only questions 1, 2 & 10 would be compulsory.
• Please read the background papers before start answering the issued questions.

Draft

This is still a draft. If you don't agree to some of the responses or know better formulations, just edit it!

Cover letter

The Pirate Party International is a political umbrella organization for Pirate Parties around the world. The first Pirate Party was founded in Sweden. What joins them is that they all have a critical view on how some aspects of copyright, patents, restriction on free information and erosion of civil rights and liberties are being handled by today by politicians.

The Pirate Parties are composed of individuals - among them: musicians, songwriters, writers, graphical artists, software developers and many copyright-related professional groups which are or could be legitimate stakeholders for levies. Because of its background and history, the pirate movement has developed a special point of view for copyright issues and levies.

Questionnaire

(Compulsory question) 1) Do you wish your contribution to be made public?

OPTION ONE: Yes (your contribution and name, country and organisation (if applicable) will be published

OPTION TWO: No, I object to the publication of my name, country and organisation (if applicable), I request the publication of my contribution in anonymous form (on the grounds that publication of this personal data would harm my legitimate interests)

(Compulsory question) 2) Are you replying on behalf of yourself or on behalf of an organisation (company, trade group, public body, interest group, consumer association, academic/research institution, etc)

OPTION ONE: On my own behalf

DISCARDED: we would reply this as PPI.

OPTION ONE: On behalf of an organisation

APPROVED: we would reply this as PPI.

Questions on the challenges to network and information security

(Optional question) 3) Electronic networks and services constitute the nervous system of our society and the economy, and recent large scale cross-border cyber attacks, for example in Estonia, have highlighted our dependence on them. In this context, what are the major challenges for network and information security to be considered at the national, EU and international level, in particular with regard to resilience of electronic communication networks and information infrastructures?

Questions on the priorities of a possibly modernised network and information security policy

(Optional question) 4) Given the importance of electronic networks and services for society and the economy, what should be the three key priorities for policy to address the evolving challenges to network and information security at the EU and the international level?

(Optional question) 5) Member States have a key role and overall responsibility in guaranteeing the security and continuity of critical services for citizens and businesses. In this context, what should be the focus of future EU policy in order to: •enhance cooperation at the EU level between national competent bodies; and •achieve a holistic, all-encompassing approach to network and information security; •reinforce the synergy between measures focusing on prevention and resilience (“first pillar”) and measures supporting judicial and law enforcement cooperation (“third pillar”)?

(Optional question) 6) The security and resilience of the Internet is a joint responsibility of all stakeholders, including operators, service providers, hardware and software providers, end-users, public bodies and national governments. This responsibility is shared across geographical boundaries, in particular when responding to large-scale cyber attacks. In this context, what role should the EU play to strengthen the preparedness of the key stakeholders?

(Optional question) 7) Because of the global nature of the Internet, each and every country has a degree of inter-dependence with other countries, not least when responding to large-scale cyber attacks. How can we support trans-national cooperation in the EU to cope with evolving network and information security challenges?

Questions on the means needed to address the challenges

(Optional question) 8) What instruments are needed at EU level to tackle the challenges and support the policy priorities in the field of network and information security? In particular, what instruments or mechanisms are needed to enhance preparedness to handle large scale cyber disruptions and to ensure high levels of security and resilience of electronic networks and infrastructures?

(Optional question) 9) A strong and effective European incident response capability could be a key element of ensuring fast responses to cyber attacks and speedy recovery from disruptions. Building upon initiatives at national level, what EU instruments or actions could be considered to reinforce incident response capability?

(Compulsory question) 10) In 2004, the creation of the European Agency for Network and Information Security (ENISA) was an important step in promoting an EU-wide cooperation in the field of network and information security. Given the evolving network and information security challenges, is an Agency still the right instrument to “enhance the capability of the Community, the Member States and, as a consequence, the business community to prevent, address and respond to network and information security problems”?

OPTION ONE: If yes, what should be the mandate and the size of such an Agency to successfully meet this objective?

OPTION TWO: If no, what are the alternatives that should be considered?

(Optional question) 11) Given the shared responsibility of stakeholders for Internet security and resilience, what are the most appropriate instruments to foster international dialogue and cooperation? In particular, what instruments are required to nurture cross-border public-private partnerships to ensure the good functioning of today’s electronic networks and infrastructures?

Links

• Consultation page

Background papers

• Introduction
• The policy context
• Registration in the Interest Representative Register (only for private organisations)
• Contact details:
  • European Commission
  • Directorate General for Information Society
  • Unit A3 - Internet; Network and Information Security
  • B-1049 Brussels, Belgium
  • TSNISEQ e-mail
• Publication of the contributions