On 7 February 2013, the European Commission published two cybersecurity documents designed to provide a comprehensive vision of how the EU will prevent and respond to cyber disruptions and attacks in order to build confidence in the online economy:
- a communication setting out an EU cybersecurity strategy (“Communication”
- a proposal for a directive on network and information security (“NIS Directive”)
The Communication, entitled "An Open, Safe and Secure Cyberspace", represents the EU's comprehensive vision on how best to prevent and respond to cyber disruptions and attacks and identifies the following five strategic priorities:
- achieving cyberresilience;
- drastically reducing cybercrime;
- developing a cyberdefence policy and capabilities related to the Common Security and Defence Policy;
- developing industrial and technological resources for cybersecurity; and
- developing a coherent international cyberspace policy for the EU and promote core EU values.
Many of these priorities are intended to be furthered through the measures proposed in the draft NIS Directive.
The NIS Directive
The NIS Directive is a key component of the overall strategy. In its current draft form the NIS Directive includes measures requiring Member States to designate a national competent authority to prevent, handle and respond to network information security risks and incidents, and to create a co-operation mechanism to share early warnings on risks and incidents.
The NIS Directive also imposes certain obligations on operators of critical infrastructures (e.g. sectors such as financial services, transport, energy and health), together with enablers of information society services (e.g. e-commerce platforms, internet payment services, cloud computing services and social networking services) and public administrations, to adopt risk management practices and to report major security incidents on having a significant impact on the security of their core services.
The provisions of the proposed NIS Directive and scope of the strategy document highlight the importance the Commission is giving to the issue of cybersecurity and the need for a unified approach. Whilst there are likely to be concerns about the additional regulatory burdens imposed by the proposed legislation the ever greater frequency and severity of cyber attackson public and private organisations means that such reform is increasingly recognised by public and private sector stakeholders as necessary.
Please click here for a link to Communication.
Please click here for a link to the draft NIS Directive.