As an input to its activities on economics of network and information security (NIS), ENISA commissioned a study identifying barriers and incentives for NIS. The overarching aim of the report is to analyse the economic impact of NIS, to assess added value and contribute to the smooth functioning of the Internal Market for e-communication.
In August 2007, ENISA tendered the study related to the overall subject matter of "Barriers and Incentives for Network and Information Security (NIS) in the Internal Market for e-Communication" – as foreseen by and in accordance with ENISA Work Programme 2007 Chapter 2 "Facilitating the Working of the Internal Market for e-Communication".
In December 2007, ENISA held a consultation workshop in Brussels (Belgium) on the same subject matter. The half-day workshop aimed at launching a discussion among relevant stakeholders so as to ensure their input to the report tendered out by ENISA. It brought together representatives from all relevant stakeholder groups, i.e. EU and national decision-makers, industry and consumer representatives, academia and think tanks, as well as international organisations.
The report “Security Economics and the Internal Market”
In February 2008, the final report entitled "Security Economics and the Internal Market" by Prof. Ross Anderson, Rainer Böhme, Richard Clayton and Tyler Moore was submitted to ENISA.
The principal objectives of the report are:
- To identify existing economic barriers for addressing Network and Information Security (NIS) issues in a single, open and competitive Internal Market for
- To assess these barriers’ potential impact on the smooth functioning of the Internal Market for e-communication;
- To identify and analyse incentives (regulatory, non-regulatory, technical, educational, etc.) for lifting those barriers identified as causing distortion of the smooth functioning of the Internal Market for e-communication;
- To provide a range of recommendations to relevant actors (decision-makers both at EU and national level, industry, academia, etc.) for policy options, possible follow-up actions and initiatives.
The report identifies relevant groups of stakeholders and assesses their role and responsibilities. In addition, the report offers explanatory and where possible causal linkages.
In inviting comments from stakeholders, ENISA aimed at stimulating wide-ranging, multi-stakeholder feedback on the report and its recommendations on incentives for the application and implementation of Network and Information Security. The report provides an initial assessment of NIS in the Internal Market for e-Communication as it is today and discusses possible directions for future policy priorities.
Based on the Report "Security Economics and the Internal Market" and its recommendations, ENISA asked a series of guiding questions on the Internal Market for e-Communication and incentives for removing remaining barriers to address NIS related issues. The Agency received responses from a wide range of sources on those questions that are of concern to them.
The views expressed and questions published here are of a preliminary nature. They have been derived from the contractor’s final report and do not necessarily reflect an official position of ENISA. The following stakeholder comments on the report and its recommendations will be used as input to ENISA activities in the area of economics of Network and Information Security (NIS).
The individual comments received are given below:
|LONAP||Euro-IX||Logica Denmark||Polish Ministry of F.A.||Netnod|
|AMSIX||Fisrt Vendor SIG||Malta Comms Authority||NASK||Vizuri|
Evaluation of Stakeholder Replies
Subsequent to the publication of non-confidential stakeholder replies and comments on the report "Security Economics and the Internal Market" by Prof. Ross Anderson et al., ENISA carried out an in-depth analysis of comments received from stakeholders.
In a follow-up document, ENISA will draw conclusions based on the report "Security Economics and the Internal Market", on replies received by stakeholders commenting on the report and its recommendations, and on the evaluation of the latter. In deciding on potential follow-up activities and initiatives, ENISA may be able to single out issues / recommendations identified by stakeholders as “important” and/or “desirable” at an EU level in order to remove remaining barriers and to further specify incentives for network and information security.
Consultation of and input by all ENISA stakeholder groups has been – and will continue to be – of utmost importance throughout the whole process.
ENISA Conclusions on Follow-up Activities
ENISA is drawing conclusions based on the"Security Economics and the Internal Market" report and on the replies received by stakeholders commenting on the report and its recommendations, and on the evaluation of the latter.
In deciding on potential follow-up activities and initiatives, ENISA was able to single out some issues/recommendations which were identified by stakeholders as “important” and/or “desirable” to be addressed at EU level in order to remove still existing barriers and to further specify incentives for network and information security.
If you would like more information please contact the ENISA Stakeholders Relations team.