Increased cybersecurity for European Union

Author Moonshot.news

Published on: 22/03/2022

Increased EU cybersecurity and information security is proposed by the EU Commission. The proposal includes common cybersecurity and information security measures across the EU institutions, bodies, offices and agencies. The aim is to bolster their resilience and response capacities against cyber threats and incidents, as well as to ensure a resilient, secure EU public administration, amidst rising malicious cyber activities in the global landscape, the Commission says.

”In the context of the pandemic and the growing geopolitical challenges, a joint approach to cybersecurity and information security is a must. With this in mind, the Commission has proposed a Cybersecurity Regulation and an Information Security Regulation. By setting common priorities and frameworks, these rules will further strengthen inter-institutional cooperation, minimize risk exposure and further strengthen the EU security culture.”

The proposed Cybersecurity Regulation includes a framework for governance, risk management and control in the cybersecurity area and a new inter-institutional Cybersecurity Board.

It will also extend the mandate of the Computer Emergency Response Team for the EU institutions, bodies, offices and agencies (CERT-EU), as a threat intelligence, information exchange and incident response coordination hub, a central advisory body, and a service provider.

“In a connected environment, a single cybersecurity incident can affect an entire organisation”, Commioner for Budget and Adminisytratiojn, Johannes Hahn, said in a statement.

“This is why it is critical to build a strong shield against cyber threats and incidents that could disturb our capacity to act. The regulations we are proposing today are a milestone in the EU cybersecurity and information security landscape. They are based on reinforced cooperation and mutual support among EU institutions, bodies, offices and agencies and on a coordinated preparedness and response. This is a real EU collective endeavour.”

The European Parliament recently made a study and concluded that EU needs to create a common strategy to face the challenge of disinformation, including by putting in place specific sanctions related to foreign interference and disinformation campaigns.

The Parliament’s inquiry into mapping how malicious foreign powers manipulate information and interfere in the EU to undermine democratic processes concludes that malicious actors can, without fear of consequences, influence elections, carry out cyber-attacks, recruit former senior politicians and advance polarisation in public debate.

Key elements of the Commission´s proposal:

• Strengthen the mandate of CERT-EU and provide the resources it needs to fulfil it;
• Require from all EU institutions, bodies, offices and agencies to:
  • Have a framework for governance, risk management and control in the area of cybersecurity;
  • Implement a baseline of cybersecurity measures addressing the identified risks;
  • Conduct regular maturity assessments;
  • Put in place a plan for improving their cybersecurity, approved by the entity’s leadership;
  • Share incident-related information with CERT-EU without undue delay.
• Set up a new inter-institutional Cybersecurity Board to drive and monitor the implementation of the regulation and to steer CERT-EU;
• Rename CERT-EU from ‘Computer Emergency Response Team’ to ‘Cybersecurity Centre’, in line with developments in the Member States and globally, but keep the short name ‘CERT-EU’ for name recognition.

The proposed Information Security Regulation will create a minimum set of information security rules and standards for all EU institutions, bodies, offices and agencies to ensure an enhanced and consistent protection against the evolving threats to their information.