UK a cyber security leader in the EU

Thursday, March 18, 2010

A House of Lords committee has found the UK is "reasonably well placed" to deal with cyber attacks.

The House of Lords European Union Committee's report looked at the UK's capabilities for cyber defence and the wider role of the EU in this area.

It praised the UK's cyber security efforts, saying the country is "thought to be a leader among [EU] member states, with developed practices that set benchmarks for others to adapt".

The report's focus on the EU found the committee believed the EU should not be responsible for the national security of members states, but it is a matter of "legitimate concern" to the EU.

It called on the UK to put pressure on the EU to organise a pan-European cyber security exercise. The report added that involving the US and NATO would also be of benefit.

The government and EU should also be giving greater attention to the development of international rules to discourage the launching of proxy attacks from within the jurisdiction of some of the main users of the internet, the committee said.

Establishing Computer Emergency Response Teams (CERTs) – like what the UK already has established – in every EU member state was also recommended by the report. The report said where there are too few or inadequate CERTs, nations should be encouraged to set them up.

The EU's cyber security agency, ENISA, also came under fire following an investigation into why the agency was located on the small Greek island of Crete.

"We are convinced that the decision to site ENISA at Heraklion was not taken on the basis of a careful cost/benefit analysis, and it has led and continues to lead to problems over the recruitment and retention of staff, and over the scheduling of meetings," the report said.

Lord Jopling, chairman of the sub-committee on home affairs, said: "We believe strongly that the government and the EU should be giving greater attention to how cyber-security could be developed on a global basis. The internet has no borders, and it is important that any proposals from the EC are considered in a global context.

"A first step must be better cooperation with NATO. The EU and NATO have similar interests in defence against cyber-attacks and work in similar ways, yet there is virtually no communication between them. There must be cooperation rather than duplication.

"Further to this, broadening the dialogue with other major international players, such as the US, Russia and China will be essential if we are to become more robust in our defences against cyber attacks."