Good Practice Guide Reporting Security Incidents
Resilient e-Communications Networks
Management support must be assured.
Reporting staff must be trained.
Building trust with the reporting parties is a long process and at the same time a crucial condition of a
successful reporting scheme. Some tips on this issue:
It is possible to capitalize on trusted relationships that have been built previously, within other
Building trust is a personal business it is necessary to maintain personal contacts, meet the
contact persons in the reporting organizations, organize workshops and regular face-to-face
meetings both formal and informal.
: The organizers of the scheme made the experience that
building up communications is "a time-consuming business" where the public authority
has to put repeated efforts into establishing and maintaining personal contacts. If a
contact person leaves a CI operator, the time and effort must be taken to find and
establish a contact of the same quality; therefore, it appears useful to have more than
one contact person within a single company. In principle, tangible and valuable
information must be shared with the CI contacts to establish a working, trusted
In their interactions with reporting parties, the organizers should be able to differentiate
between those organizations that already have a track record of trusted cooperation, those
who don't, those who show interest in cooperation, those who need support or consultations,
etc. The fact that the organizers are serious about the project and are engaging support of
other similar organizations will help.
: Organizers of the Finnish reporting scheme said that it was easier to
win cooperation from big operators with a long history of relations with FICORA.
Smaller service providers and fresh entrants to the market might have been reluctant,
even hostile to the idea of reporting at the beginning. With step-by-step integration to
the scheme, many began to see the added value of exchanging information, too.
MIMER/GLU [Sweden]: During the introduction of MIMER, the Swedish Post and
Telecoms Agency (PTS) observed that one important thing needed for the operators to
decide to publicly display the network disturbances (or "outages") on a map on their
respective websites was that virtually all other large telecom operators also made the
same decision. Within a year from launching the project, a general hesitation had
disappeared and the operators were instead 'competing' who launches the website
The reporting parties and other partners (i.e., organizations generating information as well as
those receiving/using it) should be involved in developing the reporting scheme. That on one