In 2009, the European Union Commission released a preliminary document about Critical Information Infrastructure Protection (CIIP) to protect Europe from large scale cyber-attacks and cyber-disruptions. The main objective of the plan is to protect the most critical ICT infrastructures within the European states. To achieve its main goals, the Commission wants to stimulate awareness and support the development of security and resilience capabilities both at national and European levels.
The CIIP’s action plan is based on five key elements (pillars) which are preparedness and prevention, detection and response, mitigation and recovery, international cooperation and criteria for European Critical Infrastructures in the field of ICT. It defines the participants and their role in each pillar together with ENISA (European Network and Information Security Agency) as the main support agency.
The EU Council strongly believes in the need of united front with all stakeholders participating in a holistic approach to ensure the security and resilience of ICT infrastructures. The council announced various measures in the Digital Agenda for Europe (DAE) of May 2010. These measures ensure that all member states participate in the fight against cyber-criminality. The need to strengthen and modernize ENISA in view of the new forms of cyber-attacks such as, botnets was proposed by the Commission as to boost confidence and participation within member states and the private sector.
The next steps of CIIP’s action focus on the global dimension of cyber-crime challenges and the importance of cooperation among member states and private sectors at international levels.