The European Union must do more to encourage industry participation in its forthcoming computer security agency, or run the risk of creating an insular bureaucracy, according to experts.

The Network and Information Security Agency (NISA) is due to launch in January to analyse IT threats, enhance co-operation between security agencies, and promote risk assessment within organisations.

The proposed board of NISA will have six representatives from the European Council and six from the Commission, but only one industry member.

Robert Clyde, chief technology officer at security vendor Symantec and a panel member at last week's European Parliament forum on the NIS, called for more industry participation. "There is only one industry member on the board, and we'd like to see this increased," he said. "It seems a little on the light side, considering industry involvement in security."

Robert Holleyman, head of the Business Software Alliance, was also at the forum. He said NISA would help co-operation between Europe and the US, but agreed more industry participation would be beneficial.

Clyde said the agency needed clear aims: "It should keep the initial objectives simple and relatively modest in nature. It has to earn credibility by providing useful information to constituents."

Clyde also welcomed NISA as a single point of contact between Europe and the US. "I also like the fact that it won't impose mandates," he added.

"As security changes so fast, it's important to offer information and analysis rather than dictate security measures."

Have your say: reply to IT Week