EU officials on Thursday presented new rules on cyber security across the European Union, in an effort to make
the Internet safer and freer.
The main part of the European Commission's Cyber Security Strategy is a proposed Directive on Network and Information Security (NIS). If approved by the European Parliament and member states, this would become E.U. law.
The cybersecurity strategy - "An Open, Safe and Secure Cyberspace" - represents the EU's vision on how best to prevent and respond to cyber disruptions and attacks. Specific actions are aimed at enhancing cyber resilience of information systems, reducing cybercrime and strengthening EU international cyber-security policy and cyber defence.
According to the proposed Directive, members of the EU must adopt a NIS strategy and designate a national NIS competent authority with adequate financial and human resources to prevent, handle and respond to NIS risks and incidents. A cooperation mechanism among EU's member states and the European Comission (EC) should be created in order to share early warnings on risks and incidents through a secure infrastructure, cooperate and organise regular peer reviews. In addition, operators of critical infrastructures in some sectors (financial services, transport, energy, health), enablers of information society services (notably: app stores e-commerce platforms, Internet payment, cloud computing, search engines, social networks) and public administrations must adopt risk management practices and report major security incidents on their core services.
"The more people rely on the internet the more people rely on it to be secure. A secure internet protects our freedoms and rights and our ability to do business. It's time to take coordinated action - the cost of not acting is much higher than the cost of acting," Neelie Kroes, European Commission Vice-President, commented for the Digital Agenda