Posts relating to the European Network and Information Security Directive (2016/1148)
A wide-ranging panel discussion at the TERENA Networking Conference considered the stability of the Internet routing system at all levels from technology to regulation. The conclusion seemed to be that at the moment the Internet is stable because two systems, technical and human, compensate effectively for each others’ failings. While improvements to increase stability may […]
ENISA’s Critical Cloud Computing report examines cloud from a Critical Information Infrastructure Protection (CIIP) perspective: what is the impact on society of outages or attacks? The increasing adoption of the cloud model has both benefits and risks. A previous ENISA report noted that the massive scale of cloud providers makes state of the art security […]
I’ve submitted a Janet response to a European consultation on a future EU Network and Information Security legislative initiative. The consultation itself seems to suffer from “if you only have a hammer” syndrome: if you’re a legislator then it must be tempting to think that all problems (lack of reporting of “cybercrimes”, insecure end-user computers, […]
The European Commission have recently published a more detailed action plan to support their draft Internal Security Strategy from earlier this year (that’s “internal” as in “within the continent”, by the way!). Most of the strategy covers physical security, including natural and man-made disasters, but one of the five strategic objectives is to “Raise levels […]
On Tuesday I was invited with Chris Gibson of FIRST to give evidence to the Home Affairs Sub-Committee of the European Affairs Committee of the House of Lords. They are currently looking at the European Commission’s proposals to protect Europe from large-scale Cyberattacks. We spent an hour and a half explaining what CERTs are, how […]