The European Commission wants additional obligations on the private sector in order to fight cyber-attacks. Companies in charge of critical infrastructures, for example, will be required to report serious security incidents to national cyber security authorities. This is one of the measures that will be elaborated in the draft Directive on the Security of Networks and Information Systems that will be presented in early February. Once published, the text will have to be negotiated and approved by the European Parliament and Council (telecom Ministers).
This draft will be one of the parts of the EU’s future Cyber Security Strategy which will be proposed in parallel by Commissioners Neelie Kroes (Digital Agenda), Cecilia Malmström (Home Affairs) and Catherine Ashton (High Representative for Foreign Affairs).
The Commission first planned to make a Regulation (uniform application across the EU), but opted for a Directive. The idea is to give the Member States the power to improve their protection against cyber-attacks. They will have to set up cyber security authorities that will work together in a European cyber security network, a sort of platform where they can exchange information and react jointly on cases having a cross-border impact.
The Commission focuses also on new obligations for companies. Companies will have to report “serious” cyber incidents to the national cyber security authorities and apply security rules. “Serious” will be defined in level-two measures (provisions drawn up by the European Commission).
Sanctions for non-compliance will probably be left in the hands of Member States instead of the EU. The new rules, already applied to the telecom industry, will be imposed on all companies with responsibility for “critical infrastructures”.
The new rules will apply to the e-commerce sector. Other applicable sectors and industries: social networks, search engines, finance, energy, finance, health, trans¬port and nuclear power.
European Cyber Security Conference
Thursday 16 May, the 2013 European Cyber Security Conference on “Securing the Internet Economy” will take place in Brussels. Have a look at the event’s website if you are interested.