Today, the European Commission, along with the High Representative of the Union for Foreign Affairs and Security Policy, has published the “An Open, Safe and Secure Cyberspace" cybersecurity strategy.
The strategy represents the European Union’s (EU) vision on how states should prevent and respond to cyber threats. The plan aims at enhancing freedom and democracy, and ensuring that the digital economy can grow safely.
The strategy focuses on five key aspects: enhancing cyber resilience, reducing cybercrime, developing cyber defense policies, developing industrial and technological resources for cybersecurity and establishing a coherent international cyberspace policy for the EU.
The EU highlights that it has already made some progress in this sector with the recent establishment of the European Cybercrime Center.
However, the new strategy also aims at funding and developing a network of national Cybercrime Centers of Excellence that would facilitate training and capacity building.
In addition to the strategy, the Commission has also proposed a directive on network and information security (NIS).
The NIS would require all stakeholders – including critical infrastructure operators, members states and ISPs – to ensure a secure and trustworthy digital environment throughout the EU.
The measures include the designation of a national competent authority that would be in charge of handling, preventing and responding to incidents, and the development of a cooperation mechanism to share early warnings.
The directive also proposes that all organizations adopt risk management practices and report major security incidents on their core services.
“The more people rely on the internet the more people rely on it to be secure. A secure internet protects our freedoms and rights and our ability to do business. It's time to take coordinated action - the cost of not acting is much higher than the cost of acting,” said Neelie Kroes, European Commission Vice-President for the Digital Agenda.
The EU has also published an FAQ for the proposed directive on network and information security.