Re: Réf. : [AfrICANN-discuss] Protecting Critical Information Infrastructures:Something for RECs to think about?

Anne-Rachel Inné annerachel at gmail.com
Tue Mar 31 18:29:42 SAST 2009


Aucun problème, on est tous proactif sur la liste!
merci de poster tout ce que vous trouvez autour d'Internet en Francais et de
partager avec les autres :-) ...

Voir aussi les newsletter de ICANN en francais:
http://www.icann.org/fr/newsletter/
Bloggez en francais sur ICANN: http://blog.icann.org/
et le lien que j'ai oublie d'envoyer a Abdallah:
http://www.domainesinfo.fr/index.php
ar

On Tue, Mar 31, 2009 at 4:46 PM, media tic <media.tic01 at gmail.com> wrote:

> J'ai plaidé dans le même sens. Peut-être que si tous les francophones
> "limités en anglais" comme Abdallah et moi se font aussi entendre, il
> pourrait y avoir évolution. Après tout, internet c'est aussi la diversité,
> non?
>  Gratien
>
>  On Tue, Mar 31, 2009 at 4:07 PM, Emile ONANGA-ANOTHO <onanga at hotmail.com>
> wrote:
> > Morning Inné,
> > Ah, would you written (or wrote) in french please, because my english
> level
> > is some bad!!!
> > think you
> >  Je crois tu m'as bien compris et que je ne viens pas de dire une grosse
> > betise!!!
> > Merci en tout cas pour l'entreprise que tu as pour nous informer
> davantage!
> > A bientôt
> > E ONANGA-ANOTHO
> >
> > -------Message original-------
> >
> > De : Anne-Rachel Inné
> > Date : 03/30/09 17:54:42
> > A : africann at afrinic.net
> > Sujet : [AfrICANN-discuss] Protecting Critical Information
> > Infrastructures:Something for RECs to think about?
> >
> >
> > Protecting Critical Information Infrastructures: Frequently Asked
> Questions
> >
> > What are Critical Information Infrastructures?
> >
> > There is no globally shared definition of Critical Information
> > Infrastructures (CII). In its Green Paper on a European Programme for
> > Critical Infrastructure Protection (EPCIP), the European Commission
> captured
> > the concept of CII as being all "ICT systems that are critical
> > infrastructures for themselves or that are essential for the operation of
> > critical infrastructures (telecommunications, computers/software,
> Internet,
> > satellites, etc.)". In 2008, the OECD defined CII as "those
> interconnected
> > information systems and networks, the disruption or destruction of which
> > would have a serious impact on the health, safety, security, or economic
> > well-being of citizens, or on the effective functioning of government or
> the
> > economy".
> >
> > Despite the existing differences in national and international policy
> > contexts, what is important is that the notion of CII is conducive to a
> > holistic policy perspective on the secure and continuous functioning of
> ICT
> > systems, services, networks and infrastructures (ICT infrastructures) of
> > which the Internet is a very important component, due to its widespread
> > diffusion and the process of technological convergence.
> >
> > Why is action at EU level to protect these infrastructures urgently
> needed?
> >
> > Cyber attacks have risen to an unprecedented level of sophistication.
> What
> > used to be simple experiments are now turning into sophisticated
> activities
> > performed for profit or political reasons. The recent large scale
> > cyber-attacks on Estonia, Lithuania and Georgia are the most widely
> covered
> > examples of a general trend. The huge number of viruses, worms and other
> > forms of malware, the expansion of botnets[1] and the continuous rise of
> > spam confirms that this is a severe problem.
> >
> > The high dependence on CII, their cross-border interconnectedness and
> > interdependencies with other infrastructures (e.g. energy
> infrastructures),
> > as well as the vulnerabilities and threats they face raise the need to
> > address their security and resilience in a systemic perspective as the
> > frontline of defence against failures and attacks.
> >
> > Because of the transnational dimension of this issue, a more integrated
> and
> > coordinated approach throughout the European Union will usefully
> complement
> > and add value to the programmes which are already in place within Member
> > States. This will also reinforce the wealth creation capabilities of the
> > Single Market.
> >
> > It is clear that no single "silver bullet" solution will be able to
> provide
> > all the answers, but simply leaving the situation as is will not lead to
> > satisfactory results. It is necessary to establish the right policy
> > framework – in particular for economic and societal drivers and
> incentives –
> > on the basis of a shared responsibility and cooperation amongst all the
> > involved stakeholders. It is vital to promote operational/ tactical
> > cooperation in the short and medium term (until 2010-2011) as well as
> > strategic policy discussion for long-term scenarios (2012 and beyond).
> The
> > work must start now in order to prepare Europe against large-scale cyber
> > attacks and disruptions.
> >
> > How does this initiative relate to the debate around European efforts
> > towards an increased and modernised network and information security
> policy?
> >
> > The Commission's initiative on Critical Information Infrastructure
> > Protection focuses on prevention, preparedness and awareness and defines
> a
> > plan of immediate actions running until 2011 to strengthen the security
> and
> > resilience of CII. The focus and timeframe are consistent with the debate
> > launched at the request of the Council and the European Parliament to
> > address the challenges and priorities for network and information
> security
> > policy and the most appropriate instruments needed at EU level to tackle
> > them beyond 2012. The work conducted and the lessons learned under the
> > Commission's proposed action plan will be an important contribution to
> the
> > more general debate on an increased and modernised European policy in
> this
> > area.
> >
> > Why is the Commission proposing voluntary rather than binding measures?
> >
> > Ensuring the security and resilience of CII requires cooperation between
> > public and private actors, which is largely based on trust. A non-binding
> > approach will be more effective in steering a dialogue through which
> > interested parties can work out the best way to cooperate and share best
> > practices. During the consultation process prior to the launch of this
> > initiative, Member States' and private sector representatives strongly
> > supported the proposed initiative and confirmed the need and willingness
> to
> > cooperate at EU level, as long as this remained voluntary.
> >
> > This does not mean that a binding approach can not be used to enhance the
> > level of security and resilience of CII. Proposals by the European
> > Commission to reform the Electronic Communication regulatory package –
> > including provisions to strengthen operators’ obligations to ensure that
> > appropriate security measures are taken, and those on mandatory security
> > breach notification – show that binding measures are considered when it
> is
> > feasible and useful.
> >
> > Moreover, there is not yet sufficient data on security incidents and
> their
> > impact across the different sectors to define and frame additional
> > regulatory measures in a consistent economic and public policy
> perspective.
> >
> > What are the specific objectives of the Critical Information
> Infrastructure
> > Protection initiative?
> >
> > The Commission's proposal covers the following objectives:
> >
> > Foster cooperation, exchange of information and transfer of good policy
> > practices between Member States via a newly-established European Forum.
> > Develop a public-private partnership at the European level on security
> and
> > resilience of CII to support sharing of information and dissemination of
> > good practices between public and private stakeholders.
> > Enhance incident response capability in the EU by increasing national
> > capacities, possibly built on National or Governmental Computer Emergency
> > Response Teams/Computer Security Incidents Response Teams (CERTs/CSIRTs)
> as
> > well as by encouraging and supporting the European cooperation between
> these
> > entities with a view to facilitate the exchange of information, technical
> > measures and good practices.
> > Promote the organisation of national and European exercises for
> contingency
> > planning and disaster recovery on simulated large-scale network security
> > incidents.
> > Reinforce international cooperation on global issues, in particular on
> > resilience and stability of Internet.
> >
> > What is the purpose and value of a European Forum for Member States?
> >
> > Although there are commonalities among the challenges and the issues
> faced,
> > measures and regimes to ensure the security and resilience of CII, as
> well
> > as the level of expertise and preparedness, differ across Member States.
> >
> > Purely national approaches run the risk of producing fragmentation and
> > inefficiency across Europe. Differences in national approaches and the
> lack
> > of systematic cross-border co-operation substantially reduce the
> > effectiveness of domestic countermeasures, inter alia because, due to the
> > interconnectedness of CII, a low level of security and resilience of CII
> in
> > a country has the potential to increase vulnerabilities and risks in
> other
> > ones.
> >
> > To overcome this situation a European effort is needed to bring added
> value
> > to national policies and programmes by fostering the development of
> > awareness and common understanding of the challenges; stimulating the
> > adoption of shared policy objectives and priorities; reinforcing
> cooperation
> > between Member States and integrating national policies in a more
> European
> > and global dimension.
> >
> > These are the reasons why the Commission has proposed to establish a
> > European Forum for Member States to share information and good policy
> > practices on security and resilience of CII.
> >
> > Why a Public-Private Partnership for Resilience (EP3R)?
> >
> > Enhancing the security and the resilience of CII poses peculiar
> governance
> > challenges. While Member States remain ultimately responsible for
> defining
> > CII-related policies, their implementation depends on the involvement of
> the
> > private sector, which owns or controls a large number of CII. On the
> other
> > hand, markets do not always provide sufficient incentives for the private
> > sector to invest in the protection of CII at the level that public
> > authorities would normally demand.
> >
> > Public-private partnerships (PPPs) have emerged at the national level as
> the
> > reference model to address this governance challenge. However, despite
> the
> > consensus that this approach would also be desirable on the EU level,
> > European PPPs have not materialised so far.
> >
> > PPP at the EU level could play an important role to complement the work
> > carried out by Member States at national level – in particular, in areas
> > like the exchange/promotion of good policy practices and measures, the
> > implementation of cross-border security and resilience measures for CII,
> the
> > adoption of preventive measures and response strategies, etc.
> >
> > A Europe-wide multi-stakeholder governance framework, which may include
> an
> > enhanced role of ENISA, could foster the involvement of the private
> sector
> > in the definition of strategic European public policy objectives as well
> as
> > operational priorities and measures. The focus would be on enhancing the
> > security and resilience of CII and the coordination of preventive and
> > response activities.
> >
> > This framework would bridge the gap between national and EU policy-making
> > and operational reality on the ground.
> >
> > What will be the remit and the form of the proposed Public-Private
> > Partnership?
> >
> > The concrete remit of this PPP might initially consist of:
> >
> > Knowledge sharing to deepen the understanding and mastering of European
> > challenges for the security and resilience of CII;
> > Identification and dissemination of good baseline practices and commonly
> > agreed guidelines and standards for the security and resilience of CII.
> >
> > The work of this PPP should be focused on specific issues and be
> > action-oriented. The topics discussed should have a cross-border or
> global
> > dimension.
> >
> > In terms of form, it is proposed that the setting-up of the European
> Public
> > Private Partnership for Resilience (EP3R) CII would follow a step-by-step
> > approach so that, on the one hand, stakeholders would discuss and design
> the
> > necessary building blocks that would best match their requirements and,
> on
> > the other hand, the work on the key challenges that require this kind of
> > approach could immediately start. The first step of this process is the
> > workshop on the EU policy dimension of vulnerability management and
> > disclosure process of 31 March 2009.
> >
> > What is the role of the European Network and Information Security Agency
> in
> > this initiative?
> >
> > The Commission has called on the European Network and Information
> Security
> > Agency (ENISA) to play a key role in supporting this initiative by
> > encouraging dialogue and cooperation between Member States, the private
> > sector and other relevant players across Europe, building on the findings
> > and results it has already contributed in this area.
> >
> > How does this initiative relate to the European Programme on Critical
> > Infrastructure Protection and other EU activities in the area of justice
> and
> > home affairs?
> >
> > The activities planned in today's Communication are conducted under and
> in
> > parallel to the European Programme for Critical Infrastructure Protection
> > (EPCIP). A key element of EPCIP is the Directive on the identification
> and
> > designation of European Critical Infrastructures, which identifies the
> ICT
> > sector as a future priority sector. One element of the CIIP action plan
> is
> > to further develop the criteria for identifying European Critical
> > Infrastructures for the ICT sector which will help implement the above
> > mentioned Directive.
> >
> > The proposed actions are also complementary to existing third pillar
> > initiatives – e.g. fight against cyber-crime – as envisaged by the
> Council
> > Framework Decision on Attacks Against Information Systems adopted in 2005
> > (2005/222/JHA). As the CIIP initiative focuses on prevention,
> preparedness
> > and awareness to enhance the intrinsic security and resilience of CII, it
> > does not conflict with or duplicate the efforts carried out under the
> third
> > pillar, i.e. by police and judicial cooperation addressing measures to
> > prevent, fight and prosecute criminal and terrorist activities targeting
> > CII.
> >
> > How does the Commission's action plan relate to international efforts in
> > this area?
> >
> > This initiatives takes stock and builds upon recognised international
> > principles such as the G8 principles on CIIP, the UN General Assembly
> > Resolution 58/199 'Creation of a global culture of cybersecurity and the
> > protection of critical information infrastructures' and the recent OECD
> > Recommendation on the Protection of Critical Information Infrastructures.
> >
> > The initiative complements work conducted by NATO on cyber-security –
> > specifically the common policy on cyber defence and the activities of the
> > Cyber Defence Management Authority (CDMA), announced by NATO on April
> 2008,
> > as well as the outputs of the NATO's Cooperative Cyber Defence Centre of
> > Excellence (CCD-COE). NATO initiatives are mostly focused on military
> > defence whereas the Commission's proposal works to facilitate the
> > coordination and cooperation of public and private resources and
> > capabilities across Member States.
> >
> > Does the action plan include regulatory measures for the Internet?
> >
> > The action plan does not propose any measure aimed at regulating the
> > Internet. It proposes three complementary activities to enhance the
> > resilience and stability of the Internet.
> >
> > The Commission will launch a Europe-wide debate to define EU priorities
> for
> > the long-term resiliency and stability of the Internet.
> > The Commission will work with Member States to define appropriate
> principles
> > and guidelines for Internet resilience and stability.
> > The Commission, together with Member States, will develop a roadmap to
> > promote these principles and guidelines at the global level, building
> upon
> > strategic cooperation with third countries.
> >
> > What is the timing envisaged by the action plan?
> >
> > The different actions have different targets and timelines, running from
> > 2009 until the end of 2011. However continuous European efforts will
> still
> > be needed beyond 2011. A stock-taking exercise will already be conducted
> at
> > the end of 2010 and lessons learned will be used as an input into the
> debate
> > on the future of Network and Information Security beyond 2012.
> >
> > How will the Commission monitor the implementation of the action plan?
> >
> > The Commission identified in the impact assessment of the Communication a
> > number of indicators for achieving the objectives of the action plan.
> These
> > include, the number of meetings and conferences organised at EU level
> with
> > relevance to security and resilience of CII; the agreements on common
> > terminology and procedures for the collection and dissemination of
> > information on economic impacts of security incidents; the number of
> > National/Governmental CERTs participating in the European Governmental
> CERTs
> > Group; the number of international agreements on mutual assistance,
> > recovery, and remedial strategies for the resilience and stability of the
> > Internet.
> >
> >
> http://ec.europa.eu/information_society/policy/nis/strategy/activities/ciip/index_en.htm
> >
> > IP/09/494
> >
> > ________________________________
> >
> > [1] A group of computers, often very large, that malicious hackers have
> > brought under their control. While most owners are oblivious to the
> > infection, the networks of tens of thousands of computers are used to
> launch
> > spam e-mail campaigns, denial-of-service attacks or online fraud schemes.
> >
> >
> > _______________________________________________
> > AfrICANN mailing list
> > AfrICANN at afrinic.net
> > https://lists.afrinic.net/mailman/listinfo.cgi/africann
> >
> >
>
> _______________________________________________
> AfrICANN mailing list
> AfrICANN at afrinic.net
> https://lists.afrinic.net/mailman/listinfo.cgi/africann
>
>


-- 
Anne-Rachel Inne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20090331/2253e746/attachment-0001.htm


More information about the AfrICANN mailing list