A wider involvement with the private sector is one of the top
priorities of Udo Helmbrecht, the new executive director of Enisa,
theEuropean Network
and Information Security Agency.
The former president of the German Federal Office of Information
Security (BSI), Helmbrecht joins Enisa at a difficult time. The
five-year-old agency, which some member states never wanted, is
under review by the pan-European political institutions.
Speaking to Computer Weekly, Helmbrecht says Enisa has to
deliver at three levels: government, business and citizen. Each has
their unique needs with respect to information and network
security, and Enisa has roles to play in each, he says.
At government level it has to help European member states
improve network resilience and defences against attacks such as the
major denial of service attacks against Estonia. "That could happen
to any state," he said.
Enisa had done good work helping states set up computer
emergency response teams (CERTS), to share best practice and to
harmonise policies and strategies. Now it has to work through
other, more devolved agencies to get businesses and citizens to
adopt safe online practices, he said.
"Businesses and citizens have to be able to trust the internet
and ecommerce," he says.
Helmbrecht's path is constrained by political factors far from
Crete, where Enisa is based. "Crete is a fact of life," he says,
"but at least Europe has only two time zones to contend with,
unlike the US."
More important is the ratification of the Lisbon Treaty. This
may see Enisa repositioned from an advisory role under
Pillar one of the European Union to a more operational role
under Pillar Three.
Helmbrecht won't drawn on the possibility of Enisa becoming an
über-CERT or regulatory agency. That's for the politicians to
decide, he says. If they want Enisa to become more active in
defending Europe against cyber threats, they will have to beef up
his present 60-strong staff. "That takes taxes," he says, "and
no-one likes to pay more tax than they need to."
Enisa could also forge a role as a kind of info security
ambassador representing Europe in international forums. As the
internet enables more international transactions, so the need for
agreements and protocols between nations rises. This is especially
so when it comes to cross-border law enforcement, and technology
agreements. But Helmbrecht does not want to be drawn.
Helmbrecht wants a permanent mandate for the agency. He has
until March 2012, when the present mandate for Enisa expires, to
persuade the Euro-politicians.
"We must show that we can do for them what member states can't
do for themselves," he says. "The economy of Europe is at stake if
we do not manage (online) security matters properly and
adequately,"
Helmbrecht says that representatives of member states, including
the German ministry of the interior, have reassured him that they
believe Enisa has a useful role to play, and that it (or he) has
the necessary political support to see it through. "I'm not here to
close Enisa down," he says.