ENISA Proactive Security Incident Detection Report

Computer Emergency Response Teams (CERTs) are the primary tool for efficiently protecting Critical Information Infrastructure.  Every single country that is connected to the internet should have the capabilities to effectively and efficiently respond to information security incidents. CERTs act as primary security service providers for government, and information coordinators for business, and citizens.  At the same time, they also act as awareness raisers and educators.  Note that Canada currently lacks an official CERT.  It is ENISA’s mission to minimise the gaps in CERT presence and in CERT capabilities within Europe by facilitating the set-up, training, and exercising of CERTs.

ENISA has delivered a report identifying 16 shortcomings in the detection of network security incidents, revealing that not all available tools are widely used by CERTs to combat online and electronic threats effectively.  The Agency also issued 35 recommendations to data providers, data consumers, and at national levels to mitigate the shortcomings.

The ENISA study has identified that CERTs are currently not fully utilizing all possible external intelligence sources at their disposal, and many CERTs neither collect, nor share incident data with other CERTs.  This is concerning, as information exchange is key to effectively combating malware and malicious activities, an exercie that is extremely important in fighting cross-border online threats.  Legal problems involving diverse privacy regulations and personal data protection laws often hinder information exchange.

Full Report:  http://www.enisa.europa.eu/act/cert/support/proactive-detection/proactive-detection-report/at_download/fullReport

Survey Analysis Addendum:  http://www.enisa.europa.eu/act/cert/support/proactive-detection/survey-analysis