Closed Consultations

EU Network and Information Security legislation

I’ve submitted a Janet response to a European consultation on a future EU Network and Information Security legislative initiative. The consultation itself seems to suffer from “if you only have a hammer” syndrome: if you’re a legislator then it must be tempting to think that all problems (lack of reporting of “cybercrimes”, insecure end-user computers, etc.) can be solved by legislating. Our response suggests that it may be more productive to deal with the why and how – show organisations and individuals the benefits of being secure, and explain how they can do it.

The good news is that in a number of areas there is now evidence of that working: I’ve pointed out end-user services such as GetSafeOnLine and Germany’s anti-botnet service. It was also recently reported that most of the reports of privacy breaches to the UK’s Information Commissioner are now voluntary: organisations that don’t have a legal duty to report breaches are nonetheless seeking the Commissioner’s help when they happen. Reporting, whether of breaches or attacks, seems much more likely to work where reporters see direct  benefits in terms of improved information and guidance on securing their own systems, as in ENISA’s new report on major outages in European telecommunications services.

By Andrew Cormack

I'm Chief Regulatory Advisor at Jisc, responsible for keeping an eye out for places where our ideas, services and products might raise regulatory issues. My aim is to fix either the product or service, or the regulation, before there's a painful bump!

Leave a Reply

Your email address will not be published. Required fields are marked *