EU proposes plan to secure Internet

In an effort to eradicate security threats to the member countries of the European Union, the European Commission released a plan Wednesday to increase cooperation between members to better secure the Internet.

The plan calls for more effective threat-warning systems, larger investments in security research and education, a standardized policy for encryption, and harsher punishments for cybercriminals.

Although the Internet's openness has been the source of its success, "this openness also entails certain risks, and that is why we need a strategy at the European level to tackle existing and emerging security threats," Erkki Liikanen, European Commissioner for the Enterprise and Information Society, said in a statement.

The proposal answered a call for a comprehensive strategy to secure electronic networks made by the Stockholm European Council in late March and follows in the footsteps of the United States' National Plan for Critical Infrastructure Protection.

The European proposal outlines a multi-pronged approach to boosting the security of the Internet.

At the top of the list is educating European citizens about the dangers of the Internet and companies about the best practices for securing their own networks. "Education systems in member states should give more emphasis to courses focused on security," the proposal says.

The draft also calls for a more comprehensive European Warning and Information System that combines the separate Computer Emergency Response Teams (CERTs) in the various countries into a single system.

"CERTs operate differently in each Member State, making cooperation complex," the proposal says. "The existing CERTs are not always well equipped and their tasks are often not clearly defined."

The commission also hopes to boost spending on security research and development. For 2001 and 2002, the EU will spend 30 million euros on collaborative research but hopes to boost that in its next major program.

Finally, the proposal calls for better standardization efforts on encryption and certification for security experts, as well as new laws to aid pursuit of cybercriminals across territory lines.

A separate treaty among member states targets part of the legal work. Known as the Cybercrime Treaty, the proposed rules will force signatories to aid other countries in their investigations and pursuit of cybercriminals.

The European Commission intends to solicit comments on the draft proposal until the end of August.