A wider involvement with the private sector is one of the top priorities of Udo Helmbrecht, the new executive director of Enisa, the European Network and Information Security Agency.
The former president of the German Federal Office of Information Security (BSI), Helmbrecht joins Enisa at a difficult time. The five-year-old agency, which some member states never wanted, is under review by the pan-European political institutions.
Speaking to Computer Weekly, Helmbrecht says Enisa has to deliver at three levels: government, business and citizen. Each has their unique needs with respect to information and network security, and Enisa has roles to play in each, he says.
At government level it has to help European member states improve network resilience and defences against attacks such as the major denial of service attacks against Estonia. "That could happen to any state," he said.
Enisa had done good work helping states set up computer emergency response teams (CERTS), to share best practice and to harmonise policies and strategies. Now it has to work through other, more devolved agencies to get businesses and citizens to adopt safe online practices, he said.
"Businesses and citizens have to be able to trust the internet and ecommerce," he says.
Helmbrecht's path is constrained by political factors far from Crete, where Enisa is based. "Crete is a fact of life," he says, "but at least Europe has only two time zones to contend with, unlike the US."
More important is the ratification of the Lisbon Treaty. This may see Enisa repositioned from an advisory role under Pillar one of the European Union to a more operational role under Pillar Three.
Helmbrecht won't drawn on the possibility of Enisa becoming an über-CERT or regulatory agency. That's for the politicians to decide, he says. If they want Enisa to become more active in defending Europe against cyber threats, they will have to beef up his present 60-strong staff. "That takes taxes," he says, "and no-one likes to pay more tax than they need to."
Enisa could also forge a role as a kind of info security ambassador representing Europe in international forums. As the internet enables more international transactions, so the need for agreements and protocols between nations rises. This is especially so when it comes to cross-border law enforcement, and technology agreements. But Helmbrecht does not want to be drawn.
Helmbrecht wants a permanent mandate for the agency. He has until March 2012, when the present mandate for Enisa expires, to persuade the Euro-politicians.
"We must show that we can do for them what member states can't do for themselves," he says. "The economy of Europe is at stake if we do not manage (online) security matters properly and adequately,"
Helmbrecht says that representatives of member states, including the German ministry of the interior, have reassured him that they believe Enisa has a useful role to play, and that it (or he) has the necessary political support to see it through. "I'm not here to close Enisa down," he says.