The next boardmembers of PvIB were What is the vision of Mrs. Kroes on ‘net allow use of certain ICT fora and
involved in this interview with Mrs. Kroes: neutrality’? consortia standards.
Thom Schiltmans, Philips Healthcare,
Sector IT Security Manager; board member •W
hat is the definition of ‘net neutrality’ NIST, the National Institute of Standards
PvIB Education by Mrs. Kroes? and Technology, defines standards on infor-
•W
hat are the limitations on ‘net mation security. The NIST standards are
Fred van Noord, Verdonck, Klooster & neutrality’ in the vision of Mrs. Kroes? available for free. The Dutch government
Associates, Management consultant uses NIST standards for several purposes and
information security & risk management; NB. Recently Chili was the first country in also the industry uses NIST standards.
chairman PvIB the world to approve a law which guarantees
‘net neutrality’. Are there any possibilities for using NIST
Tom Bakker, Delta Lloyd Group, Group standards by the EU in the opinion of Mrs.
Security Officer / Business Continuity Answer Mrs. Kroes: The European Commis Kroes?
Coordinator; board member PvIB, editor sion is committed to preserving the open
PvIB-magazine “Informatiebeveiliging” and neutral character of the Internet in Answer Mrs. Kroes: Yes, but the answer is
Europe. But traffic management and net more complicated than that. The European
Erno Duinhoven, Capgemini, Managing neutrality are highly complex issues and Commission supports use of both European
consultant information security & risk the terms mean different things to dif and international standards. We think this
management; board member PvIB ferent stakeholder groups. In any event, it is key to competition and competitive
Professionalizing. is clear that full and effective transparency industries - and the priority is good and
is essential to enable consumers’ choices. widely-used standards. But our main role is
Implementing the ambitious Digital Agenda Consumers should be able to access the to promote the use of standards rather
for Europe would contribute significantly to content they want while content providers than to endorse particular standards. NIST
the EU’s economic growth and spread the and operators should have the right incen supporters should work within CEN,
benefits of the digital era to all sections of tives to keep innovating and investing. CENELEC and ETSI at European Level and
society. The Agenda outlines seven priority ISO, IEC and ITU at international level to
areas for action: creating a digital Single The revised EU telecoms framework adopted promote NIST. If a NIST standard is ac
Market, greater interoperability, boosting in 2009, which comes into force in May cepted by the ISO, for example, the
internet trust and security, much faster 2011, already contains strict transparency standard would then become European
internet access, more investment in re requirements and grants national regulators through the Vienna Agreement.
search and development, enhancing digital the power to set minimum quality levels for
literacy skills and inclusion, and applying network transmission services in coopera Key action 6 and 7: Present in 2010
information and communications techno tion with the Commission. measures aiming at a reinforced and
logies to address challenges facing society high level Network and Information
like climate change and the ageing Member States are still implementing the Security Policy, including legislative
population. EU telecoms rules into their national initiatives such as a modernized
legislation and the Commission is closely European network and Information
Trust & Security, one of the priorities in the monitoring the situation concerning poten Security Agency (ENISA), and measures
Digital Agenda, is of special interest for tial net neutrality issues. Moreover, we are allowing faster reactions in the event of
information security. In this interview you stimulating debate and examining the cyber attacks, including CERT for the EU
find the answers on the questions we asked contributions to a public consultation institutions.
Vice President Neelie Kroes, Commission (which we ran from end June to end
Vice-President for the Digital Agenda on September 2010), and we will report to the Present measures, including legislative
several key-actions. We related our European Parliament and public about the initiatives, to combat cyber attacks
questions (italics) to key actions results. against information systems by 2010,
(bold) in the Digital Agenda. and related rules on jurisdiction in
Key action 5: As part of the review of EU cyberspace and international level at
Key-action 1: Simplify copyright standardization policy, propose legal 2013.
clearance, management and cross-border measures on ICT interoperability by
licensing. 2010 to reform the rules on implemen- Trust and security is related to the proven
tation of ICT standards in Europe to knowledge and skills of people who are
• What are the advantages in meeting inter- • Which low effort countermeasures will
national recognized qualification for infor- have the largest effect on the safety of
mation security professionals in the the ICT infrastructure and the internet
opinion of Mrs. Kroes? (low-hanging fruit)?
• Does the EU want a publicly available
registry for information security profes- Answer Mrs. Kroes: There are widely vary
sionals which public consultation is pos- ing opinions on the extent of the threat
sible, similar to healthcare workers in the from so-called “cyber-war”, or cyber-threats
Netherlands (BIG-registry, a registry for in general. The Internet is generally re
professionals working in healthcare), and markably robust - but there are no guaran
if what are the main reasons in the Answer Mrs. Kroes: The importance of the tees it will stay that way if we grow com
opinion of Mrs. Kroes for (not) wanting different elements making up the Internet placent. IT networks and end users’ termi
such a registry? is sometimes perceived in very different nals remain vulnerable to a wide range of
• Does EUROPASS provide in qualifications ways. This partly explains the diversity of evolving hazards: from identity theft to
for information security professionals on a governmental positions expressed in spam spreading a wide range of viruses and
wider area then a pure technical area? international fora and the sometimes malicious software. Attacks are becoming
contradictory appreciations of the urgency increasingly sophisticated (trojans, bot
Answer Mrs. Kroes: In order to attract of this matter. Cyber security is vital for nets, etc.) and often motivated by financial
good people to working with ICTs, in both the European economy, to protect the gain, but they can also be politically moti
the private and public sectors, it is very businesses and operations of ordinary vated as shown by recent cyber-attacks
important to have skills frameworks and citizens. Users must be safe and secure that targeted Estonia and Lithuania.
The internet infrastructure is mainly in the established in Europe. That is why ENISA is they can provide better information both
hands of private companies. What is the already mobilising and supporting Member to patients and to healthcare professionals
opinion of Mrs. Kroes on the cooperation States in completing the establishment of as well as give personalised guidance,
between the large amount of private held their own national CERTs. which can improve illness prevention and
companies, the national governments ant chronic disease management. At the same
the EU in fighting cybercrime? The EP3R should also address the needs time, fast and secure access to personal
and procedures to ensure information ex health data can help greatly in cases of
• What is the role of market parties in the change to prevent and prosecute cyber urgent need for medical intervention any
fight against cybercrime? crime. Finally, it is important that interna where in the EU.
• What is the vision of Mrs. Kroes for pubic/ tionally coordinated actions which target
private partnership in fighting cybercrime? information security are pursued and joint A good example of this is the epSOS large
action is taken to fight computer crime. scale pilot. epSOS aims to develop, test
Answer Mrs. Kroes: Cybercrime is every and validate patient summaries and
one’s responsibility. The EU is supporting Key action 9: Leverage more private ePrescription solutions across borders. The
ICT-based public private partnerships investments through the strategic use of project has identified the pilot sites which
(PPPs) with €1 billion to leverage around precommercial procurement and public- will run the services and in November
€2 billion of private spending by 2013. private partnerships, by using structural 2010, we will launch a testing event open
to all companies willing to implement the
specifications defined by the project. In
practice, this could mean that an EU
citizen on holiday could be treated abroad
by a doctor who has access to potentially
life‑saving information.