ENISA presented a summary of its ‘General Report 2007’ and showcased some of its activities. The Agency underlined the crucial importance of Network and Information Security (NIS) for the European economy, in particular in regards to the i2010 goals.
Today, 30% of global trade is ‘digitally dependent’. Spam costs business about €64,5bn in 2007, double the 2005 figure (Source: Ferris). As only 6% of spam reaches mailboxes, the problem is perceived to be under control. However, it is growing in quantity, size and bandwidth and remains a costly problem, with 94 % of spam being the invisible part of the ‘iceberg’.
The Agency highlighted its success in mitigating cyber attacks by supporting the set up of ‘Computer Emergency Response Teams’ (CERTs), akin to ‘digital fire brigades’. In 2005, only eight EU Member States had governmental CERTs, whereas in 2008 the number has almost doubled to 14, with ten more planned within the next one to two years. CERTs are key components in combating cyber attacks such as those in Estonia, or spam generated by ‘botnets’; hijacked computers of which there are 6mn worldwide used by organised criminals for sending spam and committing online fraud.
At the same time, ENISA underlined a concerning imbalance in Member States’ security measures. The Executive Director of ENISA, Mr Andrea Pirotti commented:
“Europe must take security threats more seriously and invest more resources in NIS. Therefore, ENISA calls for the EU to introduce mandatory reporting on security breaches and incidents for business, just as the US has already done. The Member States should undertake concerted efforts to reduce the imbalances in security levels, through more cross-border cooperation. ENISA is confident that the need for secure networks to safeguard the European economy is a distinct driving force for Member States to cooperate more closely,” Mr Pirotti concluded.
The Agency stressed the risks of online social networking sites and recommended, for example, a review of the Regulatory Framework of Directive 2002/58 on privacy and electronic communications. ENISA has also produced a feasibility study on a European Information Sharing and Alert System for citizens and small business, particularly as SMEs constitute 2/3 of the EU economy.
ENISA launched a three-year programme in the beginning of 2008 to improve resilience to public e-communication networks and enable Member States to mitigate the risks of a digital 9/11. Upcoming future threats and risks beyond 2008 were identified: e.g. fraud in virtual worlds, where assets are estimated to be between €64,5mn and €100mn (in 2006). In the course of this year, the Agency will issue various Position Papers with recommendations, for example on interoperable e-ID for Europe.

Source: ENISA, 2008