Activities of Ivailo KALFIN related to 2011/2284(INI)
Plenary speeches (1)
Critical information infrastructure protection: towards global cybersecurity (short presentation)
Reports (1)
REPORT on critical information infrastructure protection – achievements and next steps: towards global cyber-security PDF (195 KB) DOC (127 KB)
Amendments (39)
Amendment 1 #
Motion for a resolution
Recital A
Recital A
A. whereas information and communication technologies (the ICT) are able to deploy their full capacity for the advancingement of the economy and the society only ifn case its users have a trust and confidence in their safeecurity and resilience, and if legislation on matters such ass well as when the existing legislation for data privacy and, intellectual property rights is enforced effectively in cyberspace, etc., is efficiently enforced in the Internet environment;
Amendment 3 #
Motion for a resolution
Recital A a (new)
Recital A a (new)
Aa. whereas, Internet and Information and Communication Technologies (ICT) rapidly increase their impact on the various aspects of the citizens' lives, being a crucial driver for our social interaction, cultural enrichment and economic growth;
Amendment 4 #
Motion for a resolution
Recital A b (new)
Recital A b (new)
Ab. whereas, ICT and Internet security is a comprehensive concept with a global incidence in economic, social, technological and military aspects, demanding a clear definition and differentiation of the responsibilities as well as a robust international cooperation mechanism;
Amendment 5 #
Motion for a resolution
Recital A c (new)
Recital A c (new)
Ac. whereas, the EU Digital Agenda flagship aims at reinforcing Europe's competitiveness, based on strengthening ICT, and creating the conditions for high and robust growth and technology-based jobs;
Amendment 6 #
Motion for a resolution
Recital A d (new)
Recital A d (new)
Ad. whereas, the private sector remains the first investor, owner and manager in information security products, provisions, services, applications and infrastructure, with billions of Euros invested over the last decade; whereas this involvement should be strengthened by appropriate policy strategies for promoting the resilience of public, private or public- private owned or operated infrastructures;
Amendment 7 #
Motion for a resolution
Recital B
Recital B
B. whereas, developing a highly level of secureity and resilientce of the ICT networks, services and technologies makes the EU economy more competitive; shall increase the competitiveness of the European economy, both by improving cyber risk assessment and management, and by providing the EU economy at large with more robust information infrastructures to support innovation and growth;
Amendment 10 #
Motion for a resolution
Recital B a (new)
Recital B a (new)
Ba. whereas, a proper level of information security is critical for robust expansion of Internet based services;
Amendment 12 #
Motion for a resolution
Recital C a (new)
Recital C a (new)
Ca. whereas the rapid development of new avenues of ICT such as Cloud computing, require a strong focus on the Internet security in order to be able to fully reap the benefits of the technological achievements;
Amendment 13 #
Motion for a resolution
Recital C b (new)
Recital C b (new)
Cb. whereas the European Parliament has repeatedly insisted on applying high standards for data privacy and data protection, net neutrality and intellectual property rights protection;
Amendment 14 #
Motion for a resolution
Recital C a (new) – Title 1 (new)
Recital C a (new) – Title 1 (new)
I. MEASURES TO REINFORCE CIIP AT NATIONAL AND UNION LEVEL
Amendment 15 #
Motion for a resolution
Paragraph 2
Paragraph 2
2. Notes the positive developments since the implementation of Directive 2008/114/EC4 , andAcknowledges that the Commission is considering revision of Council Directive 2008/114/EC and calls for providing evidence of effectiveness and impact of the directive prior to undertaking further steps; calls for its scope to be expanded, notably by including the ICT sector and giving consideration to areas such as financial services, health, food and water supply systems, nuclear research and industry (where these are not covered by specific provisions); takes the view that these sectors should also form partake the benefit of the cross-sectoral approach adopted by the CIWIN (consisting of cooperation, an alert system and the exchange of best practices);
Amendment 18 #
Motion for a resolution
Paragraph 3
Paragraph 3
3. Calls, in view of the inter-connected and highly interdependent, sensitive, strategic and vulnerable nature of national and EU CIIP, for the regular updating of minimum resilience standards to protecturopean Critical Information Infrastructures, for the regular updating of minimum standards for preparedness and reaction against any disruptions, incidents, destruction attempts or attacks, such as distributed denial of service;
Amendment 20 #
Motion for a resolution
Paragraph 3 a (new)
Paragraph 3 a (new)
3a. Expects that Critical Information Infrastructures owners and operators shall enable and if necessary assist users to utilize the appropriate means for protecting them from malicious attacks and/or disruptions, through both human and automated supervision, where needed;
Amendment 21 #
Motion for a resolution
Paragraph 3 b (new)
Paragraph 3 b (new)
3b. Supports cooperation between public and private stakeholders at the Union level, and encourages their efforts to develop and take up standards for security and resilience for the civilian - public, private or public-private – national and European CII;
Amendment 22 #
Motion for a resolution
Paragraph 3 c (new)
Paragraph 3 c (new)
3c. Calls on the Commission, in cooperation with the Member States, to assess the implementation of the CIIP action plan; urges the Member States to establish well-functioning National/Governmental CERTs; develop national cyber security strategies; organise regular national and pan- European cyber incident exercises, develop national cyber incident contingency plans and contribute to the development of a European cyber incident contingency plan by the end of 2012;
Amendment 23 #
Motion for a resolution
Paragraph 4
Paragraph 4
4. Recommends that operator security plans or equivalent measures be put in place for all European critical EU information infrastructures, and that security liaison officers be appointed;
Amendment 24 #
Motion for a resolution
Paragraph 4 a (new)
Paragraph 4 a (new)
4a. Welcomes the current review of the 2005/222/JHA Decision on attacks against information systems; Notes the need to coordinate the EU efforts in countering large-scale cyber-attacks, by including ENISA, Member States CERTs' and the future European CERT's competences;
Amendment 25 #
Motion for a resolution
Paragraph 4 a (new) – Title 2
Paragraph 4 a (new) – Title 2
II. FURTHER EU ACTIVITIES FOR ROBUST INTERNET SECURITY
Amendment 28 #
Motion for a resolution
Paragraph 5 b (new)
Paragraph 5 b (new)
5b. Supports ENISA, in line with the Digital Agenda goals, in exercising its duties with regard to network information security, and in particular by providing guidance and advising Member States how to meet the baseline capabilities for their CERTs, as well as to support the exchange of best practices through developing an environment of trust. Calls on the Agency to consult relevant stakeholders for defining similar cyber- security measures for private network and infrastructures owners/operators, as well as to assist the Commission and Member States in contributing to the development and uptake of information security certification schemes, norms of behaviour and cooperation practices among national- and European CERTs and infrastructure owners/operators as and where needed through the definition of technology neutral common minimum requirements;
Amendment 29 #
Motion for a resolution
Paragraph 5 c (new)
Paragraph 5 c (new)
5c. Welcomes the current proposal for review of the ENISA's mandate, in particular its extension and of the expansion of the tasks of the Agency. Believes that along with its assistance to Member States by providing expertise and analysis, ENISA should be entitled to manage a number of executive tasks at EU level, and in cooperation with the respective US counterparts, related to the prevention and detection of network and information security incidents and enhancing the cooperation among the member states. ENISA might also be assigned additional responsibilities, related to the response to Internet attacks to the extent that it brings a clear value added to the existing national response mechanisms.
Amendment 30 #
Motion for a resolution
Paragraph 5 d (new)
Paragraph 5 d (new)
5d. Welcomes the results of the 2010 and 2011 Pan-European Cybersecurity exercises, conducted across the Union and monitored by ENISA, whose goal was to assist Member States in designing, maintaining and testing a pan-European contingency plan. Calls on ENISA to maintain such exercises on its agenda and progressively involve relevant private operators as appropriate in order to increase Europe's overall Internet security capacities and looks forward to a further international expansion with like- minded partners;
Amendment 31 #
Motion for a resolution
Paragraph 6
Paragraph 6
6. Calls on the EU Member States to set up national cyber-security incident contingency plans, which shouldto include key elements such as relevant contact points and, provisions onf assistance, containment and repair in the eventcase of cyber- disruptions or -attacks with cross-border relevance; notes that the. Member States should also put in place appropriate coordinating mechanisms/ structures at national level, which would help to ensure better coordination amongst competent national authorities, and make their actions more coherent;s well as greater coherence of their actions. Via the EU cyber incident contingency plan, suggests that the Commission proposes binding measures for better coordination at EU level of the technical and steering functions among the National/ Governmental CERTs.
Amendment 39 #
Motion for a resolution
Paragraph 7
Paragraph 7
7. Recommends that the Commission propose binding measures designed to impose minimum standards on security and resilience and improve coordination among the national CERTs;
Amendment 41 #
Motion for a resolution
Paragraph 7 a (new)
Paragraph 7 a (new)
7a. Calls on Member States and the EU institutions to assure the existence of well- functioning CERTs, featuring certain pre- defined binding minimum security and resilience capabilities. National CERTs should be part of an effective network in which relevant information is exchanged in accordance with the necessary standards of confidentiality. Calls for the establishment of a 24/7 continuity of CIIP service for each Member State, as well as the setting up of a common European emergency protocol (which could be part of the CIWIN), to be applicable between the national contact points;
Amendment 42 #
Motion for a resolution
Paragraph 7 b (new)
Paragraph 7 b (new)
7b. Underlines that building trust and promoting cooperation between Member States is crucial for protecting data and national networks and infrastructures; Calls on the Commission to suggest a common procedure for identification and designation of a common approach to tackle ICT cross border threats, expecting that the Members States provide to the Commission generic information concerning risks, threats and vulnerabilities of their CII;
Amendment 43 #
Motion for a resolution
Paragraph 9
Paragraph 9
9. Welcomes the various stakeholder consultations on internet security and CIIP initiated by the Commission, includingas the European Public-Private Partnership for Resilience and the 2011 Digital Assembly;; Acknowledging the already significant involvement and commitment of ICT vendors in such efforts, encourages the Commission to make further efforts to encourage academia and ICT users' associations to play a more active role, and to foster constructive, multi-stakeholder dialogue on cyber- security issues; Supports of a further development of the Digital Assembly as a framework for CIIP governance;
Amendment 44 #
Motion for a resolution
Paragraph 10
Paragraph 10
10. Welcomes the work accomplished so far by the European Forum of Member States in laying downterms of setting sector- specific criteria forto identifying European critical EU infrastructure,s with a focus on fixed and mobile communications, and ins well as discussing the EU principles and guidelines for the resilience and the stability of the iin Internet, and; looks forward to continuing consensus- building among the Member Statesto build consensus among the Member States, and in this context encourages the Forum to complement the current approach focused on physical assets with efforts to also encompass logical infrastructure assets which, as virtualization and cloud technologies develop, will become increasingly relevant to the effectiveness of CIIP;
Amendment 47 #
Motion for a resolution
Paragraph 10 a (new)
Paragraph 10 a (new)
10a. Calls on Member States, with the support from the Commission, to strengthen the training and education programs on information security, targeted to national law enforcement and judicial authorities and the relevant EU agencies;
Amendment 48 #
Motion for a resolution
Paragraph 10 b (new)
Paragraph 10 b (new)
10b. Supports the creation of a European curriculum for academic experts in the field of information security, as it would have a positive impact on the expertise and preparedness of the EU with regards to the constantly evolving cyberspace and its threats;
Amendment 49 #
Motion for a resolution
Paragraph 10 c (new)
Paragraph 10 c (new)
10c. Suggests that the Commission launches a public pan-European education initiative, focused at educating and raising awareness of end-users on potential threats on the Internet and fixed and mobile ICT devices at every level of the utility chain and in promoting safer individual online behaviours;
Amendment 52 #
Motion for a resolution
Paragraph 11
Paragraph 11
11. Calls on the Commission to propose, by the end of 2012, a comprehensive internet security strategy for the Union, based on clear terminology; takes the view that the internet security strategy should aim at creating a cyberspace – supported by a secure and resilient infrastructure – which is conducive to innovation, and prosperity through the free flow of information and prosperity and whichwhile ensuring robust protectsion of privacy and other civil liberties; maintains that the strategy should detail the principles, goals, methods, instruments and policies (both internal and external) necessary in order to streamline national and EU efforts to ensure a safe, continuous, robust and resilient service, whether in connection with critical infrastructure or general internet use;
Amendment 53 #
Motion for a resolution
Paragraph 11 a (new)
Paragraph 11 a (new)
11a. Urges the Commission to propose a robust mechanism to coordinate the implementation and regular update of the Internet security strategy. This mechanism should be supported by sufficient administrative, expert and financial resources and have the competence to facilitate the elaboration of EU positions in relations with both internal and international stakeholders on Internet security related issues;
Amendment 60 #
Motion for a resolution
Paragraph 13 a (new)
Paragraph 13 a (new)
13a. Calls on the Commission to present a legislative proposal for further criminalising cyber attacks (i.e. spear- phishing, on-line fraud, etc.);
Amendment 61 #
Motion for a resolution
Paragraph 13 a (new) – Title 3 (new)
Paragraph 13 a (new) – Title 3 (new)
III. INTERNATIONAL COOPERATION
Amendment 63 #
Motion for a resolution
Paragraph 14
Paragraph 14
14. Recallminds that international cooperation is the core instrument for introducing effective cyber-security measures; recognises that, at present, the EU is not actively involved on an ongoing basis in international cooperation processes and dialogues relating to cyber-security; calls on the Commission and the European External Action Service (EEAS) to start a constructive dialogue with all like-minded countries with a view to developing a common understanding and policies with the aim of increasing the resilience of the internet and of critical infrastructure; maintains that, at the same time, the EU should – on a permanent basis – include internet security issues in the scope of its external relations, inter alia when designing various financing instruments;
Amendment 64 #
Motion for a resolution
Paragraph 14 a (new)
Paragraph 14 a (new)
14a. Takes note of the positive achievements of the 2001 Council of Europe Budapest Convention on cybercrime. At the same time, while encouraging more countries to sign and ratify the Convention, the EEAS should also build bilateral and multilateral agreements on Internet security and resilience with like-minded international partners;
Amendment 65 #
Motion for a resolution
Paragraph 15
Paragraph 15
15. Welcomes the creation, at the November 2010 EU-US Summit, of the EU-US Working Group on Cyber-security and Cyber-crime, and supports its efforts to develop the necessary set of standards in order to foster international cooperation on digital security; Welcomes the joint elaboration, by the Commission and the US government, under the umbrella of the EU-U.S. Working Group, of a common program and a roadmap towards joint/synchronized trans-continental cyber-exercises in 2012/ 2013;
Amendment 66 #
Motion for a resolution
Paragraph 15
Paragraph 15
15. Welcomes the creation, at the November 2010 EU-US Summit, of the EU-US Working Group on Cyber-security and Cyber-crime, and supports its efforts to develop the necessary set of standards in order to foster international cooperation on digital securityincluding the internet security issues in the transatlantic policy dialogue;
Amendment 67 #
Motion for a resolution
Paragraph 17 a (new)
Paragraph 17 a (new)
17a. Encourages the Commission and ENISA to participate in the main stakeholder dialogues to define technical and legal norms in cyberspace at an international level.