BRUSSELS -- ENISA is presenting the first feasibility study on a European Information Sharing and Alert System (EISAS) to inform SMEs and citizens in the European Union (EU) on threats, vulnerabilities and attacks. The feasibility study concludes that the most optimal way for the EU to facilitate the information sharing is to assume the role of a facilitator, moderator of discussion and a keeper of good practice between national information sharing and alert systems, rather than taking a central, operational function by itself. The proposed next steps and a proof of concept scenario are also outlined.
After careful analysis of various perspectives, an operational role for the EU is deemed as unsuitable. A decentralised system on a national basis is more effective, as technical/organisational, cultural/social, and political obstacles make other, centralised operational approaches less feasible. The main proposed scenario for the EU includes the role to:
Act as a clearinghouse for good practice to support new national systems in the Member States. Act as a fosterer and facilitator of discussions between the national ISAS in the Member State, to achieve the following goals: help the existing activities to learn from each other, continuously update the good practice collection, and together identify fields or areas to improve the service level of all activities Act as an analyst of the collected good practice and, if appropriate, propose areas of optimisation
Why are citizens and SMEs in focus? The Executive Director of ENISA, Mr. Andrea Pirotti comments that computers of home-users and SMEs are the most popular targets for targeted attacks, as they often are considered easy victims. On the other hand SMEs are important to Europes economic growth. However, due to size, SMEs rarely employ dedicated security personnel for protecting information assets.