Achieving Effective Cross-Border Information Exchange Between 'Digital Fire Brigades'
Report analyzes effects of information sharing
December 17, 2011
PRESS RELEASE
BRUSSELS and HERAKLION, Greece, December 16, 2011 /PRNewswire/ --
The EU's "cyber security" Agency ENISA has published a study [http://www.enisa.europa.eu/act/cert/support/legal-information-sharing ] into legal and regulatory aspects of information sharing and cross-border collaboration of national/governmental CERTs (Computer Emergency Response Teams) in Europe. The report analyses what effects these aspects have on cross border information sharing between CERTs. The conclusion is that there exists a delicate balance of investigating, managing and mitigating computer incidents, whilst respecting rights and obligations provided for by certain legal and regulatory frameworks, including data protection and privacy provisions.
CERTs are crucial in cross border co-ordination of computer incidents and in order to perform their important role they need to exchange information. Cross border information exchange requires complex legal factors to be considered. CERTs in different countries have differing legal grounds to request from and transmit information to other teams. Furthermore, the information exchanged might be personal data and therefore subject to specific privacy provisions. In addition, CERTs, including national/governmental CERTs, have varying mandates. The study [http://www.enisa.europa.eu/act/cert/support/legal-information-sharing ] identifies these legal and regulatory factors, and performs an assessment of what effects they have on cross-border information sharing between CERTs. Among others, one of the findings of this study is that, in practice, data protection, data retention, and obligations to work with law enforcement are the greatest challenges for cross-border CERT co-operation.
The Executive Director of ENISA, Professor Udo Helmbrecht [http://www.enisa.europa.eu/about-enisa/structure-organization/executive-director/ed_cv-helmbrecht_fr ] , comments: "CERTS have to perform a delicate balancing act between investigating, managing, and mitigating incidents, and at the same time protecting privacy, data, and integrity. Clearly, cross border exchange of information should not be considered as a risk to fundamental rights, as exchanges are a precondition for effective response to cyber ICT incidents, as well as to protect these very rights. Poor cyber security can in effect undermine the exercise of your human rights."
Samples of medium/long term policy intervention recommendations include:
- Clarification of the differences between national legal frameworks; - Adoption of EU legislation that takes account of the scope of national/governmental CERTs; - Specification of a threshold for incidents requiring national/governmental CERT response & information sharing; - Explanation of why CERTs need to process personal data for relevant authorities to establish clarity under what circumstances this data may be shared across borders; - Inclusion of information on the legal basis for information requests.
For FULL REPORT [http://www.enisa.europa.eu/act/cert/support/legal-information-sharing ]
Read more about:
2011You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024