Local view for "http://purl.org/linkedpolitics/eu/plenary/2002-10-23-Speech-3-175"
| Predicate | Value (sorted: default) |
|---|---|
| rdf:type | |
| dcterms:Date | |
| dcterms:Is Part Of | |
| dcterms:Language | |
| lpv:document identification number |
"en.20021023.4.3-175"2
|
| lpv:hasSubsequent | |
| lpv:speaker | |
| lpv:spoken text |
". – Madam President, little more than a year ago we gathered in this House to discuss the outcome of the proceedings of the Temporary Committee on Echelon. A few days later, on 11 September, the entire world was in shock.
The newly adopted
Europe 2005 Action Plan aims to strengthen the exchange of information and good practice, to establish a European centre of competence, to create a culture of security and to establish a secure communication environment. We need to assign responsibilities to all the sectors involved in information and communication technologies in order to create a culture of security.
The Council resolution of 28 January 2002 on a common approach and specific actions in the area of network and information security also developed this concept further. It welcomes the intention of the Commission to make proposals for the establishment of a cyber security task force.
The European Parliament has dealt with the issue by preparing a report on the Commission’s policy proposal, which was adopted yesterday, calling for a strong European answer to the increasing information security problem.
With the European Parliament, the Council and the Commission advocating closer European coordination, the setting up of a ‘security entity’, as the most efficient way to achieve this objective, is now under consideration.
The proposal being considered at present suggests a number of issues, interests and concerns that are addressed by Parliament. Based on those concerns, the following measures may be suggested: a centre of expertise should be set up, bringing together competent people that will be trusted by public bodies and national and Community institutions, as well as by the private sector; will help to establish internationally recognised standards; and will be able to act efficiently and quickly. Sufficient human and financial resources will therefore be necessary to enable smooth and flexible operation, as will a coherent approach – including cross-pillar dimensions – since security also touches upon certain issues related to law enforcement and national security concerns.
Let me turn now to data protection. Article 17 of the general data protection directive contains the principle of data security. The new directive on the processing of personal data and the protection of privacy in the electronic communications sector was adopted last July. It will provide a high level of protection for processed personal data. It includes a provision that requires Member States to guarantee confidentiality of communications and to prohibit any form of interception. However, Member States can, according to the European Convention on Human Rights, take measures where this is necessary to safeguard national or public security interests or to investigate crime and prosecute criminal offences.
The Commission has launched initiatives to ensure compatibility between data protection and privacy rules on the one hand and law enforcement needs on the other. With this in view, an EU Forum on Cyber-Crime has been set up.
As far as the interception of telecommunications for criminal investigation purposes is concerned, the Commission believes that the interception rules in the EU Convention on Mutual Legal Assistance in Criminal Matters constitute, at the current stage, a balanced approach.
The dual-use regulation, which includes export control provisions for information security products and services, in place since September 2000, guarantees the availability and free circulation of encryption products and technologies throughout the European Union. Its implementation has been successful, and the Commission is currently discussing the complex issue of export controls with candidate countries.
As for the technology itself, support through the Community’s framework research programme, in particular the information society technologies programme, has improved the conditions for developing top-of-the-range encryption products. This brings me to the activities undertaken to improve our in-house information and communication systems.
The world changed. The role of network and information security proved to be crucial. We also found that European society was increasingly vulnerable to problems related to network and information security.
Following the adoption of the regulation on the protection of individuals with regard to the processing of personal data by the Community institutions, a wide-ranging security review took place. As a result, a Commission decision has been adopted containing security provisions and extensive rules on IT security. This decision substantially improves the protection of Commission documents which are not accessible to the general public. It further defines the various responsibilities of actors, including security clearance of personnel and security briefings.
Furthermore, a Commission-wide technical auditing process has been carried out. Action to improve the situation is ongoing. As you see, we have achieved quite a lot already, but there is still a substantial amount of work to be done.
The recently adopted data protection directive, the report from the European Parliament on the proposed information security policy, the eEurope 2005 Action Plan and the plans to establish a European cyber security unit will further lay down the modalities for future work in the area of network and information security.
But enhanced cooperation is also needed globally. As an example of this cooperation, it is worth mentioning that the Commission was extensively involved in the drawing up of the recently adopted OECD guidelines on the security of information systems and networks.
These guidelines emphasise the importance of applying certain common principles for information security, underpin the work which is taking place at European level and are in line with the ‘culture of security’ principle as addressed in the
Europe 2005 Action Plan.
In December, the Telecommunication Council will debate and monitor the status of implementation of the common European strategy on network and information security, an issue the Danish presidency sees as a top priority.
Through these actions by the European institutions and Member States, we hope to sharpen the focus and step up efforts on network and information security as a vital measure to prevent illegal interception or economic espionage, underpinning the smooth functioning of our economies and societies.
Before responding to the main concerns raised by the European Parliament, I would like stress, as I did last year, a strong and solid underlying principle: the European Union is founded on respect for human rights and fundamental freedoms, based on Article 6 of the Treaty and the Charter of Fundamental Rights.
It is important also to keep in mind that Member States remain responsible for the conduct and supervision of intelligence operations, unless the Council decides otherwise, as specified in Title V of the Treaty on the European Union.
With the rapid spread of information technology, economic growth, productivity, employment and social equity have come to depend increasingly on the smooth operation of ICTs.
In today’s debate, network and information security is about ensuring the availability of services and data, preventing the disruption and unauthorised interception of communications, securing the confidentiality of data and protecting information systems against unauthorised access.
Full security will never be achievable. There will always be weak points, attacks, incidents and failures that will generate damage. This is no different from other technologies or other aspects of daily life. Society as a whole, as well as individuals, has to learn how to manage the risks involved in the networks and information systems.
Security has therefore become a major policy concern. Governments have wider responsibilities towards society and are making efforts to improve security on their territory.
This was the underlying objective of the Commission Communication on Network and Information Security, which proposed a number of measures, such as awareness-raising actions and improved exchange of information mechanisms. One example of awareness raising is the benchmarking of national policies in support of secure e-business."@en1
|
| lpv:unclassifiedMetadata |
"e"1
|
Named graphs describing this resource:
The resource appears as object in 2 triples