The European Commission pledged to create a new IT security strategy for Europe yesterday, warning that the 5 to 13% of IT budgets currently spent on security is a dangerously low figure.
The Commission has also instructed its information security agency to prepare to handle security incidents in a bid to increase network security across Europe.
“The nature of the threat is changing and so must our response” said information society and media commissioner Viviane Reding. “In the past, hackers were motivated by a desire to show off whereas today, many threats come from criminal activities and are motivated by profit. What we need is a renewed strategy."
A statement from the European Commission called for talks to begin on "a new IT security strategy for Europe". In a list of specific proposals, the Commission said that the European Network and Information Security Agency (ENISA), which was established in Greece last year, "will be entrusted to develop an appropriate data collection framework to handle security incidents".
The Commission also plans an information sharing and alert system to be operated by ENISA, similar to that already run by commercial anti-virus and security companies.
The Commission issued the plans because of worries that poor security could discourage users from using digital technologies. "The Commission believes that an open dialogue involving all stakeholders is essential for building consumer trust and confidence and for supporting the widespread take-up of digital services," said the Commission statement.
The Commission was careful, though, not to take the place of commercial companies, whose technologies must still be the principal method of protection. "A key role in promoting a greater awareness of security is to be played by public authorities, although it is largely up to the private sector to provide solutions," said the statement.