Among the main achievements of the CIIP policy are establishment of the European Forum for Member States and of the European Public-Private Partnership for Resilience; carrying out of pan-European exercises (Cyber Europe 2010 and 2012); adoption, by ENISA, of a minimum set of baseline capabilities and services and related policy recommendations for National/Governmental Computer Emergency Response Teams (CERTs) to function effectively.
In some cases, the Cybersecurity strategy is taking forward such actions (for example, in carrying out pan-European exercises). In other cases, the voluntary approach of the CIIP policy would be strengthened by the proposal for a Directive on network and information security, which would require the Member States to put in place a minimum level of capabilities at national level and to co-operate cross-border. This paper alludes to the legal challenges confronted by the authorities’ in implementing them.
