First Ever EU Rules On Cybersecurity

Uploaded on 2015-12-09 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Transport and energy companies will have to ensure that the digital infrastructure that they use to deliver essential services, such as traffic control or electricity grid management, is robust enough to withstand cyber-attacks, under new rules provisionally agreed by internal market MEPs and the Luxembourg Presidency of the EU Council of Ministers on Monday.

"Today, a milestone has been achieved: we have agreed on first ever EU-wide cyber-security rules, which the Parliament has advocated for years", said Parliament's rapporteur Andreas Schwab (EPP, DE), after the deal was clinched.

"Parliament has pushed hard for a harmonised identification of critical operators in energy, transport, health or banking fields, which will have to fulfil security measures and notify significant cyber incidents. Member states will have to cooperate more on cybersecurity – which is even more important in light of the current security situation in Europe."

"Moreover this directive marks the beginning of platform regulation. Whilst the Commission's consultation on online platforms is still on-going, the new rules already foresee concrete definitions – a request that Parliament had made since the beginning in order to give its consent to the inclusion of digital services", he concluded.

MEPs put an end to current fragmentation of 28 cybersecurity systems by listing sectors - energy, transport, banking, financial market, health and water supply - in which critical service companies will have to ensure that they are robust enough to resist cyber-attacks. These companies must also be ready to report serious security breaches to public authorities.

Member states will have to identify concrete "operators of essential services" from these sectors using certain criteria: whether the service is critical for society and the economy, whether it depends on network and information systems and whether an incident could have significant disruptive effects on its provision or public safety.

In addition, some internet services providers, such as online marketplaces (e.g. eBay, Amazon), search engines (e.g. Google) and clouds, will also have to ensure the safety of their infrastructure and to report on major incidents. Micro and small digital companies will get an exemption, the deal says.

To ensure a high level of security across the EU and to develop trust and confidence among member states, the draft rules sets up a strategic cooperation group to exchange information and best practices, draw up guidelines and assist member states in cybersecurity capacity building.

In addition, a network of Computer Security Incidents Response Teams (CSIRTs), set up by each member state to handle incidents, will have to be established to discuss cross border security incidents and identify coordinated responses.

HelpNetSecurity: http://bit.ly/1R71DYM

« Cybersecurity Is A Big Government Problem
Has The US Become Complacent About Resisting Cyber Attacks? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Information Security Systems (ISSCOM)

Information Security Systems (ISSCOM)

ISSCOM provide services to help companies implement Information Security Management Systems (ISMS) by providing consultancy and hands-on assistance.

Original Software

Original Software

Original Software offers a test automation solution focused completely on the goal of effective software quality management.

eco

eco

eco, with more than 950 member organizations, is the largest Internet industry association in Europe.

National Cybersecurity and Communications Integration Center (NCCIC) - USA

National Cybersecurity and Communications Integration Center (NCCIC) - USA

NCCIC is a cyber situational awareness, incident response, and management center for the US Government, intelligence community, and law enforcement.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

Netsafe

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. We help people stay safe online by providing online safety education, advice and support.

SecurityGate

SecurityGate

SecurityGate.io is the only Integrated Risk Management platform built for OT/ICS cybersecurity. The leading Risk Assessment Platform for Critical Infrastructure.

TXOne Networks

TXOne Networks

TXOne Networks offer cybersecurity solutions to protect your industrial control systems to ensure their reliability and safety from cyberattacks.

EtherAuthority

EtherAuthority

EtherAuthority's engineering team has been helping blockchain businesses to secure their smart contract based assets since 2018.

Assetnote

Assetnote

The Assetnote platform enables organizations to effectively map and continuously monitor their external attack surface.

NuKuDo

NuKuDo

NukuDo redefine the boundaries of cybersecurity talent development. We are dedicated to cultivating top-tier professionals equipped to tackle the complex challenges of cybersecurity.

LEPHISH

LEPHISH

LePhish is a French cybersecurity solution specializing in automated phishing campaigns.

National Critical Information Infrastructure Protection Centre (NCIIPC) - India

National Critical Information Infrastructure Protection Centre (NCIIPC) - India

NCIIPC's mission is to protect the Critical Information Infrastructure of India, from unauthorized access, modification, use, disclosure, disruption, incapacitation or destruction.

Maveris

Maveris

Maveris is an IT and cybersecurity company committed to helping organizations create secure digital solutions to accelerate their mission.

Holiseum

Holiseum

Holiseum delivers innovative cybersecurity solutions for the critical infrastructure organizations, as well as cybersecurity services and consulting.

Scytale

Scytale

Scytale is the global leader in security compliance automation, helping companies get compliant and stay compliant.