The European Union's international cybercrime squad is up and running, a year after it was given the go-ahead by the European Commission. The European Network and Information Security Agency (Enisa) has a five-year budget of 34.3 million euros and a mandate to get member states working together to combat security threats.
Enisa has appointed an executive director, put internal rules of procedure into place and has begun hiring technical experts, the organisation said. Enisa's management board, including representatives from industry, member states and the Commission, met on Friday at the agency's headquarters in Heraklion, Greece to formalise the organisation's plans.
The body is something of an experiment - it has a five-year mandate, and its existence will only be continued after that if it proves a success. It aims to become a pan-European "centre of excellence" on security matters, collecting and analysing data on security incidents, advising the Commission and member states on security issues, standardising security approaches and pushing for more cooperation between the private and public sectors.
Executive director Andrea Pirotti, officially appointed last month, is a Marconi veteran who was in charge of technology products for critical IT infrastructure, and set up various overseas companies in the Marconi communications group. The management board is to be led by chair Kristiina Pietikainen, director of a data security unit at the Finnish Ministry of Transportation and Communications, and vice-chair Ferenc Suba of the equivalent government body in Hungary.
Even as Enisa forges ahead, many stakeholders - including government and industry representatives from around the EU - remain sceptical about what the agency can do to improve security. At a recent meeting, for example, Symantec's Ilias Chantzos answered what exactly he felt Enisa's added value will be. Hedy van der Ende, general manager of the Netherlands' Computer Emergency Response Team (CERT), said Enisa will face a difficult task, given that "CERTS from different countries co-operate closely already".
Arlene McCarthy, a Labour MEP best known for pushing what many call a pro-software patent agenda in European legislation, has also voiced doubts. In a draft opinion written prior to the creation of Enisa, McCarthy wrote it "may be more in the nature of a solution looking for a problem rather than a real contribution to the creation of (a) 'culture of security'."
However, she acknowledged the problem of IT security is severe enough that the agency is "a worthwile experiment", given that it is established for a limited period.
On the other hand, McCarthy also recommended the agency to promote a pan-European "trustworthy computing" initiative, a highly controversial suggestion. "Trustworthy computing" projects undertaken by the likes of Microsoft and Intel have been promoted as improving security by building anti-hacking measures into the hardware level. However, they are widely understood by industry analysts to be a way of building more draconian anti-copying measures into PCs.