ENISA criticises lack of international cohesion on cyber security

Agency demands greater international collaboration and better information sharing between public and private sectors

The European Network and Information Security Agency (ENISA) has criticised the level of strategic international cohesion on cyber security, stating that the lack of common understanding hampers collaboration.

This view was expressed in a new document released by the agency this week, which gives some preliminary recommendations from research conducted towards the production of ENISA's Good Practice Guide, to be published later this year.

"At both the European level and international level, a harmonised definition of cyber security is clearly lacking. The understanding of cyber security and other key terms varies considerably from country to country," ENISA commented in the report.

"This influences the different approaches to cyber security strategy among countries. The lack of common understandings and approaches between countries may hamper international co-operation, the need of which is acknowledged by all countries."

The agency recommended that member states make more effort to work together, and with the EC itself.

"[States should] collaborate with other member states and with the European Commission to ensure the cross-border and global nature of cyber security is addressed in a coherent fashion."

It added that the public and private sectors across Europe need to improve its data sharing and strategic collaboration.

"The public and private sectors should work closely together to implement cyber security strategies. This should be done through the sharing of information, deployment of good practices (eg on incident reporting and handling), and through national and pan-European exercises."

The UK government is in the process of trialling its cyber security hub, designed to promote this cross-sector collaboration, but it is in an early stage and has been criticised for being behind other countries such as the US.

ENISA also stated it is developing an internet security strategy for Europe. It described the objectives as:

  • To describe the main risks and challenges, as well as the economic and geopolitical opportunities;
  • To compare states of preparedness or political attention given to the topic in other countries;
  • To describe the major issues at stake, or problems to be addressed; and
  • To assess the on-going or planned actions and highlight areas where more EU action is needed.