European Network and Information Security Agency to be launched in January 2004
A European network and information security agency (ENISA) is to be established following the conclusion of an agreement between the EU Telecommunications Council and Parliament on 20 November. ENISA will start its operations in January 2004, less than one year after the European Commission first proposed the establishment of the agency, with a budget of 24 million euro over a five year period. The agency is intended to help the Commission and the Member States cooperate more effectively in their responses to network and information security problems such as computer crashes, information technology (IT) network failures, viruses and unauthorised interception of communications. EU Commissioner for Enterprise and the Information Society, Erkki Liikanen, welcomed the inter-institutional agreement: 'I'm very pleased that both Parliament and Member States have seen the urgency to get this agency in place and have been able to reach an agreement on the first reading of the proposal. All parties involved in the issues of network and information security have been advocating closer cooperation and the ENISA delivers the infrastructure for this.' The Council reached an agreement to set up the agency following a vote by the European Parliament on 19 November on a compromise proposal prepared by the two institutions. Although the Commission had originally proposed that ENISA should take on coordination and standardisation functions, such as the promotion of security standards and certification schemes, the Council and Parliament agreed to limit the agency's role to that of an advisory body for Member States and the Commission. ENISA will also act as a facilitator of increased cooperation and information exchange between EU countries on the issues of network and information security. Although the network and information security problems that they face are essentially the same, Member States are at different stages in their responses to this issue. They have also yet to agree on the best approach to take in many cases. ENISA will act as a centre of knowledge on network and information security issues and will promote a more coordinated response to the issue across Europe. The agency has been given a mandate to inform citizens, businesses and administrations of the risks involved in using the Internet and information systems, and will offer advice on how they can protect themselves against such threats. ENISA will also have a number of tasks involving risk assessment and risk management, and it will follow the development of research and standardisation efforts in collaboration with industry. The agency will be temporarily based in Brussels until the EU's Heads of State and Government decide upon its permanent location.