After a pilot phase of one year and a successful assessment by its constituency and its peers, the EU Institutions have decided to set up a permanent Computer Emergency Response Team (CERT-EU) for the EU institutions, agencies and bodies on September 11th 2012. The team is made up of IT security experts from the main EU Institutions (European Commission, General Secretariat of the Council, European Parliament, Committee of the Regions, Economic and Social Committee). It cooperates closely with other CERTs in the Member States and beyond as well as with specialised IT security companies.
CERT-EU will gradually extend its services, on the basis of the requirements of its constituency and taking into account the available competencies, resources and partnerships.
The constituency of CERT-EU is composed of all the EU Institutions, Agencies and Bodies.
Team Description in Accordance with RFC 2350
CERT-EU has published a document to provide basic information about the CERT-EU, its channels of communication, and its roles and responsibilities.
In recent years, CERTs have been developed in both private and public sectors as small teams of cyber-experts connected to the internet that can effectively and efficiently respond to information security incidents and cyber threats, often on a 24 hours a day-7days a week basis.
In the Digital Agenda for Europe adopted in May 2010 (see IP/10/581, and MEMO/10/200), the Commission committed itself to establishing a CERT for the EU institutions, as part of the EU's commitment to a reinforced and high level EU Networking and Information Security Policy in Europe. In August 2010 the Commission requested four cyber-security experts known as the "Rat der IT Weisen" to make recommendations on how to set up such a CERT. Their report was finalised in November 2010.
The Digital Agenda also calls on all Member States to establish their own CERTs, paving the way to an EU-wide network of national and governmental Computer Emergency Response Teams by 2012 (see IP/11/395). The EU's Council of Telecoms Ministers adopted conclusions on 27th May 2011, confirming this objective.
The privacy statement provides details of how and why personal data is collecetd, processed and managed at CERT-EU