On 7 February, the European Commission (EC), in cooperation with the High Representative of the Union for Foreign Affairs and Security Policy, published a cybersecurity strategy, with a proposal for a Directive concerning measures to ensure a high common level of network and information security.
According to the EC, the cybersecurity strategy, called "An Open, Safe and Secure Cyberspace" outlines the vision of the European Union (EU) on how best to prevent and respond to Internet disruptions and attacks. The goal of the strategy is to build and finance a network of national Cybercrime Centres of Excellence to facilitate training and develop cybersecurity capabilities.
The cybersecurity plan is based on five priorities:
- achieving cyber resilience;
- drastically reducing cybercrime;
- developing cyberdefence policy and capabilities related to the framework of the Common Security and Defence Policy;
- develop industrial and technological resources for cybersecurity;
- establish a coherent international cyberspace policy for the European Union and promote EU core values;
The EC also published a proposal for a directive on the security of networks and information, which it considers a fundamental component in the overall cybersecurity strategy. The proposal requires all Member States, as well as Internet service providers and infrastructure operators, to ensure a safe and secure digital environment across the EU.
The proposed directive includes the following measures:
- Member States should adopt a strategy on network and information security and designate a national authority for the sector, furnished with proper financial and human resources to prevent, manage/address and respond to risks and incidents in this area;
- the creation of a mechanism for cooperation between Member States and the EC to bring the different early warning systems for hazards and incidents together in a secure infrastructure and facilitate collaboration and the organization of periodic evaluations among peers;
- operators of critical infrastructure in certain sectors (financial services, transportation, energy, health care), providers of information society services (such as online app stores, e-commerce platforms, Internet payments, cloud computing, search engines and social networks) and public administrations should adopt risk management practices and report serious security incidents occurring to essential services.
By moving ahead with these initiatives, the EU is seeking to promote European values of freedom and democracy, ensuring that the digital economy develops in a secure manner.
Further information:
- EU Cybersecurity plan to protect open internet and online freedom and opportunity http://europa.eu/rapid/press-release_IP-13-94_en.htm
