Next year Janet will be celebrating its thirtieth anniversary. This made me realise that it’ll also be twenty years since I was first involved in incident response, dealing with attacks against "my" web and email servers at Cardiff University. Over that time the purposes of incident response have stayed pretty much the same: to reduce the number of security breaches where possible and to reduce the severity of those that do still occur. But the range of services and people that need to be involved in doing that has grown far beyond what I could have imagined.

As discussed here previously, the revision of the European Telecommunications Directives in late 2009 introduced a requirement for telecoms providers to report breaches affecting personal data to their national regulators. Although the revised European Directive has not yet been transposed into national laws, ENISA has been surveying both regulators and telcos on their practice and plans.