Fighting Cyber Threats; Plugging the Gaps. EU Agency Launches Report on Proactive Detection of Cyber Security Incidents to Make "Digital Fire-Brigades" More Effective

Page 1
Fighting Cyber Threats; Plugging the Gaps. EU Agency Launches Report on Proactive Detection of Cyber Security Incidents to Make "Digital Fire-Brigades" More Effective

BRUSSELS and HERAKLION, Greece, December 7, 2011/PRNewswire/ --

    The Agency today launches a report
[http://www.enisa.europa.eu/act/cert/support/proactive-detection ] which identifies 16
shortcomings in detection of network security incidents. The report reveals that not all
available tools are used widely enough by the "digital fire-brigades", the Computer
Emergency Response Teams (CERTs) to effectively fight cyber threats. Therefore, the Agency
issues 35 recommendations to data providers, data consumers, and at EU/national levels to
mitigate the shortcomings.

    The study [http://www.enisa.europa.eu/act/cert/support/proactive-detection ] has
identified that the CERTs are currently not fully utilizing all possible external sources
at their disposal. Similarly, many CERTs neither collect, nor share incident data about
other constituencies with other CERTs. This is concerning, as information exchange is key
to effectively combating malware and malicious activities, which is extremely important in
fighting cross-border cyber threats.

    Shortcomings. The 16 shortcomings in detection of incidents are examined in depth. Top
technical gaps include insufficient data quality (false positives in provided data, poor
timeliness of delivery), lack of standard formats, tools, resources and skills. The most
important legal problem involves privacy regulations and personal data protection laws
that hinder information exchange.

    "National/government CERT managers should use the report to overcome identified
shortcomings, by using more external sources of incident information, and additional
internal tools to collect information to plug the gaps" says the Agency Executive
Director, Professor Udo Helmbrecht
[https://www.enisa.europa.eu/about-enisa/structure-organization/executive-director ].

    35 recommendations to mitigate the shortcomings. For data providers, the key
recommendations focus on how to better reach CERTs, better data format, distribution, as
well as data quality improvement. For data consumers, they include additional activities
by a CERT to verify the quality of data feeds, and specific deployments of new
technologies recommended. Finally, at the EU or national level balancing of the privacy
protection and security needs is necessary, as well as facilitating the adoption of common
formats, integration of statistical incident data, and research into data leakage
reporting.

    Background: Proactive detection of incidents is the discovery of malicious activity,
before the complaints and incident reports about it are received. As such, it is a
cornerstone for an efficient CERT services portfolio. It can greatly boost a CERT's
efficiency in operations, thus strengthening CERT's Incident Handling capability which is
one of the core services of national / governmental CERTs
[http://www.enisa.europa.eu/act/cert/support/files/baseline-capabilities-of-national-governmental-certs-policy-recommendations ]
.

    For full report [http://www.enisa.europa.eu/act/cert/support/proactive-detection ]

    Background:Digital Agenda for Europe, action 38
[http://ec.europa.eu/information_society/newsroom/cf/fiche-dae.cfm?action_id6&pillar_idE&action¬tion%2038%3A%20Member%20States%20to%20establish%20pan%2DEuropean%20Computer%20Emergency%20Response%20Teams ]

Source: ENISA - European Network and Information Security Agency

For interviews: Ulf Bergstrom, Spokesman, ENISA, press@enisa.europa.eu, Mobile: +30-6948-460-143 or Agris Belasovs, or Andrea Dufkova, CERT-Relations@enisa.europa.eu