EU Updates Its Cyber Solidarity Act

The European Union (EU) has reached agreement on a common position on the prposed Cyber Solidarity Act, intended to strengthen the EU's resilience to cyber threats. 

The aim of this legislation is to increase detection and awareness of significant and large-scale cyber threats with the aim to improve services such as hospitals and public utilities. “The proposal  includes a European Cybersecurity Shield, made of Security Operation Centres interconnected across the EU, and a comprehensive Cybersecurity Emergency Mechanism to improve the EU’s cyber posture,” says the European Commission.

EU lawmakers said this is an important piece of legislation that will create a more robust security landscape for member states and organisations across the EU. According to the European Commission, "cyber operations are increasingly integrated in hybrid and warfare strategies, with significant effects on the target. “In particular, Russia’s military aggression against Ukraine was preceded and is being accompanied by a strategy of hostile cyber operations, which is a game changer for the perception and assessment of the EU’s collective cybersecurity crisis management preparedness and a call for urgent action."

The legislation is prompted by the threat of a possible large-scale incident causing significant disruption, including damage to critical infrastructure, demanding a higher level of preparedness at all levels of the EU’s cybersecurity apparatus.

"That threat goes beyond Russia’s military aggression on Ukraine and includes continuous cyber threats from state and non-state actors, which are likely to persist, given the multiplicity of state-aligned, criminal and hacktivist actors involved in current geopolitical tensions." said José Luis Escrivá, Spanish minister for digital transformation.

A major feature of the draft legislation is the creation of a 'European cyber shield', a pan-European infrastructure composed of national and cross-border security operations centers (SOCs) across the EU.

These will use Artificial Intelligence (AI) and advanced data analytics to detect and share warnings on cyber threats and incidents across borders. There are also plans for the creation of a cyber emergency mechanism to improve awareness and attack response capabilities. This will include testing entities in highly critical sectors, such as healthcare, transport, and energy, to probe for potential vulnerabilities based on common risk scenarios, lawmakers said.

  • A new EU ‘cyber security reserve’ will be set up consisting of incident response services from trusted private sector providers, all of which pre-contracted so they're ready to intervene at the request of a member state or EU institution, body, or agency.
  • There are also plans for a mutual financial assistance fund aimed at enabling member states to offer financial aid to others in the event of a serious security incident.
  • As part of the legislation, new mechanisms will be introduced to conduct reviews and assessments of large-scale cyber security incidents after they have taken place.
  • ENISA, the EU’s cyber security agency, will play a key role in supporting this aspect of the legislationd. At the request of the European Commission or of national authorities, ENISA will conduct reviews of certain incidents and deliver reports to relevant governmental departments.

The new common position introduces some  changes to the draft legislation. In particular, it clarifies terminology and adapts the text to member states’ specificities, particularly around the SOCs and the cyber shield. Definitions have been modified and aligned with other legislation, such as the recently-revised Network and Information Security Directive (NIS2).

ENISA’s role has also been reinforced and clarified throughout the text, and improvements have been introduced around procurement, funding, information sharing, and the incident review mechanism. The next step in the process is for the incoming presidency to start negotiating with the European Parliament on a final version of the proposed legislation.

EU Council:     European Union:     EU Parliament:     ITPro:     Wiggin:       

Image: Moritz320

You Might Also Read: 

EU Agrees Regulations For Artificial Intelligence:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« The Pivotal Role Of Access Control In Cyber Security
23andMe Blames The Victims »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Roka Security

Roka Security

Roka Security is a boutique security firm specializing in full-scale network protection, defending against advanced attacks, and rapid response to security incidents.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

Baker McKenzie

Baker McKenzie

Baker & McKenzie is an international law firm. Practice areas include Data & Technology.

CSR Privacy Solutions

CSR Privacy Solutions

CSR Privacy Solutions is a leading provider of privacy regulatory compliance programs for small and medium sized businesses.

ThreatConnect

ThreatConnect

ThreatConnect is an enterprise threat intelligence platform by Cyber Squared bridging incident response, defense, and threat analysis for InfoSec & DFIR teams.

CipherPoint Software

CipherPoint Software

CipherPoint Software provides data-centric auditing and protection solutions for securing unstructured information

NICE Systems

NICE Systems

NICE Systems provide software solutions to ensure compliance, fight financial crime, and safeguard people and assets.

Logscape

Logscape

Logscape provides a big data analytical tool for log file analysis and operational analytics.

Zivver

Zivver

Zivver is the effortless, secure email platform, powering the next generation of secure communications.

Quadron  Cybersecurity Services

Quadron Cybersecurity Services

Quadron Cybersecurity Services is a specialist in digital security, data and system protection.

ACPL Systems

ACPL Systems

We offer leading-edge technology solutions, expert professional and managed services and proven methodologies to ensure your data is protected and business risks are reduced.

Jenson Knight

Jenson Knight

Jenson Knight is a global cyber security, cloud and IT infrastructure staffing specialist.

NeuVector

NeuVector

NeuVector, the leader in Full Lifecycle Container Security, delivers uncompromising end-to-end security from DevOps vulnerability protection to complete protection in production.

MicroAge

MicroAge

Powered by five decades of experience, lasting partnerships, client relationships, and the values that guide us daily, MicroAge is here to help you secure, accelerate, and transform your business.

Hook Security

Hook Security

Setting a new standard in security awareness. Hook Security is a people-first company that uses psychological security training to help companies create security-aware culture.

Zeus Cloud

Zeus Cloud

Zeus Cloud provide clients with world-class web hosting services to businesses both big and small.