TRENDING:

ENISA Study Critical of National CERTs

16 Shortcomings Identified in Detection of Security Incidents Eric Chabrow (GovInfoSecurity) • December 7, 2011    
ENISA Study Critical of National CERTs

National computer emergency response teams, or CERTs, in Europe aren't using all the weapons in their arsenals to detect network security incidents, the European Network and Information Security Agency said in a report issued Wednesday.

See Also: OnDemand Webinar | Compliance + Security in the Connected Device Era

ENISA identified 16 shortcomings in detection of network security events and issued 35 recommendations on how national CERTs - which the agency characterized as "digital fire brigades" - should be more proactive to mitigate deficiencies.

"National and government CERT managers should use more ... external sources of incident information, and additional internal tools to collect information to plug the gaps" ENISA Executive Director Udo Helmbrecht said in a statement accompanying the release of the report, entitled "Proactive Detection of Network Security Incidents."

The study found that many CERTs neither collect nor share incident data with other CERTs. "This is concerning, as information exchange is key to effectively combating malware and malicious activities, which is extremely important in fighting cross-border cyberthreats," the report said.

The top technical gaps identified by ENISA include insufficient data quality such as false positives in provided data or poor timeliness of delivery, lack of standard formats, tools, resources and skills. The most important legal problem involves privacy regulations and personal data protection laws that hinder information exchange, the agency said.

For data providers, key recommendations focused on how to better reach CERTs, better data format, distribution and data quality improvement. For data consumers, the recommendations included additional activities by a CERT to verify the quality of data feed and specific deployments of new, recommended technologies recommended.

"At the EU or national level, balancing of the privacy protection and security needs is necessary, as well as facilitating the adoption of common formats, integration of statistical incident data and research into data leakage reporting," ENISA said.

ENISA said proactive detection of incidents - the discovery of malicious activity before CERTs receive complaints about security incidents - represents the cornerstone of an efficient CERT services portfolio. Being proactive, ENISA said, "can greatly boost a CERT's efficiency in operations, thus strengthening CERT's incident handling capability, which is one of the core services of governmental CERTs."

Previous
Security No. 1 Barrier to Mobile Tech
Next
New Economies: Who's In Control?

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.