The Commission adopted in February 2013 the 'Cybersecurity Strategy of the European Union'.
What is the problem?
Cyber-security incidents are increasing in frequency and magnitude, becoming more complex and know no borders. These incidents can cause major damage to safety and the economy. Efforts to prevent, cooperate and be more transparent about cyber incidents must improve.
Why is EU action required? EU helps Member States to cooperate
Previous efforts by the European Commission and individual Member States have been too fragmented to deal with this growing challenge.
What has the Commission done so far?
- Presented in February 2013 a proposal, together with the High Representative of the Union for Foreign Affairs and Security Policy, for a 'Cybersecurity Strategy of the European Union'. The proposed Directive lays down measures including:
- Member State must adopt a NIS strategy and designate a national NIS competent authority with adequate financial and human resources to prevent, handle and respond to NIS risks and incidents;
- Creating a cooperation mechanism among Member States and the Commission to share early warnings on risks and incidents through a secure infrastructure, cooperate and organise regular peer reviews;
- Operators of critical infrastructures in some sectors (financial services, transport, energy, health), enablers of information society services (notably: app stores e-commerce platforms, Internet payment, cloud computing, search engines, social networks) and public administrations must adopt risk management practices and report major security incidents on their core services.
- Together with it, presented in February 2013 a legislative proposal on enhanced network and information security across the Union (action 123 of the Digital Agenda Review package).
- Secured ENISA's future – in April 2013 the European Parliament voted to extend ENISA's mandate by seven years.
- The NIS public-private Platform was set up as part of the European Strategy for Cybersecurity. The NIS Platform will help public and private organisations improve cybersecurity risk management and information sharing. It will assist and provide the groundwork for the implementation of the proposed NIS Directive. The NIS Platform will further prepare a Strategic Research Agenda for secure ICT. A key focus will be on turning research results into commercial products, to serve Europe's growth and jobs objectives
What will the Commission do next?
- Contribute to the implementation of actions identified in the Cybersecurity Strategy: a high-level conference one year after adoption of the Strategy; a cybersecurity championship; adopt Commission recommendations on cybersecurity on the basis of guidance from the NIS Platform.