The EU institutions have reinforced their fight against cyber threats by establishing the EU’s Computer Emergency Response Team, or CERT-EU, on a permanent basis. This decision follows a successful one-year pilot for the team, which drew positive assessments from clients and peers.
Vice-President Maroš Šefčovič said: „The EU institutions, like any other major organisations, are frequently the target of information security incidents. CERT-EU is helping us to improve our protection against these threats. It is a very successful example of what the EU institutions can achieve when they work together. We want our CERT to be amongst the best, closely cooperating with the rest of the CERT community and contributing to cyber security for all.“
Vice-President Neelie Kroes said: „Cyber security is a priority for Europe’s welfare and competitiveness. The EU institutions can now count on a permanent CERT to deal with increasingly sophisticated cyber threats against them. This decision ensures we are practising what we preach.“
In recent years, CERTs have been set up in both the public and private sectors as small teams of cyber-experts that can effectively and efficiently respond to information security incidents and cyber threats. They have proven to be a key component in the defence strategy against these threats by preventing, detecting and correcting vulnerabilities and compromises. They warn their clients against vulnerabilities or threats and recommend actions to mitigate the risks. They help to detect compromised systems and attacks and take appropriate steps to stop them and/or recover from them. They are highly interconnected with each other, creating a community of experts fighting for the common cause of cyber security.
In the Digital Agenda for Europe adopted in May 2010, the Commission pledged to establish a CERT for the EU institutions, as part of an overall commitment to a reinforced and high-level EU Networking and Information Security Policy in Europe. The Digital Agenda also calls on all Member States to establish their own CERTs, paving the way to an EU-wide network of national and governmental Computer Emergency Response Teams by 2012. CERTs will also play a major role in a forthcoming Communication on cyber security strategy.
The resources of CERT-EU are provided by the major EU institutions and agencies, including the European Commission, the Council, the European Parliament, the Committee of the Regions and Economic and Social Committee, and the European Network and Information Security Agency (ENISA). The team operates under the strategic oversight of an inter-institutional Steering Board.
CERT-EU works very closely with the internal IT security teams of the EU institutions and liaises with the community of CERTs and IT security companies in the Member States and elsewhere, exchanging information on threats and how to handle them.