Online security

EU lawmakers demand stronger security against cyber threats –

MEPs called for enhanced EU security against cyber threats in a resolution on the bloc’s cybersecurity strategy, known as EUCSS, for the digital decade.

“This parliament is working on the best cybersecurity legislation this continent has ever seen so far,” said Renew Europe MEP Bart Groothuis.

The document underscores the need to tackle evolving hybrid threats from increasingly sophisticated and numerous non-state actors.

“Cybersecurity is one of the major challenges we are currently facing in security policy,” Green MEP Rasmus Anderson said during the European Parliament’s debate on the resolution last week.

MEPs also stressed the need to address the geopolitical dimensions of cyber threats.

“The political conclusion must be that ransomware is not just a technical problem, […] it is also a foreign policy issue, ”Groothuis stressed and added that“ we must hold Russia responsible for providing safe havens for ransomware criminals ”.

Cyber ​​security vulnerabilities were particularly at risk during the COVID-19 pandemic, as teleworking and social distancing increased reliance on digital technologies and connectivity.

“The pandemic has accelerated the transition to digitalization,” said EEP MEP Seán Kelly, adding that “this is accompanied by a significant increase in cybercrime as criminals are profiting from the massive transition to digitalization. remote work “.

Lawmakers also called on the European Commission to introduce cybersecurity requirements for various software and stressed that the continued use of outdated software represents a major security risk that should be addressed in the proposal.

EUCSS has been published by the Commission in December 2020 with the aim of tackling evolving cybersecurity threats and proposed several new initiatives to foster resilience and situational awareness.

“The European cybersecurity strategy emphasizes that technological sovereignty is essential to build a more resilient union,” said Budget Commissioner Johannes Hahn.

One of the main proposals to tackle cyberthreats and build capacity is the revised Directive on Security of Networks and Information Systems (NIS2), currently under negotiation by government ministers and the European Parliament. .

European cybersecurity legislation

The IRS Directive entered into force in 2016 and aimed to increase the security of networks and information systems across the EU. But given the unprecedented acceleration of digitization during the COVID pandemic, the Commission has decided to refresh it.

The revisions widen the scope of the directive to include more sectors and services deemed essential for the economy and society – such as digital services or manufacturers of critical products – in the list of important entities.

It also introduces stricter surveillance measures and includes means to support coordinated management of large-scale cybersecurity incidents as well as increased cooperation between authorities in Member States.

Commissioner Hahn said it was a “commitment to an open but trustworthy central Internet in Europe”.

Industrial groups welcomed this decision.

“There is no doubt that an NIS update is needed. Especially in light of the increasing number, sophistication and impact of cyber incidents, which we can see literally every day, ”said Trevor Rudolph, vice president of global digital policy and regulation at Schneider Electric.

The proposal also includes a mandatory 24-hour notification period for major incidents to confirm “the legal obligation to respond to incidents in an agile manner,” Hahn said.

However, this short reporting deadline is not suitable for industry representatives.

“I understand the reflexive nature of government authorities and legislators who want to get information about incidents as quickly as possible. However, 24 hours to report a major incident is a ridiculous requirement. If you have to respond within 24 hours, the recipient of the information won’t get anything of value, ”complained Rudolph at the RSA Cyber ​​Security Conference Thursday, June 10.

[Edited by Benjamin Fox]

Leave a Reply

Your email address will not be published.