Collaborative European approach to Network and Information Security - Main contents

EN

Official Journal of the European Union

C 321/1

The Commission communication of 31 May 2006 on ‘A Strategy for a Secure Information Society’ putting forward a process of ‘dialogue, partnership and empowerment’ engaging Member States and private sector stakeholders;

The Commission communication of 12 December 2006 on ‘The European Programme for Critical Infrastructure Protection (EPCIP)’ aiming to improve the protection of critical infrastructures in the EU and creating an EU framework concerning the protection of critical infrastructures;

The Council Directive of 8 December 2008 on the identification and designation of European critical infrastructures and the assessment of the need to improve their protection;

The Council Resolution of 22 March 2007 on a Strategy for a Secure Information Society in Europe;

The Council conclusions of 19-20 April 2007 on a European Programme for Critical Infrastructure Protection;

The Commission communication of 30 March 2009 on Critical Information Infrastructure Protection (CIIP);

The ongoing debate, including the relevant public consultation, on the future of the European Network and Information Security Agency (ENISA) and its role in CIIP;

The Presidency conclusions on CIIP of the Tallinn ministerial conference of 27-28 April 2009;

The Lisbon goals of competitiveness and growth and the work currently underway to review the Lisbon strategy;

The security measures proposed in the review of the Regulatory Framework on Electronic Communications Networks and Services;

To ensure effective future policy on Network and Information Security, this resolution assumes that no conclusions have yet been reached on any amendments needed in the ENISA regulation. As the future of Network and Information Security policy is currently under review by the Commission, any outcome of this review, regarding any amendments to the ENISA regulation, should not be prejudiced by this resolution in advance of the publication by the Commission of its results.

Given the importance of electronic communications, infrastructures and services as a basis of economic and social activity, Network and Information Security (NIS) contributes to important values and objectives in society, such as democracy, privacy, economic growth, the free flow of ideas, and economic and political stability;

Information and communication technology systems, infrastructures and services, including the Internet, play a vital role for society, and their disruption has the potential to cause huge economic damage, underlining the importance of measures to increase protection and resilience aimed at ensuring continuation of critical services;

Security incidents risk undermining user confidence. While severe disruptions of networks and information systems could have a major economic and social impact, everyday problems and nuisances also risk eroding public confidence in technology, networks and services;

The threat landscape is evolving and growing, which increases the need to provide end-users, businesses and governments with electronic communications infrastructures that are robust and resilient by default and to identify the right incentives for the providers to do so in a timely manner;

There is a need to enhance and embed Network and...