The EU cyber security strategy sets out the EU’s strategy for preventing and responding to disruptions and attacks affecting Europe’s telecommunications systems.
The proposed directive would impose a minimum level of security for digital technologies, networks and services across all member states. It also proposes to make it compulsory for certain businesses and organisations to report significant cyber incidents. The list includes search engines, cloud providers, social networks, public administrations, online payment platforms like PayPal, and major eCommerce websites, such as Amazon.
The proposal was published in two parts on 7 February 2013. The first part is a communication from the Commission and the EU’s High Representative for foreign affairs and security policy outlining an EU cyber security strategy. This is supported by the second element of the strategy – a European Commission proposal for a directive on network and information security.
Why Is It Needed?
The cyber security strategy and proposed directive supports the digital agenda for Europe, which aims to help Europe’s citizens and businesses to get the most out of digital technologies.
Today’s IT systems can be seriously affected by security incidents, such as technical failures and viruses. These kinds of incidents, often called network information security (NIS) incidents, are becoming more frequent and difficult to deal with.
Many businesses and governments across the EU rely on digital networks and infrastructure to provide their essential services. This means that when NIS incidents occur, they can have a huge impact by compromising services and stopping businesses working properly. In addition, with the development of the EU’s internal market, many network and information systems work across borders. An NIS incident in one country can therefore have an effect in others and even across the whole EU. Security incidents also undermine consumer confidence in online payment systems and IT networks.
By introducing more consistent risk management measures and systematic reporting of incidents the proposed directive would help sectors depending on IT systems to be more reliable and stable.
EU Cyber Security Strategy: An Open, Safe and Secure Cyberspace
The EU cyber security strategy sets out the EU’s approach on best preventing and responding to cyber disruptions and attacks. It details a series of actions to enhance the cyber resilience of IT systems, reduce cybercrime and strengthen EU international cyber security policy and cyber defence.
The strategy sets out plans to address challenges under five priority areas:
- Achieving cyber resilience
- Drastically reducing cybercrime
- Developing cyber defence policy and capabilities related to the EU’s common security and defence policy (CSDP)
- Developing the industrial and technological resources for cyber security
- Establishing a coherent international cyberspace policy for the EU
One of the main actions under the strategy is the draft directive on network and information security.
Proposal for a Directive on Measures to Ensure a High Level of Network and Information Security Across the EU – 2013/0027(COD)
The draft directive on network and information security (NIS) is an important element of the cyber security strategy. It would require all EU member states, key internet companies and infrastructure operators, such as e-commerce platforms, social networks and transport, banking and healthcare services, to ensure a secure and trustworthy digital environment throughout the EU. As the current approach to NIS is based on voluntary action, national capability and the levels of private sector involvement and preparedness vary considerably between member states. The draft directive aims to level the playing field by introducing harmonised rules to apply in all EU countries.
The proposed measures include:
- The requirement for EU member states to adopt an NIS strategy and designate a national NIS authority with adequate resources to prevent, handle and respond to NIS risks and incidents
- The creation of a cooperation mechanism among member states and the Commission to share early warnings on risks and incidents, exchange information, and counter NIS threats and incidents
- The requirement for certain digital companies and services to adopt risk management practices and report major IT security incidents to the competent national authority.
The requirement to report IT security incidents aims to help develop a culture of risk management and make sure that information is shared between private and public sectors. It covers:
- Critical infrastructure operators in sectors such as financial services, transport, energy and health
- IT service companies, including app stores, e-commerce platforms, internet payment platforms, cloud computing platforms, search engines and social networks
- Public administrations
In the Council
The European Parliament adopted its position at first reading on 13 March 2014 on the proposed network and information security directive.
Following preparatory work by the Working Group on Telecommunications and the Information Society (WP TELE), the Council held an initialorientation debate on the draft directive on 6 June 2013.
At a TTE Council meeting on 5 December 2013, ministers took note of a progress report on the directive. The report highlighted ongoing preparatory work on issues such as the scope of the directive, the terminology used, the set-up of the cooperation network, and the requirements for the national NIS strategies.
The Council discussed a further progress report at the TTE meeting on 6 June 2014. In particular, ministers looked at the best way to cooperate to improve the preparedness and reactions to cyber security threats. They concluded that the NIS directive should focus on high-level strategic and policy cooperation. However, ministers also want it to give more direction to the operational cooperation that already takes place in several bodies. They agreed that discussions should continue on the practical arrangements for cooperation.
At a TTE Council meeting on 27 November 2014, the presidency briefed ministers on the state of play of work on the draft NIS directive. At the end of 2014, the Council held two trilogue meetings on the directive with the European Parliament. A third trilogue meeting took place on 30 April 2015. Although progress was made during the trilogue, important differences remained between the Council and European Parliament positions. The trilogue was therefore useful in further clarifying their respective concerns.
At a fourth trilogue meeting on 29 June 2015, the Council reached an understanding with the European Parliament on the main principles to be included in the draft NIS directive. These principles will now have to be turned into legal provisions to allow for a final deal on the directive at a later stage. Negotiations will continue in the second half of 2015.
Remember, no problem has a quick fix solution, particularly issues of cyber security in any form. Thus, always ensure to consult highly knowledgeable group of professionals whom would provide you with a collective advice, never individual advice. This group advice and approach is unique with CWIIL Group and is based on the overall Management Philosophy of all CWIIL Group Companies.
Consulting CWIIL Group of Companies, for any / all matters relating to cyber security ranging from individual to national levels, ensures advice based on highest level of knowledge which are given to you by a team of select research-oriented experts whom each will do their own assessment of your matter, and also assess it together, thus ensuring that in case a mistake has been made by one, it will be noticed and corrected even before it is being passed on to you. Receiving incorrect and un-knowledgeable security advice can be disastrous and thus should be avoided.
CWIIL Group of Companies is a global group of multi-specialized units with diversified interests and activities, wherein each company is a separate legal entity registered under prevailing laws in different parts of the world. CWIIL Group of Companies Products, Services, Project and Solutions are in a multitude of Verticals including, but not limited to, Infrastructure, Power, Oil & Gas, Legal, Media, Technology, ITES, HR, Shipping, Aviation, Real Estate, Hospitals, Health and Medicine, Education, Funding & Investment, Business and Legal Consultancy, and Public Private Partnerships, and other CWIIL Group Units, worldwide, to name a few.
For Further Queries Feel Free to Contact :
For Any / All Other Queries :
CWIIL Group Global Regional Headquarters Denmark,
Address : No. 1, Klokkebjergevej, DK6900 Skjern, Denmark
Voice : +45.5148.3608
Fax : +45.7014.1498
Email : firstname.lastname@example.org
Web : www.cwiilgroup.eu
Office Hours :
Monday to Friday : 10.00 – 17.00 CET.
Saturday : 10.00 – 14.00 CET.
Sunday : Closed.
The Corporate Communications Team would require minimum a fortnight for Reviewing & Responding to Queries, which please note.