Yesterday, 16 december, the commission and the high representative for foreign affairs and security policy presented a new
cyber security strategy of the eu
. As a key component Shaping Europe's Digital Future
, Recovery Plan for europe
and Strategy for European eu security
the strategy will strengthen the collective resilience of europe against cyberthreats and will help to ensure that all citizens and businesses can fully benefit from services and reliable and credible.
The new cyber security strategy also enables the eu to step up its leadership in international norms and standards in cyberspace and strengthen cooperation with partners worldwide to promote a global cyberspace, open, stable and secure; based on the rule of law, human rights, freedoms and democratic values.
In addition, the commission presented proposals to address the physical resilience cyber and entity and a critical networks:
Directive on measures to a high common level of safety throughout the union
(Directive NIS or NIS 2), and a new Directive on the resilience of critical entities
. Cover a wide range of sectors and aim to address current and future risks online and offline, up from cyber attacks crimes or natural disasters, in a consistent and complementary.
Confidence and security in the heart of the European Digital Decade ""
The new cyber security strategy aims to protect a comprehensive and open Internet, at the same time that it provides safeguards, not only to ensure the safety but also to protect european values and fundamental rights of all. On the basis of the achievements of recent months and years, contains specific proposals for policy initiatives, investment and policies, in three areas of action of the Eu:
- Resilience, sovereignty and technological leadership
In the framework of this line of action, the commission intended to amend the rules on security of networks and information systems, within the framework of a directive on measures to a high common level of safety throughout the union (Directive NIS or NIS 2), in order to increase the level of ciberresiliencia public- and private hospitals, critics: energy networks, railways, but also data centers, public administrations, research laboratories and manufacture of medical devices and critical medicines, as well as other critical infrastructure and services, must remain impervious, in an environment of threat ever faster and complex.
The commission also proposes to establish a network of centres of security operations throughout the eu, with technology of artificial intelligence (IA), which will form a true "" cyber security shield for the eu, capable of detecting signs of a cyber attack sufficiently in advance and allow action, before it occurs, the damage. The additional measures will include support devoted to small and medium-sized enterprises (SMES), in the context of the
Digital innovation centres
as well as a great effort to improve the labour force, to attract and retain the best talent in cybersecurity and invest in research and innovation abierta. competitive and based on excellence.
- Develop the operational capacity to prevent, deter and respond
The commission is preparing, through a progressive and inclusive process with member states, a new Joint Cyber, to strengthen cooperation between the eu bodies and the authorities of member states responsible to prevent, deter and respond to cyberattacks, including civil, police forces, and diplomatic communities cyber defence capabilities. The High Representative submitted proposals for strengthening the toolbox of ciberdiplomacia from the eu in order to prevent, deter, deter and respond effectively against malicious cyber activities, in particular affecting our critical infrastructure, supply chains, democratic institutions and processes. The Eu will also aim to further improve cooperation in cyber defence capabilities and capacities of cyber defence capabilities.
European forum for the defence
- Promote an open global cyberspace and through enhanced cooperation
The eu will intensify its work with international partners to strengthen the global order based on rules, to promote international security and stability in cyberspace and protect human rights and fundamental freedoms in line. It Will Promote norms and standards that reflect these fundamental values of the eu, working with its international partners in the united Nations and other relevant forums. The Eu would further strengthen their toolbox of eu ciberdiplomacia and increase capacity-building efforts in third countries cyber through the development of an agenda for cyber capacity of the eu's external. Heightened cyber dialogues with third countries, regional and international organizations, as well as with the community of multiple stakeholders. The Eu will also form a network of eu ciberdiplomacia around the world to promote its vision of cyberspace.
The eu is committed to supporting the new strategy of cybersecurity, with an unprecedented investment in the transition to digital eu during the next seven years, through the next eu budget in the long term, in particular the
Digital Europe programme
and Horizon Europe
as well as the Recovery Plan for europe.
Therefore, encourages the member states to make full use of Mechanism for the recovery and resilience of the eu
to jump-start the cybersecurity and match the investment at eu level. The objective is to 4500 million euros of combined investment of the eu, member states and industry, especially in the framework of the Competence centre on cybersecurity and the network of focal points
, and ensure that an important part to smes.
The commission also aims to strengthen industrial capacities and technological basis for the eu in terms of cyber security, including through projects funded jointly by the national budgets and the eu. The eu has a unique opportunity to pool their assets to improve its strategic autonomy and boost its leadership on cybersecurity in the entire supply chain digital (including data and cloud, processor technologies next generation, connectivity and UN ultrasegura networks), in line with its values and priorities.
Cyber resilience and physical protection of the network, the information systems and critical entities
It is necessary to update existing measures at eu level to protect key services and infrastructures of physical and cyber-crime. The risks of cybersecurity will continue to evolve with the increasing digitalization and interconnection. Physical risks they have also become more complex since the adoption of the rules of the eu 2008 on critical infrastructure, which currently only cover the energy and transport. The revisions aim to update the rules following the logic of the strategy of Union of Security of the eu, exceeding the false dichotomy between online and offline and smashed the silo approach.
To respond to the increasing threats due to digitization and interconnection, the proposed directive on measures to a high common level of safety throughout the union (Directive NIS or NIS 2) will cover entities medium and large sectors of more in terms of their importance to the economy and society. NIS 2 reinforces security requirements imposed on businesses, addresses the security of supply chains and supplier relations, speeds up the information requirements, it introduces measures of stricter monitoring for national authorities, performance requirements more stringent and aims at harmonising sanctions regimes in the member states. The proposal NIS 2 will help to increase information exchange and cooperation on crisis management team (cert) at the national level and the eu.
The proposal for a directive on resilience of critical entities (CER) expands on both the extent and depth of the european directive of critical infrastructure from 2008. Now cover 10 sectors: energy, transport, banking, financial market infrastructure, health, drinking water, wastewater, digital infrastructure, public administration and space. According To the proposed directive, each of the member states would adopt a national strategy to ensure the resilience of entities and take a critical risk assessments regularly. These evaluations will also help to identify a smaller subset of critical entities would be subject to obligations aimed at improving their resilience to hazards, including cyber not risk assessments at the entity level, the adoption of appropriate technical and organisational and reporting of incidents. The Commission, in turn, would provide further support to member states and entities,
Ensure the next generation networks: 5G and more
In the framework of the new strategy of cybersecurity, encourages member states, with the support of the commission and ENISA, the european agency for Safety, to complete the implementation of the
Toolbox 5G of the eu
, a comprehensive approach and objective based on security risks for 5G and futuro. generations of networks.
According to a
published yesterday on the impact of the Recommendation on cybersecurity lacomisión network 5G
and progress in the implementation of the toolbox of the eu
mitigation measures, progress report of july 2020
the majority of member states are already well aimed at
implement the measures recommended. Now must have intended to complete its implementation for the second quarter of 2021 and ensure that the identified risks mitigated properly, in a coordinated manner, particularly in order to minimize exposure to high-risk suppliers and to avoid these providers. The commission also sets today key objectives and actions designed to further the work coordinated at eu level.
European cyber security strategy for the decade Digital (PDF)
Original source of news