RE: EU decides to keep ineffective agency around to watch pwnage

I received this comment from Security4All (sorry, I don't know his/her name) in response to my post regarding ENISA being extended for another four years.

Blogger Security4all said... Of course, everybody is entitled to have his own opinion but yours seems a bit harsh. I think ENISA did some good work but if you can only 'advise' and not 'make' people/corporations do anything different. True it may not seem efficient. What improvements do you suggest we make?

I meant the post to be a bit more tongue-in-cheek than it appeared. I don't have anything against ENISA itself and think that coordination and education between entities is very important. That being said I think the idea of the government trying to insert itself into Internet security is an expensive, disruptive, and ultimately futile effort. You cannot secure something you don't control and you cannot force action without true authority, which this body does not have. I would suggest that the ENISA directive (REGULATION (EC) No 460/2004) be tweaked to give ENISA a bit more control over collaborative controls and standards which are currently deemed to be out of scope of ENISA and solely in the hands of the member countries. But alas, I understand the wheels of bureaucracy turn very slowly and ultimately I applaud the EU for forming the Agency. I will post a follow up article featuring ENISA and comparing it to the confusing assortment of regulatory and advisory bodies we have here in the US.