This document is an excerpt from the EUR-Lex website
Document 52006DC0251
Strategy for a secure information society (2006 communication)
Dan is-sommarju ġie arkivjat u mhux se jiġi aġġornat, għaliex id-dokument imqassar ma għadux fis-seħħ jew ma jirriflettix is-sitwazzjoni attwali.
Strategy for a secure information society (2006 communication)
The purpose of this Communication is to revitalise European policy on network and information security by identifying current challenges and proposing measures to tackle them. The strategy proposed by the Commission involves all relevant stakeholders and is based on dialogue, partnership and empowerment.
ACT
Communication from the Commission of 31 May 2006: A strategy for a Secure Information Society - "Dialogue, partnership and empowerment" [COM(2006) 251 final - not published in the Official Journal].
SUMMARY
Community action: overview
Up to now, the European Commission has tackled security issues in the Information Society by adopting a three-pronged approach embracing:
Community measures in this area also include:
In 2004, the Community established the European Network and Information Security Agency (ENISA). ENISA's mission is to help increase network and information security within the Community and to promote the emergence of a culture of network and information security for the benefit of citizens, consumers, businesses and public sector organisations.
These measures and initiatives are to a large extent interdependent and involve many different stakeholders, and so a coordinated strategy is called for. This Communication sets out such a strategy for developing a coherent, holistic approach to network and information security.
KEY CHALLENGES
Despite the efforts already made, security continues to pose challenges to public bodies, businesses and private users alike. The risks are often underestimated even though the relevance of information and communication technologies (ICT) for the European economy and European society as a whole is undeniable. Furthermore, other critical infrastructures are also becoming more and more dependent on the integrity of their respective information systems.
Attacks on information systems
Attacks on information systems are increasingly motivated by financial profit. Personal data are illegally mined without the user's knowledge, while the number of malware variants is increasing rapidly, as is the rate at which they are evolving. For example, spam is now used as a vehicle for spreading viruses and spyware.
Use of mobile devices
The increasing deployment of mobile devices (including 3G mobile phones, portable videogame consoles, etc.) and mobile-based network services poses new threats to security. These threats could turn out to be more dangerous than attacks on PCs as the latter already have a significant level of security.
Advent of "ambient intelligence"
Another significant development in the Information Society is the advent of "ambient intelligence", where intelligent devices supported by computing and network technology will become a ubiquitous part of everyday life in the near future. This development brings with it many opportunities, but it will also create additional security and privacy-related risks.
Raising awareness of users
In order to successfully tackle the problem of underestimating the risks, all stakeholders need reliable data on security incidents and trends.
At the same time, it is important that awareness programmes designed to highlight security threats do not undermine the trust and confidence of consumers and users by focusing only on the negative aspects of security. Network and information security should be presented as a virtue and an opportunity rather than as a liability and a cost.
THE PROPOSED APPROACH
In order to tackle the challenges presented by network and information security, the Commission proposes an approach which is based on dialogue, partnership and empowerment.
Dialogue
The Commission proposes a series of measures designed to establish an open, inclusive and multi-stakeholder dialogue:
Partnership
Effective policy making requires a clear understanding of the nature of the challenges to be tackled. This calls for reliable, up-to-date statistical and economic data. Accordingly, the Commission will ask ENISA
In parallel, the Commission will invite Member States, the private sector and the research community to establish a partnership to ensure the availability of data pertaining to the ICT security industry.
Empowerment
The empowerment of stakeholders is a prerequisite for fostering their awareness of security needs and risks, thus promoting network and information security.
For this reason, Member States are invited to
Private sector stakeholders are also encouraged to take initiatives to
COMPLEMENTARY INITIATIVES
The Commission will complement this approach with other initiatives by
Background
This Communication follows on from the " i2010- A European Information Society for growth and jobs " initiative, which aims to boost the e-economy in Europe. The i2010 initiative highlights the importance of network and information security for the creation of a single European information space.
RELATED ACTS
Communication from the Commission of 1 June 2005: "i2010 -A European Information Society for growth and employment" [COM(2005) 229 final - not published in the Official Journal].
Council Framework Decision 2005/222/JHA of 24 February 2005 on attacks against information systems.
Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency [Official Journal L 77, 13.3.2004].
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) [Official Journal L 201, 31.7.2002].
Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions of 6 June 2001: "Network and Information Security: Proposal for a European Policy Approach" [COM (2001) 298 final - not published in the Official Journal].
Communication from the Commission to the Council of 26 January 2001: "Creating a Safer Information Society by Improving the Security of Information Infrastructures and Combating Computer-related Crime" [COM(2000) 890 final - not published in the Official Journal].
Further information can be found on the Europe's Information Society portal at the European Commission's website.
Last updated: 25.07.2006