The European Parliament adopts new EU-wide rules on cybersecurity
The Directive on Security of Network and Information Systems is the first EU-wide guidance on cybersecurity
Image credit: EP Audiovisual
New rules on cybersecurity to promote international cooperation against threats have been passed by the European Parliament.
The Directive on Security of Network and Information Systems (NIS), which is expected to come into force in August 2016 and be incorporated into national laws by May 2018, is the first EU-wide guidance on cybersecurity.
It aims to improve cybersecurity within each member state as well as increasing cooperation across the EU on cybersecurity issues.
The directive also brings in risk management and incident reporting obligations for digital service providers and operators of essential services.
Companies in critical sectors such as energy, transport, banking and health, as well as online marketplaces, cloud computing services and search engines, will have to adopt risk management practices and report major incidents.
Member states will be required to appoint one or more authorities responsible for monitoring implementation at a national level.
Each country will create at least one computer security incident response team to react to cyber threats and incidents. These will operate as a network across Europe.
A cooperation group will also be set up to facilitate cooperation across the region.
The group will be made up of representatives of member states, the European Commission and ENISA (the European Union Agency for Network and Information Security) with the European Commission acting as secretariat.
Günther H. Oettinger, the European commissioner with responsibility for the digital economy, said it had been an “important week for cybersecurity in Europe”.
The adoption of the first EU-wide legislation on cybersecurity would support and facilitate strategic cooperation between member states as well as the exchange of information, he said.
European Commission Vice-President Andrus Ansip, who is responsible for the digital single market, said: "If we want people and businesses to make the most of digital services, they need to trust them. A digital single market can only be created in a secure online environment.
“The Directive on Security of Network and Information Systems is the first comprehensive piece of EU legislation on cybersecurity and a fundamental building block for our work in this area.”
Owners of critical infrastructure and providers of services are being urged to be prepared for Russian cyber attacks
The Scottish Government has published cyber resilience action plans for the private and third sectors
The Government has accused Russia of a large-scale cyber hack targeting thousands of British households
MPs have flagged up Whitehall’s poor record at delivering critical border programmes
Vodafone explores some of the ways IoT is significantly improving public sector service delivery
BT's Amy Lemberger argues that having the right security in place to protect your organisation is no longer just an option. It is a necessity.