The Project

The current project

The objective of Network for Information Sharing and Alerting  (NISHA) is to further develop the existing prototype of European Information Sharing and Alert System achieved under FISHA into a pilot version of the system. The expected outcome is a pilot network consisting of 4 local portals which are to be set up in Member States, locally reaching citizens and SMEs. The network will function based on an organisational model proposed within the project frames. The project will include a study of organizational and legal aspects concerning functioning of the system as well as technical development and implementation encountered while establishing the pilot, with a focus on lessons learned and suggestions for improvement.

Technical aspects: Development of already existing prototype of European Information Sharing and Alert System (FISHA) into a pilot implementation. Final outcome will be a pilot network capable of manage 4 cooperating portals exchanging information according to the elaborated principles.

Adaptation capability module – an extension for the system allowing already existing, external portals to process information to/from the network through their own websites. This feature will facilitate a wider group of information brokers who are able to spread the information but are not members of the network, without requiring excessive technical effort from them.

A set of necessary software and instructions that every entity joining the network will be provided with. This start package will include applications needed to set a local portal and a user guide with detailed instructions how to conduct it. This will include the Adaptation Module. (“NISHA in a box”)The procedures of technical maintenance and support during the operation of the system for the whole its life cycle will be evaluated and proposed.

Organizational and legal aspects: An EISAS (FISHA) pilot network will be organized. This network will include 4 portals, which will include the original FISHA partners and some supporting CERT partners. This network will be functional – ie. EISAS (FISHA) messages will be published.

Rules of cooperation with other network security organisations and local information brokers. The ways of obtaining official support and participation from other institutions will be proposed, based on gained experience in forming such cooperation during development of already existing EISAS prototype – FISHA.

Set of principles regulating process of joining the network by interested entities including requirements that such entity should meet and agreements that should be signed in order to start cooperation. This set will be based on draft principles already created in existing EISAS prototype – FISHA.

Model of supporting and providing entities joining the network with necessary tools and instructions. A start package for every new entity joining the system will be completed including software for cre ating a local portal and a user guide with instructions how to set up a portal.

The pilot project will include financing of the network, including security experts, equipment translation services necessary to demonstrate full functionality of the system. Based on this, a working proposal of managing and financing the system will be elaborated.

Analysis of aspects concerning copyright issues of materials used and published by organizations belonging to the network.

The final report will be created summarizing all the experiences gathered during the successive stages of project development. The report will provide a feedback loop with collection of best practices from setting up the system.  The final outcome of the project will be a successful pilot implementing of the system with technical maintenance and resources ensured, operating in accordance with organizational principles established during the development of the EISAS (FISHA project) and subsequent pilot deployment.

NISHA is carried out by the 3 original project partners - PTA/CERT-Hungary, NASK/CERT Polska, University of Gelsenkirchen/Institute for Internet Security - and a new consortium partner from Portugal. FCCN – Foundation for National Scientific Computing - is a private, non-profit institution, with public interest statuss,  contributing to the expansion of the Internet in Portugal. Since 2002 FCCN operates CERT.PT, the incident handling capability for the R&E user community and the defacto national CERT.

 

The predecessor project

A Framework for Information Sharing and Alerting (FISHA) – A proposed collaboration between CERT Polska, CERT-Hungary and the University of Gelsenkirchen to build a common European information and alerting system within the framework of the EPCIP programme, based on the findings of the EISAS study of ENISA. The project ran from February 2009 to january 2011.

The project addressed the issue of improving security awareness amongst home users and SMEs through the creation of a European information sharing and alerting system. The focus on home users and SMEs stems from the fact that these groups play a critical role in the security of the Internet as a whole, and as such, the European critical information infrastructure. At the same time both groups remain an easy target of attacks, due to low awareness of security issues and the lack of required technical skills to handle them in a proper manner. There is therefore a need of a channel that can be used to reach these groups and supply them with timely best practice information, alerts and warnings phrased in an easy to understand, non-technical way. While a number of national initiatives with a similar goal exist, these initiatives do not cooperate as actively in this field as they could. There is therefore much to be gained by pooling their resources and building upon existing information exchange initiatives, developed in particular, in the CERT community. Previous studies in the watch and warning field have shown that there are a lot of different views and interpretations by experts from different countries as to what really should be done at a European level. These differing views have hindered past European wide efforts, with relevant stakeholders firmly opposing a creation of a large centralized structure.

The project built on the consortium partners that include two national CERTs that were participating in making of the EISAS Study of ENISA (CERT Polska) and taking part of the Best Practice Brokerage of ENISA (CERT-Hungary), and a research institute (Institute for Internet Security – if(is) - of the University of Gelsenkirchen). The stakeholder group included a number of national CERTs that were addressed in the bublic dissemination work of the project. The role of the consortium partners was to manage the work-package falling under their responsibility and carry out the tasks attached to them in each work package.

The project was structured into six work-packages. The output of the 24 month project were the following deliverables:

  • an inventory of available material to support the tasks of the research work group,
  • a fictitious case study on how to set up a new (N)ISAS in a Member State,
  • a web portal prototype for Information Sharing and Alerting,
  • a Functionality Requirements Document,
  • the Information Sharing and Alerting Protocol requirements and specification,
  • prototype software implementation,
  • roadmaps for the involvement of Member States, European Commission, ENISA, industry, academia and consumer protectionists in maintaining the system,
  • communication plan for end-users and SMEs.

The long term results will be the improved information security awareness and technical empowerment of end-users and SMEs, the better collaboration of stakeholders, and a better information security situation at a European scale. The dissemination of results will include closed and open workshops, a project website, presentations promoting the project at other CIIP seminars and conferences.