The report analyses rules, policies and practices, which EU member States and EFTA countries develop and deploy, in order to enhance the resilience of communication networks. It provides high level and context specific recommendations to both policy and decision makers. The report concludes with a list of identified good practices. The study was done in the context of ENISA’s program on Resilience of public communication networks.
The report recommends that:
- Member States may consider soft-law instruments (e.g. good practices and recommendations) as a means to intervene in the market
- Member States may consider simplification and harmonisation of competences (abilities, faculties) and tasks of relevant national authorities
- Member States may consider developing and implementing an integrated and holistic national risk management process
- Member States should consider assessing the degree of operators’ adherence to preparedness measures
- Each Member State must establish one national Computer Emergency Response Team, i.e. 'CERT'
- Member States expressed the need for more good practice guidance on emerging policy issues (e.g. trusted information sharing exchanges, incident reporting, exercises)
- The European Commission should consider the development and implementation of a coherent pan European strategy based on Member States’ experiences
The Agency commented:
“This work underpins Member States’ efforts to debate and co-operate on this issue in a more structured manner. ENISA firmly responds to Member States needs by developing good practices on information sharing, incident reporting and exercises”
These results constitute the basis of ENISA’s contributions to the European Commission (or EU) strategy on Critical Information Infrastructure Protection (CIIP). This strategy builds on some of these recommendations and calls for ENISA’s active role in a number of crucial areas.