EU Updates Its Cyber Solidarity Act

The European Union (EU) has reached agreement on a common position on the prposed Cyber Solidarity Act, intended to strengthen the EU's resilience to cyber threats. 

The aim of this legislation is to increase detection and awareness of significant and large-scale cyber threats with the aim to improve services such as hospitals and public utilities. “The proposal  includes a European Cybersecurity Shield, made of Security Operation Centres interconnected across the EU, and a comprehensive Cybersecurity Emergency Mechanism to improve the EU’s cyber posture,” says the European Commission.

EU lawmakers said this is an important piece of legislation that will create a more robust security landscape for member states and organisations across the EU. According to the European Commission, "cyber operations are increasingly integrated in hybrid and warfare strategies, with significant effects on the target. “In particular, Russia’s military aggression against Ukraine was preceded and is being accompanied by a strategy of hostile cyber operations, which is a game changer for the perception and assessment of the EU’s collective cybersecurity crisis management preparedness and a call for urgent action."

The legislation is prompted by the threat of a possible large-scale incident causing significant disruption, including damage to critical infrastructure, demanding a higher level of preparedness at all levels of the EU’s cybersecurity apparatus.

"That threat goes beyond Russia’s military aggression on Ukraine and includes continuous cyber threats from state and non-state actors, which are likely to persist, given the multiplicity of state-aligned, criminal and hacktivist actors involved in current geopolitical tensions." said José Luis Escrivá, Spanish minister for digital transformation.

A major feature of the draft legislation is the creation of a 'European cyber shield', a pan-European infrastructure composed of national and cross-border security operations centers (SOCs) across the EU.

These will use Artificial Intelligence (AI) and advanced data analytics to detect and share warnings on cyber threats and incidents across borders. There are also plans for the creation of a cyber emergency mechanism to improve awareness and attack response capabilities. This will include testing entities in highly critical sectors, such as healthcare, transport, and energy, to probe for potential vulnerabilities based on common risk scenarios, lawmakers said.

  • A new EU ‘cyber security reserve’ will be set up consisting of incident response services from trusted private sector providers, all of which pre-contracted so they're ready to intervene at the request of a member state or EU institution, body, or agency.
  • There are also plans for a mutual financial assistance fund aimed at enabling member states to offer financial aid to others in the event of a serious security incident.
  • As part of the legislation, new mechanisms will be introduced to conduct reviews and assessments of large-scale cyber security incidents after they have taken place.
  • ENISA, the EU’s cyber security agency, will play a key role in supporting this aspect of the legislationd. At the request of the European Commission or of national authorities, ENISA will conduct reviews of certain incidents and deliver reports to relevant governmental departments.

The new common position introduces some  changes to the draft legislation. In particular, it clarifies terminology and adapts the text to member states’ specificities, particularly around the SOCs and the cyber shield. Definitions have been modified and aligned with other legislation, such as the recently-revised Network and Information Security Directive (NIS2).

ENISA’s role has also been reinforced and clarified throughout the text, and improvements have been introduced around procurement, funding, information sharing, and the incident review mechanism. The next step in the process is for the incoming presidency to start negotiating with the European Parliament on a final version of the proposed legislation.

EU Council:     European Union:     EU Parliament:     ITPro:     Wiggin:       

Image: Moritz320

You Might Also Read: 

EU Agrees Regulations For Artificial Intelligence:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« The Pivotal Role Of Access Control In Cyber Security
23andMe Blames The Victims »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

ObjectSecurity

ObjectSecurity

ObjectSecurity is a leader in authorization policy automation. With OpenPMF, you can manage application security policies for access control and auditing.

Protectimus

Protectimus

Affordable two factor authentication (2FA) provider. Protect your data from theft with multi factor authentication service from Protectimus.

Cyjax

Cyjax

Cyjax monitors the Internet to identify the digital risks to your organisation, including cyber threats, reputational risks and the Darknet.

Naval Dome

Naval Dome

Naval Dome provides the first maritime multilayer cyber defense solution for mission critical onboard systems.

Y-PARC

Y-PARC

Y-PARC is a center of excellence for cybersecurity, precision industries and medtech, fostering innovation and development and support for startups.

Randstad

Randstad

Randstad provide outsourcing, staffing, consulting and workforce solutions in the USA across a wide range of job sectors including IT and cybersecurity.

National CyberWatch Center

National CyberWatch Center

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

Founder Shield

Founder Shield

Founder Shield is a data driven insurance brokerage focused excusively on rapidly evolving high-growth companies.

Mirai Security

Mirai Security

Mirai Security are a cyber security company that specializes in Governance, Risk Management and Compliance, Cloud Security and Application Security.

VP Techno Labs

VP Techno Labs

VP Techno Labs is an award-winning cybersecurity firm focusing only cybersecurity to develop cutting edge solutions for emerging business.

Silent Circle

Silent Circle

Silent Circle is the leader in end-to-end enterprise solutions for secure mobile communications.

Cybecs Security Solutions

Cybecs Security Solutions

Cybecs was founded to address rapid technological advancement, changing business models, global privacy regulations, and increasing cyber threats for global organizations.

CESAR

CESAR

CESAR is one of the premier R+D and innovation centers in Brazil and a designated Cybersecurity Competence Center.

Orca Tech

Orca Tech

Orca Tech brings together a portfolio of complimentary vendor in the IT security industry to help provide a complete solution to meet the requirements of our Partners across all sectors.