The ENISA feasibility study underlines that EU-wide data collection is a complex matter. ENISA identified ca 100 potential partners and evaluated >60 existing data collection initiatives. A single and centralised EU data collection partnership (“one-size-fits-all”) is neither feasible nor desirable. Conversely, new and innovative partnerships to move forward in this area are both needed and possible. In this context, ENISA supports the creation of a new partnership (PISCE) to tie together existing/new data collection initiatives to improve information & data exchange, promote common collection methodologies, and build trusted relations between partners. PISCE may become a powerful European area for information exchange on IT security and consumer confidence trend data. ENISA advocates to first concentrate on a selection of the most promising partners but keeping the door open to new entrants.
Time to act for decision makers: no free NIS lunch
EU wide data collection is hindered by 2 factors – a weakness of expressed demand by policy makers and the absence of a driving force with a long-term mandate. Nevertheless, the involvement of dozens of organisations and 100’s of data collection reports do not exist without a reason, but still a more direct commitment by policy makers is needed. A wealth of data exists: of different nature and from different sources, but the question is how to assess their reliability, and how to combine it. Not all want to share the information they have on embarrassing security incidents. Moreover, data collectors want a return on their investment. Collecting, aggregating and sharing data needs a sustainable business model.
The Executive Director of ENISA, Mr Andrea Pirotti, comments:
“ENISA will support the establishment of PISCE, a partnership open to security researcher, business partners, and public policy makers.”