Last updated: 
2 months 3 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

EC Internal Security Strategy

Wednesday, July 4, 2012 - 16:51

The European Commission have recently published a more detailed action plan to support their draft Internal Security Strategy from earlier this year (that's "internal" as in "within the continent", by the way!). Most of the strategy covers physical security, including natural and man-made disasters, but one of the five strategic objectives is to "Raise levels of security for citizens and businesses in cyberspace". Having given evidence on CSIRTs to the House of Lords sub-committee last year, I've been asked for JANET's comments on this new paper as well.

Each of the three Actions for cyberspace on pages 9 and 10 recommends both improvements in provision within countries and the creation of a pan-European body. In each case we've suggested that the role of the pan-European body should be to identify and promote best practice and help countries implement it locally, rather than involving itself in individual operations.

Thus on dealing with cyber-attacks it's good to see more encouragement for filling in the gaps in CSIRT coverage but the proposed European Information Sharing and Alert System (EISAS) should help countries to create national resources like GetSafeOnline, rather than trying to create a single poly-lingual site for all EU citizens. On empowering citizens there are recommendations to create somewhere that users can report incidents and receive guidance on threats and precautions.  Again, language issues indicate that this is better done at national, rather than central level. On improving law enforcement and judicial capability there is a proposal to create a central cybercrime centre, which appears again to be a faciliator for the development of coordinated national operational expertise, though others appear to be interpreting it as having a more operational role. Having briefly been responsible for a pan-European CSIRT a long time ago my feeling is that centralising operational activities at that level is likely to be more trouble than it is worth.

[UPDATE] the full list of written responses has now been published. Note that they cover a wide range of areas (not just cybercrime) and a very wide range of opinions! Transcripts of oral evidence sessions and the Committee's final report are also available from the committee inquiry page.