Symantec has been awarded a grant to co-fund a project to define an Information Assurance Messaging Standard. The results of the project will help the European Commission, the member states, national security authorities and the critical infrastructures to establish a framework for Sharing Information on Security at a National and European Level.
Working closely with member state authorities and a selected number of European critical infrastructures, the Symantec-defined standard will allow European critical infrastructures, national authorities and the European Commission to exchange secure messages about vulnerabilities, threats, incidents and good practices.
The European Commission project will see the direct involvement of many member states and National Computer Emergency Response/Readiness Teams (CERTs), starting with Italy, which sponsored the project through the Ministry of Interior.
“The very foundations of our modern society and economic stability are being built on electronic communication infrastructures that span national, European and international borders and the data that is shared, processed and stored within these networks,” says John Brigden, senior vice-president of Symantec Europe, the Middle East and Africa (EMEA). “Safeguarding electronic networks and systems from possible attack or disruption has become a crucial component of critical infrastructure protection.”
Symantec is able to review data collected from 40 000 sensors deployed in 180 countries, in addition to a database that covers more than 22 000 vulnerabilities affecting 50 000 technologies from 8 000 vendors. Symantec also reviews more than 2-million decoy accounts that attract e-mail messages from 20 different countries around the world, allowing us to gauge global spam and phishing activity.
There are three phases of this project: Analysis of existing standards and interviews with a selected number of CERTs and national authorities; definition of the standard; and dissemination of the results. Symantec will organise a European conference where the results will be presented to the European Commission, delegates of the member states and to national security authorities and national CERTs.
The European Commission has established a European Programme for Critical Infrastructure Protection (EPCIP) as part of the “Fight against Crime and Terrorism” campaign.
Every year the Commission provides grants to fund pilot projects to enhance cooperation among the European critical infrastructures and raise the awareness on vulnerabilities, risks and countermeasures. On the 5th June the Council reached a political agreement on a directive on the identification and designation of European Critical Infrastructure (ECI) and the assessment of the need to improve their protection(9403/08).
The directive, that will enter into force before end of 2008, establishes the necessary procedure for the identification and designation of ECI and a common approach to the assessment of the needs to improve the protection of such infrastructure in order to contribute to the protection of people.
According to Symantec’s six-monthly Internet Security Threat Report released in April covering the government sector, denial-of-service attacks were the most common attack type targeting government and critical infrastructure organisations, accounting for 46% of the top 10 attacks.