A new agency to coordinate IT security

  • A new ‘agency’ or ‘center for coordination’ of IT security is expected in the near future, with a budget of around €20 million.
  • A staged roll-out will start with the nomination of a Cyber-Security Czar – or Czarina – with a coordination and representational role.

Rumors are circulating about the possibility that a new federal agency for IT security is to be created in the near future, as part of the prime minister’s office. There is also a suspicion that action may be limited to progressive reinforcement of the institutions which already have a role in protecting the IT security of Belgium and its citizens, so as not to tread too heavily on any toes.

This is an ultra-sensitive issue, which has been on ministers’ desks for several months. Its profile has been raised abruptly as a result of revelations about cyber-spying which apparently impacted Belgacom. Most of the key players, including Defense, the Computer Crime Unit and the intelligence services, attended a meeting on Monday at the prime minister’s office.

A few days earlier, following a Cabinet meeting, Prime Minister Elio Di Rupo pointed out that action against cyber-crime was included in the government coalition agreement and that a cyber-security strategy had been announced several months previously. “We will find additional resources to fund the strategy’s implementation. This will be part of discussions on the draft 2014 budget.”

But while funding of the new cyber-security coordination body envisioned by the government is a difficult issue, the question of the form it should take is even trickier, given the reactions of existing bodies to the idea that they might have to give up some of their powers.

This is not the first attempt to coordinate the activities of all the different bodies involved in IT security. BelNIS, (Belgian Network for Information Security) was set up in 2005 by Peter Vanvelthoven (Flemish Social Democrats), then Minister for IT, as a framework for contacts between bodies with relevant powers and responsibilities. Its members meet every month. In 2007, in the midst of a storm created by attacks on British internet sites, BelNIS published a White Paper on cyber-security. However, in the absence of consensus and of the political will needed to make them a reality, the recommendations of this far-sighted document have remained dead in the water. “We are encountering a particularly serious problem in relation to training for computer scientists specializing in cyber-security,” noted Luc Berens, head of the Computer Crime Unit.

A Cyber-Security Czar – or Czarina?

There is general agreement on the urgent need to set up an IT security agency. The sticking point relates to its powers. “A decision is needed on whether it will have a power to direct all other relevant agencies in a crisis situation,” notes an inside source. “This would mean that an agency reporting to the prime minister could encroach on the powers of other ministers. However, even the word ‘agency’ causes some departments to get on their high horse. These are the sorts of issues which are delaying the decision.” According to our sources, the most likely way forward for the new agency will involve a step by step approach.

The government is likely to make an early announcement on a cyber-security Czar – or Czarina – to be supported by a team, which will initially be limited in size. Their role will be both to ensure that the activities of the different organizations involved in cyber-security are tightly coordinated and to represent Belgium at international meetings on cyber-security. The start-up budget is said to be likely in the order of €20 million. “However, over time, the agency will become more powerful, as it is given additional resources,” explained an informed insider.

ALAIN JENNOTTE

This entry was posted in Non classé. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>