Information society, eEurope 2005: European network and information security Agency

PURPOSE : to present a proposal for a Regulation establishing the European Network and Information Security Agency. CONTENT the European Parliament, the Council, and the Commission are advocating closer European co-ordination on information security. The setting up of an entity with a legal personality would be the most efficient way to achieve this objective. The proposal reflects a number of concerns that were expressed during the consultation with the Member States such as the trustworthiness, competence, efficiency and consistency of the proposed Agency. The broad objective of the Agency is to create a common understanding in Europe of issues relating to information security that is necessary to ensure the availability and security of networks and information systems in the Union. To meet this objective the definition of network and information security has to be wide and cover all activities that can have adverse effects on the security of networks and information systems. The Agency shall: - provide assistance in the application of Community measures relating to network and information security. The assistance it provides shall help ensure interoperability of information security functions in networks and information systems, thereby contributing to the functioning of the Internal Market; - enhance the capability of both Community and Member States to respond to network and information security problems. The Agency will play a key role for the security of Europe's networks and information systems and the development of the information society in general; - have advisory and co-ordinating functions, where data on information security is gathered and analysed. Today both public and private organisations with different objectives gather data on IT-incidents and other data relevant to information security. There is, however, no central entity on European level that in a comprehensive manner can collect and analyse data and provide opinions and advice to support the Community's policy work on network and information security; - serve as a centre of expertise where both Member States and Community Institutions can seek advice on technical matters relating to security; - further contribute to a broad co-operation between different actors in the information security field, e.g. to assist in the follow-up activities in support of secure e-business. Such co-operation will be a vital prerequisite for the secure functioning of networks and information systems in Europe. The participation and involvement of all stakeholders is necessary; - contribute to a co-ordinated approach to information security by providing support to Member States. To ensure interoperability of networks and information systems, the Agency will also provide opinions and support for harmonised processes and procedures in the Member States when applying technical requirements that affect security. Not only legal requirements, but to a large extent technical requirements can affect the interoperability and create obstacles to the well functioning Internal Market; - further play a supportive role in the identification of the relevant standardisation needs, and in the promotion of security standards and certification schemes and of their widest possibleuse by the Commission and the Member States in support of the European legislation. As the network and information security issues are global there is also a need for international co-operation in this field. The Agency will provide support for the Community contacts with relevant parties in third countries. The Agency will be managed by an Executive Director who possess a high degree of independence and flexibility and who will be responsible for the internal functioning of the Agency.�