Cyber security refers to security of the cyberspace which is a complex issue since cyberspace lacks any delimited frontiers. The users of cyberspace can vary from individuals to organisations or machines while the infinite number of access points and numerous connections to other infrastructures makes it indistinct.
There are several threats to cyber security; cyberspace can be exploited for malicious or criminal behaviour such as identity stealing or electronic money laundering, it can be subject to human errors or simply technical problems such as electrical collapse or data flooding. The EU decision makers are aware of the vulnerability of cyberspace no EU cyber security policy has yet been adopted whereas Member States’ national programmes are conspicuous by their absence. This means that while cyberspace has become the major enabler in our societies, it simultaneously demonstrates one of the major weaknesses in EU policies.
The EU legal framework
In Europe, the cyber security policies are still young but some major initiatives have been adopted. Among the others, in 2011, the Commission Communication on Critical information Infrastructure Protection highlighted the following:
- Pan-European cooperation should be reinforced by the creation of a minimum level of capabilities and services for National/Governmental CERTs (Computer Readiness Emergency Teams) and incident response operations
- European Public Private Partnership for Resilience should be fostered on security and security and resilience objectives, baseline requirements, good policy practices and measures
- European Forum for information sharing between Member States should be established to share information and good policy practices on security and resilience
- European Information Sharing and Alert Systems (EISAS) should be developed and deployed so that they reach citizens and SMEs.
- National contingency planning and exercises should be organised on a regular basis for large scale networks security incident response and disaster recovery
- Pan European exercises on large-scale network security incidents will be financially supported by the Commission, and which may constitute the operational platform for pan-European participation in international network security incidents exercises
- Reinforced cooperation between national/governmental CERTs should be strengthened by leveraging and expanding existing cooperation mechanisms.
CORTE activities in cyber-security include the CYSPA project.