European security agency Enisa has released a new report urging member states to develop an EU-level crisis management plan for future cyber incidents, in the manner of other sectors such as aviation and counter-terrorism.
The agency’s Report on Cyber Crisis Cooperation and Management arose from a feeling that the region still lacks a harmonized framework to respond to a major cyber incident of the sort which hit Estonia in 2007.
Following that series of attacks, which caused widespread online disruption to the country, there followed a series of European-level initiatives such as the creation of the EU Cybersecurity Strategy, the Digital Agenda for Europe, and the Cyber Europe exercises.
However, Enisa asserted in the report that the cybersecurity space would benefit from following crisis management best practice in sectors such as aviation, border control, civil protection, counter terrorism and disease control.
It makes five recommendations, the key ones being to develop and formally adopt an EU-level crisis management plan for cyber, and to create a pool of cyber experts to facilitate better sharing of info and best practices.
Also on the list is to develop and adopt EU-level cyber standard operating procedures (SOPs); and to design and develop a region-wide, European Commission-funded cyber crisis cooperation platform.
The final recommendation is for the Commission and member states to revisit crisis management legislation so that it focuses not only on mitigation of the impacts but also the causes of incidents.
“The message we try to pass with this study is that the effective mitigation of any type of crisis caused by cyber incidents does not only depend on the mitigation of the impacts of that crisis,” explained Enisa executive director, Udo Helmbrecht, in a statement.
“It depends also very much on the effective mitigation of the cyber incidents which caused it. Today, EU decision-makers are in the privileged position to take action before such a cyber crisis occurs; this study offers insight into what can be done.”