An independent European think tank

Public Policy Approaches to Information Infrastructure Dependability

Terms of Reference for a Workshop on Public Policy to be held in Brussels on 28 February and 1 March 2002

DDSI is a project funded by the European Community under the Information Society Technology Programme (1998-2002)

Introduction
The emergence of an Information Society in Europe has led to a growing recognition of the need to ensure an environment in which dependable and trustworthy information infrastructures can be developed. As the European economy becomes more dependent upon electronic communications and upon the Internet, so critical business and social processes are becoming more vulnerable to accidental or malicious failures in information systems. The eEurope Action Plan 2002, the June 2001 Network & Information Security Communication and the December 2001 Resolution provided a starting point for a strategic European approach to dependability by identifying the dependability and security challenges and the rationale for European public policy; they also recommended certain actions. The December 2001 Resolution also mandated the Commission to propose further measures to enhance network and information security across the Union. A logical outcome of the current process would be the development of a policy road-map that provides a strategic overview of EU objectives, lays out the structures by which policy should be made and implemented, identifies the steps that are required to enhance dependability and the policy levers that can be used to stimulate market, technical and governmental solutions to these challenges.

The objective of the Dependability Development Support Initiative (DDSI) is to support the European Commission in the development of dependability policies across Europe and across sectoral boundaries. DDSI aims to establish networks of interest, to provide baseline data and to develop policy roadmaps. These products will support policy activities by European institutions and by public and private sector stakeholders across the EU, in Accession States and in partner nations. The June 2001 EC Communication on network and information security suggested to move towards a European Warning & Information System (EWIS). To this end, the Commission has launched an activity to promote the co-operation between stakeholders (such as ISPs, CERTs, Telcos, etc.) to progress towards the integration of early warning systems against cyber-attacks; more information is available on the EWIS Forum ewis.jrc.it. Finally, the Commission has also stimulated consultations on infrastructure interdependencies and vulnerability analysis through the DEPPY Forum deppy.jrc.it. In October 2001, the DDSI and the Joint Research Centre organised a technical workshop on EWIS that brought together European stakeholders and provided initial recommendations for development of EWIS. Subsequent to this, DDSI organized a workshop in Brussels on 17 and 18 January 2002 to allow participants to reflect on the specific technological, legal and commercial complexities associated with the proposed warning and information system. This was the first of several events detailed in the DDSI workplan, and part of several community-building exercises whose objective is to lay the groundwork for collaborative frameworks that will enable cross-sectoral synergy to develop and ensure the implementation of long term responses to the problems of dependability.

Terms of Reference DDSI Public Policy Workshop v7

Alongside these workshops have been two key studies the first outlining a Conceptual Framework of Dependability in Europe and Internationally, while the second outlined Global Overviews of Country and International/Inter-Governmental Organisations Approaches to Dependability. These reports will form a key part of the overall DDSI output and findings. DDSI is organising this Public Policy Workshop to allow participants to reflect on the current state of dependability and information security, to identify where action is needed and to begin work on a road-map to enhance the dependability and security of European information infrastructures. It will be held in Brussels on 28 February and 1 March 2002 and is organised by the EU IST Project DDSI (Dependability Development Support Initiative) (IST-2000-29202).

Objectives
The European Union has set itself the strategic goal of becoming the most competitive and dynamic knowledge-based economy in the world capable of sustainable economic growth with more and better jobs and greater social cohesion. This strategy is being implemented by the eEurope Action Plan 2002. One of the Action Plans objectives is the development of a cheaper, faster and secure Internet. An important action line under this objective has been defined as: Stimulating public/private co-operation on dependability of information infrastructures (including the development of early warning systems). A number of activities have been undertaken by the European Commission in support of this action line. The Commission has fostered dependability-related R&D and dealt at length with the legal requirements of the fight against cyber-crime and the promotion of data protection. It has also launched work on development of early warning systems against cyber-attack and stimulated work on infrastructure interdependencies and vulnerability analysis. The objective of the workshop is to foster community-building among stakeholders and to develop common analyses and recommendations on the most pressing challenges for public policy. The aims of the workshop are: i) ii) iii) to raise awareness of dependability issues amongst European policymakers, in Member States and in Newly Associated States to facilitate debate across European institutions about the European dimensions to dependability and network security to generate ideas from the participants about the priority issues to be tackled at the European level and methods by which the issues can be addressed both at the national and European levels

Terms of Reference DDSI Public Policy Workshop v7

This process will ensure wider understanding of the dependencies inherent in the Information Society and engage European policymakers in defining policy responses. The interest stimulated by this initial workshop will be built upon in the final conference

Expected Results
It is intended that this workshop will have the following results: - Consolidate the cross-sectoral and international community of stakeholders with a direct interest in a more dependable information infrastructure in Europe. Workshop participants will be drawn from EU Member States, European institutions and the private sector. Participants will also include representatives from Accession States, the EUs international partners and international organisations. - Provide analysis and recommendations for policy-makers in the EC, governments and industry - Contribute to a policy road-map for action

WORKSHOP STRUCTURE
The workshop has been designed to ensure maximum progress is made in a short space of time. Understanding that some high level decision makers will not be able to afford to spend more then a half day on the workshop, the structure allows effective participation by key players at different levels. The focus will be upon common problem solving in order to ensure that the workshop produces concrete recommendations jointly owned by a wide spectrum of stakeholders. This format will also encourage community building amongst those stakeholders who will work together to foster a comprehensive understanding of the need for commercial, technical and legal actions towards achieving a dependable information infrastructure in Europe.

Structure
The workshop will examine the following perspectives: Experiences of Member States in developing dependability and network security policies The Global Context Business Requirements Citizen Requirements European Dimensions

Speakers and participants will examine the following issues: What are the dependability and security challenges that the market is failing to address? How can public policy address these challenges (e.g. public-private partnerships, legislation/regulation, investment, stimulation of market solutions)? How can policy conflicts be reconciled?

Terms of Reference DDSI Public Policy Workshop v7

What actions should take place at European level? How can the eEurope Action Plan be implemented in this area? What type of research is required to support these policy activities? How can this research be pursued in an EU context?

The workshop is structured around specific steps. Each step will be taken in a roundtable approach, kicked-off by approx. 3 stakeholders who will raise the principle issues and propose solutions. The objective of the discussion is to generate specific recommendations that have the widest possible support from stakeholders. The steps are as follows: Kick-off by top-level representatives on the reasons why creating a dependable information infrastructure in Europe is important and why public policy actions are required Presentations on national experiences & approaches A first round-table aiming at identifying the primary issues and challenges A second round-table in which business and consumers discuss the role that Europe needs to play in meeting challenges A third round-table to highlight the specific issue of what needs to be done to integrate accession countries Final discussions to develop proposals and a road-map for policy action at European level

Participants
Workshop participants will comprise up to 40 stakeholders and experts invited primarily from the following communities: European National and regional governments Representatives from Newly Associated States Representatives from international organisations and key international partners of EU (USA, Canada, Japan, Australia) Private sector end-users (finance, utilities, manufacturing, retail, transportation) ICT industry Telecom and ISPs SME/consumer representatives European Commission CERTs and information assurance & security specialists Research community

Invitations will be extended to a wide set of stakeholders to ensure broad representation of different technical, business, legal and policy issues related to information assurance and dependability.

Organisation
The workshop will be held in Brussels on Thursday 28 February and Friday 1 March 2002 at the following location:
Terms of Reference DDSI Public Policy Workshop v7 5

Hotel Radisson SAS Brussels The workshop will begin at 10:30 on Thursday and finish at 16:30 on Friday. All participants are invited for a reception and dinner at the end of the first day. Detailed information about the workshop will be posted at: http://www.ddsi.org The organisation of the meeting is led by Dr Kevin OBrien, who can be contacted at obrien@rand.org or +44(0)1223-353329 tel, +44(0)1223-358845 fax.

PREPARATORY WORK
This workshop is part of the DDSI process which aims to inform policy-making by providing roadmaps derived from analysis and extensive discussion with stakeholder communities. DDSI will support the workshop by providing framework analyses and platforms for discussion.

Background Materials
This workshop will draw on background papers and earlier discussions, including the results of a global and European policy inventory conducted by DDSI. In addition DDSI will provide a conceptual framework for framing the issues. Additional background information about DDSI and its activities is available at http://www.ddsi.org The role of DDSI is to facilitate an overarching understanding of issues related to dependability of information infrastructures. All materials from the workshop will be posted on the official DDSI website.

Terms of Reference DDSI Public Policy Workshop v7