Categories
Articles

Can Internet Stability be Regulated?

A wide-ranging panel discussion at the TERENA Networking Conference considered the stability of the Internet routing system at all levels from technology to regulation. The conclusion seemed to be that at the moment the Internet is stable because two systems, technical and human, compensate effectively for each others’ failings. While improvements to increase stability may […]

Categories
Articles

Critical Cloud Computing

ENISA’s Critical Cloud Computing report examines cloud from a Critical Information Infrastructure Protection (CIIP) perspective: what is the impact on society of outages or attacks? The increasing adoption of the cloud model has both benefits and risks. A previous ENISA report noted that the massive scale of cloud providers makes state of the art security […]

Categories
Closed Consultations

EU Network and Information Security legislation

I’ve submitted a Janet response to a European consultation on a future EU Network and Information Security legislative initiative. The consultation itself seems to suffer from “if you only have a hammer” syndrome: if you’re a legislator then it must be tempting to think that all problems (lack of reporting of “cybercrimes”, insecure end-user computers, […]

Categories
Closed Consultations

EC Internal Security Strategy

The European Commission have recently published a more detailed action plan to support their draft Internal Security Strategy from earlier this year (that’s “internal” as in “within the continent”, by the way!). Most of the strategy covers physical security, including natural and man-made disasters, but one of the five strategic objectives is to “Raise levels […]

Categories
Articles

House of Lords looks at network resilience and CERTs

On Tuesday I was invited with Chris Gibson of FIRST to give evidence to the Home Affairs Sub-Committee of the European Affairs Committee of the House of Lords. They are currently looking at the European Commission’s proposals to protect Europe from large-scale Cyberattacks. We spent an hour and a half explaining what CERTs are, how […]