Agreement with the European Commission’s CERT-EU on cyber-security
On 13 March 2017 EUROCONTROL and the European Commission DIGIT Computer Emergency Response Team (CERT-EU) signed a Service Level Agreement to improve cyber security. On 5 April 2017, this agreement was formally presented to EUROCONTROL by Gertrud Ingestad, the Director General of the European Commission Directorate General for Informatics (DIGIT).
CERT-EU's mission is to support the European Institutions, agencies and bodies to protect themselves against intentional and malicious attacks that would hamper the integrity of their IT assets and harm the interests of the EU.
CERT-EU will provide services to EUROCONTROL in order to support the setting up of the European Air Traffic Management Computer Emergency Response Team (EATM-CERT®). CERT-EU will make available some information and cyber-security tools to EATM-CERT as well as sharing experience, expertise, advice and procedures on how to operate a CERT efficiently.
Gertrud Ingestad, Director General of DIGIT, said “The EU institutions have benefitted since more than five years of the support of CERT-EU to mitigate cyber risks. I'm very happy that we can support EUROCONTROL in the setting up and the operation of the EATM-CERT. We are looking forward to a fruitful cooperation in the protection of this critical infrastructure.”
Freddy Dezeure, Head of CERT-EU, commented “We are all experiencing an increase in cyber threats – in terms of frequency, level of sophistication and scope. We have to raise the bar to make it more difficult for our adversaries and to detect them more quickly when they succeed. The work of CERTs is key to addressing this challenge. We are very pleased to have EUROCONTROL as one of our trusted partners.”
Frank Brenner, the Director General of EUROCONTROL, noted “Benefiting from CERT-EU experience, information and services will ensure a fast, efficient and high-quality ramp-up of the services provided by EATM-CERT to all ANSPs and Airport Operators of EUROCONTROL Member States.”
EATM-CERT will provide the following services to ANSPs and Airport Operators of EUROCONTROL Member States:
- Proactive cyber-security services (e.g. penetration testing, vulnerability assessment, infrastructure/best practices review);
- Collection, generation and distribution of ATM relevant cyber intelligence;
- Coordination, with National CERTs as appropriate, of the pan-European ATM response to ATM relevant cyber-security alerts/incidents on a voluntary basis.
The activities of CERT-EU include prevention, detection, response and recovery. The team is made up of IT security experts from the main EU Institutions (European Commission, General Secretariat of the Council, European Parliament, Committee of the Regions, Economic and Social Committee). It cooperates closely with other CERTs in the Member States and beyond as well as with specialised IT security companies.
For further information, please contact: