Tuesday, 29 December 2009

EU Network and Information Security (NIS) resolution officially published

In the blog post EU Network and Information Security (NIS) (27 December 2009) we presented the Council resolution and detailed preparatory work by the Commission, mentioning that the annexed resolution would be published in the Official Journal of the European Union (OJEU), but that in the meantime we followed the Council document.


Adhering to the principle to use the most authentic and official sources available, we can now announce the official publication of the Council resolution on NIS, which forms the tip of the iceberg:

COUNCIL RESOLUTION of 18 December 2009 on a collaborative European approach to Network and Information Security, published in the Official Journal of the European Union (OJEU) 29.12.2009 C 321/1.

NIS reasons

At the same time, we can repeat some of the reasons for the importance of NIS action noted by the Council:


1. Given the importance of electronic communications, infrastructures and services as a basis of economic and social activity, Network and Information Security (NIS) contributes to important values and objectives in society, such as democracy, privacy, economic growth, the free flow of ideas, and economic and political stability;

2. Information and communication technology systems, infrastructures and services, including the Internet, play a vital role for society, and their disruption has the potential to cause huge economic damage, underlining the importance of measures to increase protection and resilience aimed at ensuring continuation of critical services;

3. Security incidents risk undermining user confidence. While severe disruptions of networks and information systems could have a major economic and social impact, everyday problems and nuisances also risk eroding public confidence in technology, networks and services;

4. The threat landscape is evolving and growing, which increases the need to provide end-users, businesses and governments with electronic communications infrastructures that are robust and resilient by default and to identify the right incentives for the providers to do so in a timely manner;

5. There is a need to enhance and embed Network and Information Security in all policy areas and sectors of society, and to address the challenge of ensuring sufficient skills via both national and European actions and raising awareness among users of information and communication technology (ICT);

6. The completion and functioning of the Internal Market will require that network owners and service providers cooperate across borders, given that possible disruptive events in one Member State may also affect other Member States and the EU as a whole;

7. New usage patterns, such as cloud computing and software as a service, put additional emphasis on the importance of Network and Information Security;

8. Network and Information Security serves the objective of all parties, in all sectors of society, to be able to trust the information systems, therefore a cross-sector and cross-border approach is needed;

9. With the increasing use of ICT in society, Network and Information Security is a prerequisite for the reliable, safe and secure delivery of public services, such as e- Government;

10. ENISA has the potential to build on the important role it already plays in Network and Information Security.

Ralf Grahn

P.S. Read Coulisses de Bruxelles, by Jean Quatremer, and other great euroblogs listed on multilingual Bloggingportal.eu, our common “village well” for fact, opinion and gossip on European affairs.