Activities of Ioannis A. TSOUKALAS related to 2010/0275(COD)
Plenary speeches (1)
European Network and Information Security Agency (ENISA) (debate)
Amendments (39)
Amendment 125 #
Proposal for a regulation
Title
Title
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL Concerning the European Network and Information Security Agency (ENISA)
Amendment 126 #
Proposal for a regulation
Recital 1
Recital 1
(1) Electronic communications, infrastructure and services are an essential factor in economic and societal development. They play a vital role for society and have become ubiquitous utilities in the same way that electricity or water supplies are. Communications networks function as social and innovation catalysts, multiplying the impact of technology and shaping consumer behaviours, business models, industries, as well as citizenship and political participation. Their disruption has the potential to cause considerable physical, social, economic damage, underlining the importance of measures to increase protection and resilience aimed at ensuring continuity of critical services. The security of electronic communications, infrastructure and services, in particular their integrity and availability, faces continuously expanding challenges. This is of increasing concern to society not least because of the possibility of problems due to system complexity, malfunctions, systemic failures, accidents, mistakes and attacks that may have consequences for the electronic and physical infrastructure which delivers services critical to the well- being of European citizens.
Amendment 127 #
Proposal for a regulation
Recital 2
Recital 2
(2) The threat landscape is continuously changing and security incidents can endanger user confidence. While severe disruptions of electronic communications, infrastructure and services can have a major economic and social impact, and even endanger human lives, everyday security breaches, problems and nuisances also risk eroding public confidence in technology, networks and services.
Amendment 128 #
Proposal for a regulation
Recital 3
Recital 3
(3) Regular assessment of the state of network and information security in Europe, based on reliable European data, as well as systematic forecast of future developments, challenges and threats, both in European and global level, is therefore important for policy makers, industry and users.
Amendment 133 #
Proposal for a regulation
Recital 8
Recital 8
(8) The Agency should carry out the tasks conferred on it by present Union legislation in the field of electronic communications and, in general, contribute to an enhanced level of security of electronic communications by, among other things, providing expertise and advice, and promoting the exchange of good practices, and offering policy suggestions.
Amendment 135 #
Proposal for a regulation
Recital 11 a (new)
Recital 11 a (new)
(11a) Given the increasing significance of electronic networks and communications, that by now constitute the backbone of European economy, and the actual size of the digital economy, a significant increase in the financial and human resources allocated to the Agency should be made, corresponding to its enhanced role and tasks, ant its critical position in defending the European digital ecosystem.
Amendment 139 #
Proposal for a regulation
Recital 13
Recital 13
(13) The Agency should operate as a point of reference and establishing confidence by virtue of its independence, the quality of the advice it delivers and the information it disseminates, the transparency of its procedures and methods of operation, and its diligence in carrying out the tasks assigned to it. The Agency should build on national and Union efforts and therefore carry out its tasks in full cooperation with the Member States and the Union institutions and be open to contacts with industry and other relevant stakeholders. In addition, the Agency should build on the input from and cooperation with the private sector, which play an important role in securing electronic communications, infrastructures and services.
Amendment 142 #
Proposal for a regulation
Recital 15
Recital 15
(15) The Agency should provide advice to the Commission by means of opinions and technical and socio-economic analyses, at the request of the Commission or on its own initiative, to assist with policy development in the area of network and information security. The Agency should also assist, at their request, Member States and EuropeaUnion institutions and bodies, at their request or on its own initiative, in their efforts to develop network and information security policy and capability.
Amendment 149 #
Proposal for a regulation
Recital 28
Recital 28
(28) In order to ensure that the Agency is effective, the Member States and the Commission should be represented on a Management Board, which should define the general direction of the Agency’s operations and ensure that it carries out its tasks in accordance with this Regulation. The Management Board should be entrusted with the necessary powers to establish the budget, verify its execution, adopt the appropriate financial rules, establish transparent working procedures for decision making by the Agency, adopt the Agency’s work programme, adopt its own rules of procedure and the Agency’s internal rules of operation, and appoint and decide on the extension or termination of the mandate of the Executive Directoror remove the Executive Director, subject to confirmation by the European Parliament. The Management Board should be able to set up working bodies to assist it with its tasks; such bodies could for example draft its decisions or monitor their implementation.
Amendment 150 #
Proposal for a regulation
Recital 30
Recital 30
(30) The Executive Director should have the option of setting up ad hoc Working Groups to address specific matters, in particular of a scientific or, technical, or a legal or socio-economic nature. In setting up the ad hoc Working Groups the Executive Director should seek input from and draw on the relevant external expertise needed to enable the Agency to have access to the most up-to-date information available on security challenges posed by the developing information society. The Agency should ensure that the ad hoc Working Groups’ membership is selected according to the highest standards of expertise, taking due account of a representative balance, as appropriate according to the specific issues, between the public administrations of the Member States, the Union institutions, the private sector, including industry, the users, and academic experts in network and information security. The Agency may, as necessaryappropriate, invite individual experts recognised as competent in the relevant field to participate in the Working Groups’ proceedings, on a case- by-case basis. Their expenses should be met by the Agency in accordance with its internal rules and in accordance with the existing Financial Regulations.
Amendment 153 #
Proposal for a regulation
Recital 36
Recital 36
(36) The Agency should succeed ENISA as established by Regulation No 460/2004. Within the framework of the decision of the Representatives of the Member States, meeting in the European Council of 13 December 2003, the host Member State should maintain and develop the current practical arrangements, as provided by the seat agreement, in order to ensure the smooth and efficient operation of the Agency, having regard in particular to the Agency’s cooperation with and assistance to the Commission, the Member States and their competent bodies, other Union institutions and bodies, and public and private stakeholders from throughout Europe.
Amendment 154 #
Proposal for a regulation
Recital 36 a (new)
Recital 36 a (new)
(36a) The Agency should be able, upon request by a Member State or the European Union Institutions, to second concurrently up to 10 % of the staff for providing assistance and expertise in addressing network and information security matters.
Amendment 156 #
Proposal for a regulation
Recital 36 b (new)
Recital 36 b (new)
(36b) The provisions of point 47 of the Interinstitutional Agreement of 17 May 2006 between the European Parliament, the Council and the Commission on budgetary discipline and sound financial management1 should apply for the Agency’s permanent mandate and any decision of the legislative authority in favour of such a renewal should be without prejudice to the decisions of the budgetary authority in the context of the annual budgetary procedure.
Amendment 159 #
Proposal for a regulation
Recital 37
Recital 37
(37) The Agency should be established for a limited period. Its operations should be evaluated with regard to the effectiveness of achieving the objectin indefinite period and therefore haves and of its working practices, in order to det permiane the continuing validity, or otherwise, of the objectives of the Agency and, based on this, whether the duration of its operations should be further extended,nt mandate.
Amendment 161 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation establishes a European Network and Information Security Agency (hereinafter ‘the Agency’) for the purpose of contributing to a high level of network and information security within the Union and in order to raise awareness and develop a culture of network and information security in society for the benefit of the citizens, consumers, enterprises and public sector organisations in the Union, thus contributing to the smooth functioning of the internal market and the establishment of a fully functional European digital single market.
Amendment 168 #
Proposal for a regulation
Article 2 – paragraph 3
Article 2 – paragraph 3
3. The Agency shall develop and maintain a high level of expertise, in order to be established globally as a centre of excellence on all matters concerning cybersecurity, and shall use this expertise to stimulate broad cooperation between public and private-sector actors.
Amendment 175 #
Proposal for a regulation
Article 3 – paragraph 1 – point b
Article 3 – paragraph 1 – point b
(b) Facilitate the cooperation among the Member States and between the Member States and the Commission in their efforts with a cross-border dimension to prevent, detect and respond to network and information security incidents; to this end it shall develop and operate an early warning and response mechanism of European scope that would function complementary to the Member States’ own mechanisms;
Amendment 179 #
Proposal for a regulation
Article 3 – paragraph 1 – point d
Article 3 – paragraph 1 – point d
(d) Regularly assess, in cooperation with the Member States and the EuropeaUnion institutions, the state of network and information security in Europe;
Amendment 182 #
Proposal for a regulation
Article 3 – paragraph 1 – point e
Article 3 – paragraph 1 – point e
(e) Support cooperation among competent public bodies in Europe, in particular supporting their efforts to develop and exchange good practices and standardsnetwork and information security standards, as well as a risk management culture;
Amendment 183 #
Proposal for a regulation
Article 3 – paragraph 1 – point f
Article 3 – paragraph 1 – point f
(f) Assist the Union and the, Member States, the public and the private sector in promoting the use of risk management and security good practice and standards for electronic, network and information security standards and foster a culture of “information security by design” for electronic and communication networks, products, systems, and services;
Amendment 186 #
Proposal for a regulation
Article 3 – paragraph 1 – point g
Article 3 – paragraph 1 – point g
(g) Support cooperation between public and private stakeholders on the Union level, inter alia, by promoting information sharing and awareness raising, and facilitating their efforts to develop and take up standards for risk management and for the security of electronic products, networks and services, as well as of physical products, networks and services dependent on the former;
Amendment 188 #
Proposal for a regulation
Article 3 – paragraph 1 – point h
Article 3 – paragraph 1 – point h
(h) Facilitate dialogue and exchange of good practice among public and private stakeholders on network and information security, including aspects of the fight against cybercrime; assist the Commission as well as Member States, at their request, on policy developments that take into account network and information security aspects of the fight against cybercrime;
Amendment 194 #
Proposal for a regulation
Article 3 – paragraph 1 – point i a (new)
Article 3 – paragraph 1 – point i a (new)
(ia) Undertake the establishment and supervise the functioning of a full-scale European Union Computer Emergency Response Team (EU CERT), in order to counter cyber attacks against the EU institutions, bodies and agencies;
Amendment 197 #
Proposal for a regulation
Article 3 – paragraph 1 – point j
Article 3 – paragraph 1 – point j
(j) Support Union dialogue and cooperation with third countries and international organisations in cooperation where appropriate with the EEAS, to promote international cooperation and a global common approach to network and information security issues; ENISA should be established as the single European point of contact for third countries and international organisations, on all issues concerning cybersecurity;
Amendment 206 #
Proposal for a regulation
Article 5 – paragraph 9
Article 5 – paragraph 9
9. The Management Board mayshall adopt the Multi-Annual Staff Policy Plan, after consulting the Commission services and having duly informed the Budgetary Authority.
Amendment 209 #
Proposal for a regulation
Article 6 – paragraph 1
Article 6 – paragraph 1
1. The Management Board shall be composed of one representative of each Member State, three representatives appointed by the Commission, and three representatives without the right to vote, appointed by the Commission, each of whom represent one of the following groups: (a) the information and communication technologies industry; (b) consumer groups; (c) academic experts in network and information securityauthorised to act on behalf of that Member State, and three representatives appointed by the Commission without the right to vote. Management Board members may be replaced by their alternates in accordance with the rules of procedure of the Management Board.
Amendment 211 #
Proposal for a regulation
Article 6 – paragraph 2
Article 6 – paragraph 2
2. Board members and their alternates shall be appointed on the basis of their degree of relevant experience and expertise in the field of network and information security. They shall also have the necessary managerial, administrative and budgetary skills to fulfil the tasks listed in Article 5. Board members appointed by the Commission shall be at the level of director or higher. Board members appointed by Member States shall have a seniority corresponding to that of the board members appointed by the Commission.
Amendment 214 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. A two-thirds majority of all Management Board members with the right to vote is required for the adoption of its rules of procedure, the Agency’s internal rules of operation, the budget, the annual work programme, and the appointment, extension of the term of office or remov or dismissal of the Executive Director.
Amendment 216 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. The Executive Director shall be appointed and dismissed by the Management Board after confirmation by the European Parliament. The appointment shall be done from a list of candidates proposed by the Commission for a period of five years, on grounds of merit and documented administrative and managerial skills, as well as specific competence and experience. Before appointment, the candidate selected by the Management Board mayThe Commission shall arrange an open competition for the purpose of establishing a list of suitable candidates. Before appointment, the candidate selected by the Management Board and the other candidates on the list of candidates proposed by the Commission shall be invited to make a statements before the competent committee of the European Parliament and answer questions put by its members.
Amendment 217 #
Proposal for a regulation
Article 10 – paragraph 4
Article 10 – paragraph 4
Amendment 218 #
Proposal for a regulation
Article 10 – paragraph 5
Article 10 – paragraph 5
Amendment 220 #
Proposal for a regulation
Article 10 – paragraph 6
Article 10 – paragraph 6
Amendment 229 #
Proposal for a regulation
Article 21 – paragraph 1
Article 21 – paragraph 1
1. The Executive Director shall be responsible for the implementation of the Agency’s budget.
Amendment 234 #
Proposal for a regulation
Article 22 – paragraph 3 a (new)
Article 22 – paragraph 3 a (new)
3a. The Agency shall have its seat in Heraklion, Crete.
Amendment 237 #
Proposal for a regulation
Article 28 – paragraph 2 a (new)
Article 28 – paragraph 2 a (new)
2a. The Agency may liaise and cooperate with other third countries, as well as international organisations and intergovernmental bodies related to Network and Information Security, and allow them to participate in relevant areas of the Agency’s work as appropriate. Their participation should be submitted, by the Executive Director, for approval to the Management Board.
Amendment 244 #
Proposal for a regulation
Article 29 – paragraph 1
Article 29 – paragraph 1
1. Within threfive years from the date of establishment referred to in Article 34, the Commission, taking into account the views of all relevant stakeholders, shall carry out an evaluation on the basis of terms of reference agreed with the Management Board. The evaluation shall assess the impact and the effectiveness of the Agency in achieving the objectives set out in Article 2, and the effectiveness of the Agency’s working practices. The Commission shall undertake the evaluation notably in order to determine whether an Agency is still an effective instrument and whether the duration of the Agency should bethe regulation should be revised to further extended beyond the operiod specified in Article 34ational capabilities of the Agency.
Amendment 246 #
Proposal for a regulation
Article 30 – paragraph 1 a (new)
Article 30 – paragraph 1 a (new)
1a. That Member State shall provide the best possible conditions to ensure the proper functioning of the Agency, including appropriate building infrastructure, communications facilities, multilingual, European-oriented schooling and sufficient transport infrastructure.
Amendment 247 #
Proposal for a regulation
Article 30 – paragraph 1 b (new)
Article 30 – paragraph 1 b (new)
1b. The necessary arrangements concerning the accommodation provided for the Agency and the facilities made available by the Member State, as well as the specific rules applicable in that Member State to the Executive Director, the members of the Management Board, the staff of the Agency and members of their families, shall be laid down in a renewed Seat Agreement between the Agency and the host Member State.
Amendment 248 #
Proposal for a regulation
Article 33
Article 33