ENISA guide classifies Public and Private Partnerships into prevention focused, response focused and umbrella PPPs
EU’s cyber security agency European Network and Information Security Agency (ENISA) has launched a new guide with 36 recommendations on building effective Public and Private Partnerships (PPPs) for resilient IT security.
The critical information infrastructures (CII) in Europe are fragmented, said ENISA.
To meet the increasing CII-Resilience, PPPs have evolved to protect the digital economy in many member states, at different times, and under different legal frameworks. The evloution means, said ENISA, there is no common definition of what constitutes a PPP.
The new ENISA ‘s guide underlines the need for a common understanding across Europe and this is of particular importance for the European Public Private Partnership for Resilience (EP3R), an EU initiative, which is liaising with national PPPs on Critical Information Infrastructure Protection (CIIP) issues, said ENISA.
ENISA executive director Professor Udo Helmbrecht said there is a need for a truly international, global approach to cyber security and Critical Information Infrastructure Protection (CIIP).
"No country can create a CIIP strategy in isolation, as there are no national boundaries in cyber-space. PPPs are consequently one of the agenda items for the special EU-US Working Group on Cyber-Security and Cyber-Crime," said Helmbrecht.
The new guide classifies PPPs into prevention focused, response focused and umbrella PPPs for security and resilience. It covers the topics: why a PPP should be created; who should be involved; how a PPP should be governed; what services and incentives should be offered and when a PPP should be created; and other timing questions.
ENISA said its guide consolidates and validates a PPP-taxonomy and also describes, maps PPPs from the USA, Canada and Australia, identifying critical success factors for information sharing, and ways forward for international collaboration.