The European network and information security agency ENISA has brought out a ‘Threat Landscape and Good Practice Guide for Internet Infrastructure’. ENISA is organising an EU Threat Landscape Workshop on February 24, 2015, in Brussels.
The report classifies the threats applicable, highlighting “important specific threats” that disrupt connectivity. These include routing threats, DNS threats, and (Distributed) Denial of Service. Each threat is linked with a list of assets exposed. Overall, ENISA sees an increase in these threats.
The report takes stock of publicly available security measures to protect internet infrastructure. It details good practices to make an Internet infrastructure more secure. A gap analysis outlines shortcomings of current good practices. Gaps are linked to the application of skill sets in all specific threats analysed, as well as to system configuration and essential addressing protocols for (Distributed) Denial of Service.
Five technical recommendations and four organisational recommendations are proposed for enhanced security through the development and application of good practices, and the importance of collaboration. For the full 64-page report visit – http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/iitl
Udo Helmbrecht , Crete-based ENISA’s Executive Director, said: “Threats analysed in the current study indicate they are globally on the rise. It is important to apply good practices and promote the exchange of information, in order to mitigate threats and secure Internet infrastructure. ENISA’s Guide gives an up to date overview of emerging threats and lays the foundations for the community towards a more secure Internet infrastructure through proper risk assessment, training and evaluation.”
Visit http://www.enisa.europa.eu.
Comment
Dr Wael Aggan, CEO of CloudMask, said: “ENISA’s report should be a wake-up call for the prime minister following his remarks to abolish encryption. The upcoming data protection regulation and the in-depth ENISA report sit on the other side of the fence to David Cameron. It’s a basic human right to be able to protect your data in a democratic world.
“David Cameron should not be convincing companies to offer less security to their customers. He should be doing just the opposite. The law specifically ensures that companies are not required to be an agent of the state but rather serve their own IP and the privacy interests of their customers. ENISA’s report to encourage a variety of Privacy-Enhancing Technologies (PETs) in the design process is welcoming. The industry needs to collaborate and work on solutions that align to every citizens basic privacy needs and is embedded from the beginning of the design process. Security should not be an afterthought.”
