ENISA presents a study on a European Information Sharing and Alert System for SMEs and citizens: EU’s role proposed to be a ‘clearing house’

The EU should assume the role of facilitator to set up a European Information Sharing and Alert System (EISAS) to inform SMEs and citizens on threats, vulnerabilities and attacks, according to a study by the European Network and Information Security Agency (ENISA).

The feasibility study concluded that the most optimal way for the EU to facilitate the information sharing is to assume the role of a facilitator, moderator of discussion and a “keeper of good practice” between national information sharing and alert systems, rather than taking a central, operational function by itself. The proposed next steps and a “proof of concept” scenario are also outlined.

The study deemed an operational role for the EU as unsuitable. A decentralised system on a national basis is more effective, as technical/organisational, cultural/social, and political obstacles make other, centralised operational approaches less feasible.

The main proposed scenario for the EU includes the role to:

“The study deemed an operational role for the EU as unsuitable.

Act as a "clearinghouse" for good practice to support new national systems in the Member States;

Act as a fosterer and facilitator of discussions between the national ISAS in the Member State, to achieve the following goals: help the existing activities to learn from each other, continuously update the good practice collection, and together identify fields or areas to improve the service level of all activities;

Act as an analyst of the collected good practice and, if appropriate, propose areas of optimisation.

The Executive Director of ENISA, Andrea Pirotti commented that computers of home-users and SMEs are the most popular targets for targeted attacks, as they often are considered easy victims. On the other hand SMEs are important to Europe’s economic growth. However, due to size, SMEs rarely employ dedicated security personnel for protecting information assets.