In case you haven’t heard about it, there is a digital agenda for the coming decade, developed by the European Commission. Cited from the web site:
Europe 2020 is the EU’s growth strategy for the coming decade. In a changing world, we want the EU to become a smart, sustainable and inclusive economy. These three mutually reinforcing priorities should help the EU and the Member States deliver high levels of employment, productivity and social cohesion.
Concretely, the Union has set five ambitious objectives – on employment, innovation, education, social inclusion and climate/energy – to be reached by 2020. Each Member State has adopted its own national targets in each of these areas. Concrete actions at EU and national levels underpin the strategy.
The strategy includes a strong coordination between public and private institutions, located in countries with different concepts and procedures relating to IT security. This is crucial for incident response and damage control. Getting the right information at the right time can dampen the impact, companies and customers can be warned, threats can be mitigated (at least better than with no information flow). That’s the theory, but how does this work in real life?
Mario Andrea Valori of Università IULM di Milano has undertaken an evaluation. His research was directed towards two issues: the perception of security among the various types of attack and the communication with the various stakeholders. To explore the first theme Mr Valori simulated attacks against more than 40 agencies, located in 12 different countries, measuring performance and results. The simulations involved 1084 workers in six months. The second issue has led to the analysis of security policies and simulations of communication for 78 agencies, located in 21 different countries, both in relation to external communication with its members, which with the press and other interested parties. This second analysis involved 2418 users, each with a different nationality and language and computer skills and communications.
The results demonstrate the critical and weaknesses of computer security in the European public sector. A true digital economy will never take off without IT security, and the security must be part of the design. Improving communication is only a part of the puzzle.