Twenty-Third Report of Session 2008–09

Twenty-Third Report of Session 2008–09

House of Commons European Scrutiny Committee Twenty-third Report of Session 2008–09 Documents considered by the Committee on 24 June 2009 HC 19-xxi House of Commons European Scrutiny Committee Twenty-third Report of Session 2008–09 Documents considered by the Committee on 24 June 2009 Report, together with formal minutes Ordered by The House of Commons to be printed 24 June 2009 HC 19-xxi Published on 3 July 2009 by authority of the House of Commons London: The Stationery Office Limited £0.00 Notes Numbering of documents Three separate numbering systems are used in this Report for European Union documents: Numbers in brackets are the Committee’s own reference numbers. Numbers in the form “5467/05” are Council of Ministers reference numbers. This system is also used by UK Government Departments, by the House of Commons Vote Office and for proceedings in the House. Numbers preceded by the letters COM or SEC are Commission reference numbers. Where only a Committee number is given, this usually indicates that no official text is available and the Government has submitted an “unnumbered Explanatory Memorandum” discussing what is likely to be included in the document or covering an unofficial text. Abbreviations used in the headnotes and footnotes EC (in “Legal base”) Treaty establishing the European Community EM Explanatory Memorandum (submitted by the Government to the Committee) EP European Parliament EU (in “Legal base”) Treaty on European Union GAERC General Affairs and External Relations Council JHA Justice and Home Affairs OJ Official Journal of the European Communities QMV Qualified majority voting RIA Regulatory Impact Assessment SEM Supplementary Explanatory Memorandum Euros Where figures in euros have been converted to pounds sterling, this is normally at the market rate for the last working day of the previous month. Further information Documents recommended by the Committee for debate, together with the times of forthcoming debates (where known), are listed in the European Union Documents list, which is in the House of Commons Vote Bundle on Mondays and is also available on the parliamentary website. Documents awaiting consideration by the Committee are listed in “Remaining Business”: www.parliament.uk/escom. The website also contains the Committee’s Reports. Letters sent by Ministers to the Committee about documents are available for the public to inspect; anyone wishing to do so should contact the staff of the Committee (“Contacts” below). Staff The staff of the Committee are Alistair Doherty (Clerk), Laura Dance (Second Clerk), David Griffiths (Clerk Adviser), Terry Byrne (Clerk Adviser), Sir Edward Osmotherly (Clerk Adviser), Peter Harborne (Clerk Adviser), Paul Hardy (Legal Adviser) (Counsel for European Legislation), Dr Gunnar Beck (Assistant Legal Adviser), Lisa Wrobel (Senior Committee Assistant), Allen Mitchell (Committee Assistant), Mrs Keely Bishop (Committee Assistant), Dory Royle (Committee Assistant), Karuna Bowry (Committee Support Assistant), and Paula Saunderson (Office Support Assistant). Contacts All correspondence should be addressed to the Clerk of the European Scrutiny Committee, House of Commons, 7 Millbank, London SW1P 3JA. The telephone number for general enquiries is (020) 7219 3292/5465. The Committee’s email address is [email protected] Contents Report Page Documents not cleared 1 BIS (30528) Protecting information networks from cyber attacks 3 2 DFT (30645) Aviation security charges 12 3 HO (30385) (30651) Use of Passenger Name Records for law enforcement purposes 15 Documents cleared 4 BIS (29896) Legal framework for setting up European Research Infrastructure Consortia 19 5 DFID (29973) (29979) Interim Economic Partnership Agreement between the European Community and its Member States and the South African Development Community States 21 6 DH (29786) Cross-border healthcare 27 7 FCO (30691) Common Foreign and Security Policy 29 Annex: CFSP budget 2008 - commitment appropriations 35 8 FCO (30693) Presidency report on European Security and Defence Policy 37 Annex 1: Mandate for The Swedish Presidency 62 9 HMT (30037) Financial services 64 10 HO (29216) Implementation of the Directive on reception standards for asylum seekers 68 Documents not raising questions of sufficient legal or political importance to warrant a substantive report to the House 11 List of documents 71 Formal minutes 74 Standing order and membership 75 European Scrutiny Committee, 23rd Report, Session 2008–09 3 1 Protecting information networks from cyber attacks (30528) Commission Communication: Protecting Europe from large scale 8375/09 cyber-attacks and disruptions: enhancing preparedness, security + ADDs 1–4 and resilience COM(09) 149 Legal base — Department Business, Innovation and Skills Basis of consideration Minister’s letter of 11 June 2009 Previous Committee Report HC 19–xvi (2008–09), chapter 2 (6 May 2009); also see (27570) 10248/06: HC 34–xxxv (2005–06), chapter 8 (13 July 2006). Also see (29300) 16840/07: HC 16–xxiii (2007–08), chapter 12 (4 June 2008); and (27466) 8841/08: HC 41–xxi (2006–07), chapter 15 (9 May 2007) To be discussed in Council To be determined Committee’s assessment Politically important Committee’s decision Not cleared; further information requested Background 1.1 As the Commission notes, Information and Communication Technologies (ICTs) are increasingly intertwined in our daily activities, with some of these ICT systems, services, networks and infrastructures (in short, ICT infrastructures) forming a vital part of European economy and society, either providing essential goods and services or constituting the underpinning platform of other critical infrastructures, and being “typically regarded as critical information infrastructures (CIIs) as their disruption or destruction would have a serious impact on vital societal functions.” The Commission gives as recent examples the large-scale cyber-attacks targeting Estonia in 2007 and the breaks of transcontinental cables in 2008. 1.2 The Commission recalls its “strategy for a secure information society”, which was adopted in 2006,1 where it says “ownership and implementation by stakeholders appears insufficient”. 1.3 The Commission refers to the place in this strategy of the European Network and Information Security Agency (ENISA),2 established in 2004 to “contribute to the goals of ensuring a high and effective level of NIS within the Community and developing a culture 1 Which the Committee reported to the House on 18 July 2006: see (27570) 10248/06: HC 34–xxxv (2005–06), chapter 8 (13 July 2006). 2 According to its website, ENISA “was set up to enhance the capability of the European Union, the EU Member States and the business community to prevent, address and respond to network and information security problems. In order to achieve this goal, ENISA is a Centre of Expertise in Network and Information Security and is stimulating the cooperation between the public and private sectors.” See http://www.enisa.europa.eu/index.htm for full information on ENISA. 4 European Scrutiny Committee, 23rd Report, Session 2008–09 of NIS for the benefit of EU citizens, consumers, enterprises and administrations” — a mandate extended “à l’identique” until March 2012, but subject to “further discussion on the future of ENISA and on the general direction of the European efforts towards an increased network and information security”, as a result of which the Commission launched last November an online public consultation,3 the analysis of which will be made available shortly. 1.4 Other elements in the Policy Context to which the Commission refers are: — the European Programme for Critical Infrastructure Protection (EPCIP)4 and the Directive5 on the identification and designation of European Critical Infrastructures,6 which identifies the ICT sector as a future priority sector, and the Critical Infrastructure Warning Information Network (CIWIN)7 — the Commission proposal to reform the Regulatory Framework for electronic communications networks and services,8 and particularly the provisions to strengthen operators’ obligations to ensure that appropriate measures are taken to meet identified risks, guarantee the continuity of supply of services and notify security breaches,9 which the Commission says is “conducive to the general objective of enhancing the security and resilience of CIIs”, and which the European Parliament and the Council “broadly support” — complementarity with existing and prospective measures in the area of police and judicial cooperation to prevent, fight and prosecute criminal and terrorist activities targeting ICT infrastructures, as envisaged inter alia by the Council Framework Decision on attacks against information systems10 and its planned update;11 — NATO activities on common policy on cyber defence, i.e. the Cyber Defence Management Authority and the Cooperative Cyber Defence Centre of Excellence; — the G8 principles on CIIP15;12 — the UN General Assembly Resolution 58/199 Creation of a global culture of cybersecurity; and — the protection of critical information infrastructures and the recent OECD Recommendation on the Protection of Critical Information Infrastructures. 3 http://ec.europa.eu/information_society/newsroom/cf/itemlongdetail.cfm?item_id=4464 4 COM(2006) 786 5 2008/114/EC 6 http://www.consilium.europa.eu/ueDocs/cms_Data/docs/pressData/en/gena/104617.pdf 7 COM(O8) 676 8 COM(07) 697, COM(07) 698, COM(07) 699 9 Art. 13 Framework Directive 10 2005/222/JHA 11 COM(08) 712 12 http://www.usdoj.gov/criminal/cybercrime/g82004/G8_CIIP_Principles.pdf

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    79 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us