Legal and political gaps are hampering national/governmental computer emergency response...

looked at the current situation in Europe regarding CERTs’ capabilities in mandate and strategy, service portfolios, operations and cooperation. It found that CERTs’ roles are usually backed by government mandates whose details and form vary widely across the EU. But the mandate isn’t always clear enough, and CERTs often have problems of limited authority when requiring ISPs to handle incidents, it said. And “a great deal of work needs to be done regarding the proper inclusion of n/g CERTs in national cyber-security strategies” because fewer than half of EU members even have such strategies now, ENISA said. CERTs’ services vary based on which constituents they serve, it said. Governmental bodies get the full scope of CERT services, end-users and other customers only a subset, it said. Many CERTs have expertise that’s highly sought after by law enforcement agencies, it said. But when they handle incidents internationally, partnering CERTs don’t act in accordance with the information provided, it said. Moreover, CERTs often don’t develop their own tools and services, don’t make general incident statistics public, and usually aren’t involved in disaster recovery planning, it said. Operationally, many teams have only minimal staffing levels, and they report difficulties in hiring highly qualified staff in areas such as digital forensics and reverse engineering, it said. Money is a problem because many CERTs rely on national funding. Moreover, there aren’t many opportunities in Europe for training in deep technical aspects, it said. In the area of cooperation, ENISA said, CERTs are increasingly visible on the world stage and there’s a good deal of bilateral and regional cooperation among them. But stakeholders at the national level often aren’t sufficiently aware of the existence of CERTs and their responsibilities, and ISPs aren’t willing to share information with competitors, it said. Recommendations in ENISA’s second report (http://bit.ly/VLZosC) for remedying the situation include: (1) Better clarification of the role of CERTs, including funding provisions. (2) Identification of best practices and development of templates to comply with data protection rules. (3) Creation of a standardized approach to information exchange among CERTs. (4) Determination of alternate funding sources. (5) Hiring of PR experts to give CERT activities more visibility. Despite clear progress in putting their baseline capabilities in place, CERTs “still have a number of obstacles mainly (but not exclusively) of a political, legal and financial nature,” ENISA said.