Computer Security experts were very sceptical about ENISA, the European Network security agency. Up to now the whole administrative bodies seems to be as obsolete as expected. In general public institutions need to be part of the government administration, controlled by parliament and with proper procedures. Good institutions do useful work, bad institutions organise themselves. In an open society we don't want institutional cancer. We want public institutions that solve real problems. And there are real problems which need better public support. Cybersecurity, a lot of problems ahead.
What the hell are they doing at ENISA?
Isabella Santa, Senior Expert in Awareness Raising delivers a speech on the topic "Overview of Awareness Programmes in EU:…
What else are they doing at ENISA?
Ah well, they publish a quarterly newletter about ENISA with nice coloured pictures of their staffers
It should be an instrument for the sharing within Europe Network and
Information Security (NIS) related news, developments, and best practices.
The publication could potentially be of interest for anyone dealing with information
security in Europe and beyond. To keep the level of the content high, EQ targets
the informed community and not the average person; EQ is not meant as an
awareness campaign instrument aimed at the user level. On the other hand, the
publications will not contain highly technical articles that deal in great depth with
one particular topic.
So the target audience is other administrative officials. In fact: no one.
Who is in their European security advisory stakeholder group?
For instance an Austrian company called Microsoft. No one knows why these companies should
have any say on ENISA policy. Fortunately Austria is part of the European Union.
Who provides policy input to ENISA?
EU-Parliament, ah non. The permanent Stakeholder's group (PSG), here are their thoughts.
Why does ENISA publish everything in English?
Because they don't like French or German and don't adhere to usual EU administrative standards.
What is all that awareness raising stuff about?
According to the international handbook of diplomatic language, "Awareness raising" is a phrase meaning baseless propaganda carried out by clueless diplomats, staffers or contracters targeted at an imaginative audience, an effort that is heavily funded by the government or a public authority.
ENISA has an expert for Awareness raising to coordinate national Awareness Raising activities. That sounds cool. Can you tell me more about that Awareness Raising?
In a liberal democracy a public sphere controls administrations. A public dialogue sets the agenda, everybody has a voice. Democratic governments do not "raise awareness" because they respect the principle of normative individualism, they defend their policies against public or parliamentarian criticism. That is: You as a citizens cast your opinion and you desire information and transparency, its not up to the government to educate you or to change your opinion. Powerless administrations (cmp. UN diplomats) or administrations in dictatorships tend to focus on awareness raising, i.e. lobbying citizens and their fellow administrative officials, and mistake that for real work. The main message is "What we do is important". In fact "awareness raising activities" are an indicator of organisational slack and antiliberal, undemocratic pratice.
Media is still primarily being used as a channel of communication, and not as a target.
"Awareness raisers" often talk about what the media should report about. Or what schools shall teach. Or what university professors should teach.
The message to be delivered has to be appealing and perceived as ‘of value’ to
the target group – the audience should be properly evaluated with interests,
needs and knowledge identified
"Awareness raisers" are often seeking their audience and concentrate on something
that is even more important: networking with other awareness raisers to develop
best pratices, develop strategies to become more aware of the importance of awareness
Draw from the experience of other countries as awareness training and
campaigns around Europe present many similarities
And while ENISA manages the management of awareness raising for better awareness raising benchmarks others are doing the real work to make our networks secure. "Those who get it". But where are they at ENISA? They are not employed nor supported by ENISA. Does ENISA fund open source network analysis tools? Code reviews? Hacker conferences? Safer operating systems?
The tragedy of administration: Those who get it and do the work vs. the slack who gets the public money and wastes our precious time. How to shift the public ressources away from obsolete administration?
One good approach is to avoid to create these bodies. We told you so.