The need for a functional network of n/g CERTs in Europe by the end of 2012 was established in several EU documents (Digital Agenda for Europe/EU’s Internal Security Strategy/the CIIP Communication). The Status Report 2012 states that the key obstacle to cross-border cooperation and incident response is the diversity of capabilities across Member States. Some teams do not have an ‘adequate level of maturity’ compared with the teams in other Member States. Four baseline capabilities constitute the focus of the report:
Excerpts of key findings for n/g CERTs;
1. Mandate & strategy:
-Most n/g CERTs have a clear role and mandate, yet the details and form vary greatly across the EU.
-A great deal of work needs to be done regarding the proper inclusion of n/g CERTs in national cyber-security strategies; presently, less than 50% of the Member States have such strategies.
2. Service portfolio:
The scope of support depends on the type of constituent: key constituents (e.g. governmental bodies) receive the complete service portfolio. The valuable cyber security expertise of n/g CERTs is also highly sought by law enforcement agencies and other stakeholders.
3. Operational capability:
More than 80% employ 6–8 full-time staff, which is the minimum level necessary for acceptable services. However, in smaller teams, staff have multiple roles, which is a barrier to specialisation. In particular, n/g CERTs report difficulties in hiring digital forensics and reverse engineering specialists.
4. Cooperation capability:
As large-scale cyber-incidents necessitates both national and international management, n/g CERTs are well anchored in international structures like (FIRST, TF-CSIRT, EGC, Trusted Introducer, APWG or ENISA workshops).
The Executive Director of ENISA, Professor Udo Helmbrecht, stated; “These two reports show that while great progress has been made in Europe recently, more work is necessary to bridge the different maturity levels of CERTs. The identified challenges: questions of clarity of governmental CERT roles and responsibilities, lack of funding and missing resources such as highly specialised IT, legal, and PR experts must be addressed. These challenges need to be resolved by many parties: legislators, CERT teams, cooperation partners and international organisations.”
For full reports:
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!