Good Practice Guide Reporting Security Incidents
Resilient e-Communications Networks
the wider plans in these areas is a way to ensure that all of the above benefits are enjoyed
Thus, those establishing a reporting scheme should leverage the status quo as much as possible.
Advantage should be taken by existing processes, procedures, institutions, and stakeholder
interest in CIIP.
Integration with Wider National Emergency Management Plans
Our research has demonstrated that incident reporting schemes in eCommunications sometimes are
integrated into wider national emergency management plans, while other times they are not. The
main reasons for this variation are:
Some countries have long-established emergency management processes, into which to the
reporting scheme can be integrated, while other countries have less mature emergency
The recent emphasis by the European Union on Critical Infrastructure Protection (CIP), has
brought this issue forward in recent years, making it an area of current development, with
incident reporting being one small part of the whole. Thus, where incident reporting preceded
these wider policies, it can only be integrated at a later date.
Many organizers in the past developed their reporting schemes to address a need exclusively
within their sector or area of responsibility (e.g., telecoms regulation, eCommunications
resilience, computer emergency response) and only some connect to the national Critical
Information Infrastructure Protection (CIIP) and cross-sector national emergency response
However, now that these wider national strategies are generally in place or in development
throughout the EU, those establishing a new incident reporting scheme at this time mostly have the
option or obligation to integrate their schemes with these wider strategies.
There are many advantages that a reporting scheme may draw from such a cooperation:
Each reporting scheme needs a perspective for its development. That need can be well-
assisted by a national strategy via listing critical infrastructure providers and determining
priorities in emergency response and critical infrastructure protection.
Public-private partnerships and expert forums that already exist as a part of the national crisis
response plan may be used as a platform to build trust and win cooperation of the potential
reporting parties (more in the sections 3.1.3 and 4.1 below).
The possibility to legally sanction cooperation may be useful. If the national plan entrusts a
certain organization with coordinating CIIP, that organization would likely also have the legal
mandate to organize an incident reporting scheme.