Defending Europe against cyber attack

When it really comes down to it, the UK is a world leader when it comes to information security.

Jay Heiser, research vice president for Gartner, said it himself in a recent interview with IT PRO when he said that the UK information security industry had taken "global leadership" and was something that the "local community should be proud of."

However, this rather happy situation is not the same in the rest of Europe. Many European countries simply do not have the funding and expertise to reach the level of network security that many organisations in the UK have.

Incidents such as the 2007 cyberattack on Estonia where the websites of government ministers, political parties, newspapers, banks and companies were disabled has highlighted to many European Union member states that information security is now a big priority, as an attack could cripple a country's infrastructure.

There was no organisation that the smaller European businesses could call upon to deal with any infosec problems - unlike the UK and US, where many groups focus on the problem.

ENISA

With the formation of ENISA (European Network and Information Security Agency), European member states have their own organisation, which looks to help European business communities to prevent, address and respond to network security problems.

ENISA's remit is to develop a culture of network and information security for the citizens, consumers, enterprises and public sectors of the European Union. It ultimately strives to create a centre of expertise where member states and EU institutions - including the UK - can seek advice on matters relating to network and information security.

ENISA was established in 2004 by the European Parliament. Originally set up in Brussels, like many EU agencies, it has since moved to Heraklion, an island of Crete in Greece where it now has its current base. It started operations in September 2005.

How big is the security problem in Europe?

ENISA admitted that it currently doesn't know how big the information security problem is in Europe. Though that is the crucial question that many member states asked, as it would give them some clue about how many resources were needed to deal with the problem, ENISA had no answer.

"We don't know how big the problem is," said Ronald De Bruin, head of the cooperation and support department at ENISA. "The reasons are that many organisations are reluctant to affect their brand image. It is also difficult to report because people do not know how and to whom they should report to the police, IT support managers, etc."

He also said that many reports came from corporate organisations which had an interest in giving certain high figures in order to stimulate their business. It was difficult to quantify the results and come to any conclusions about the scale of the European information security problem.