As requested, I have prepared a ten slide presentation on the European Network and Information Security Agency. As our economy matures, we are becoming more and more dependent on communications networks and information society systems. These networks control every part of society, for example, infrastructure, support business and e-commerce, on which we are becoming increasingly dependent, and contain large amounts of personal data of all kinds for citizens of Europe.
We are familiar with some of the articles which have appeared in the newspapers concerning the release of viruses on the Internet, causing problems to networks and, in more extreme cases, forcing them to shut down, reorganise and rebuild to provide the service for which they were designed. In certain cases, this has caused substantial financial damage, which is undermining user confidence in doing business online and electronically. Ultimately, the real threat is to the information society and many of the objectives laid out in the e-government plan 2005.
The legal background to the initiative is new legislation being progressed and developed by the telecommunications industry. The most recent examples of this legislation include the framework directive, the authorisation directive and directives on electronic commerce. Through these directives, legislators have been trying to develop a regulatory regime which would protect personal data and guarantee privacy. The initiative is also an effort to ensure integrity and security among private and public communications networks.
One of the key objectives of the European Union is the promotion of the Internal Market, which includes allowing for the free flow of information across boundaries and between networks. The need for expertise in network security has been recognised at EU level. The European Network and Information Security Agency would need to be in a position to provide guidance, advice and all necessary assistance to member states in dealing with the threats to network integrity and security.
As we move forward, our telecommunications networks are becoming more complex. Traditional broadcasting, telephone and cable networks are becoming integrated, with the possibility to deliver voice, telecommunications and data services to homes on one wire. This opportunity also creates increasingly complex technical challenges.
One of the main features of the new agency is its independence and one of the principal advantages of having a network security agency is the absence of a comparable organisation. The agency is designed to complement competences in the various member states. To date, the member states have taken slightly different approaches to this issue and the establishment of the new agency provides an opportunity to harmonise, reap benefits for everybody involved and facilitate information exchange. The need for information exchange and the quick deployment of solutions is becoming increasingly important as viruses become more problematic and capable of doing more damage.
The objectives of the agency, as listed in Article 2 of the regulation, include enhancing the ability to respond to network and information security problems, assisting and delivering advice to member states and assisting the Commission in developing new legislation in the field of network and information security. Its tasks, as listed in Article 3, include collecting information, analysing risks, enhancing co-operation between the different bodies involved in network security, increasing awareness and providing comprehensive information on threats and the best practices to deal with them and, where necessary, developing new standards for security products to enable ordinary citizens and industry to buy products which will protect their networks adequately.
The organisation is divided into three sections, the management board, the executive director and the permanent stakeholders group. The management board will consist of one representative from each member state, three members proposed by the Commission and a number of representatives from the information communications technology industry, consumer groups and academia. The executive director will have the job of managing the agency and carrying out the work plan on a day-to-day basis. Later, I will discuss this appointment, which has not yet been made. The permanent stakeholders group consists of a wide variety of people also drawn from the information communications technology industry, consumer groups and academia. They have been brought together to provide assistance in drawing up an appropriate work programme for the agency.
It is envisaged that the agency will be a legal body with its own personality and will come into operation on 1 January 2004 for a period scheduled to last for eight years. Notwithstanding this time limit, the Commission has identified that a review shall be carried out within three years to determine whether it is operating in the most effective manner possible. The agency's budget is envisaged to be in the order of €25 million, which may increase once the accession countries have joined the European Union.
The legislation can be traced to 11 February 2003 when the Commission adopted a proposal of the European Parliament and the Council for a regulation establishing a network security agency. This involved the co-decision process, with the European Parliament playing an active role in the legislative process. The regulation was approved by the European Parliament on 19 November 2003 and the Council the following day.
The new agency will be beneficial for Ireland. It will provide a unique centre of excellence and, as I stated, its independence will be invaluable. It is tasked to act swiftly, a necessary capability in the current climate, and will create confidence among industry to invest in their networks and among people to do business on telecommunications and Internet based networks. The resources earmarked for the agency will provide an opportunity to carry out research which would otherwise be difficult to achieve. With representatives from the ICT industry and various other players, the new agency will also have a wide body of opinion feeding into it. We believe this group should bring a comprehensive work programme to the agency that will deliver a product from which we will all benefit.