In an effort to make sure information is kept safe, the European Union has launched a new cybersecurity strategy that officials hope will promote the safe, responsible growth of online activity. The plan, entitled “An Open, Safe and Secure Cyberspace,” describes the comprehensive vision EU has for how to prevent and respond to cybersecurity disruptions and attacks. Jo Best points out on ZDNet that one of the most important aspects of these new guidelines is that large companies across the EU will have to report any security breaches that occur.
“Among the measures the strategy recommends are that each European country set up a CERT (Computer Emergency Response Team) authority and designate a ‘competent authority’ to manage online security for EU organizations,” Best wrote on the website. “Such national cybercrime units would share information with each other, law enforcement agencies as well as data protection authorities, and publicly publish early warnings of online threats.”
According to EU’s website, the strategy has five primary pillars, including achieving resilience in the cyber world, reducing online crime, developing a good cyber defense policy, giving industrial and technological resources for defending the cyber world and establishing a cyberspace policy that represents the collective interest of countries in the EU.
The network and information security directives is a big part of this new strategy, according to the EU’s website, as they will require member states, critical infrastructure operators, social media websites and others to start having better policies in place to prevent breaches, share early warnings on risks that are coming through.
Neelie Kroes, European Commission vice president for the Digital Agenda, said the more people rely on the Internet as they tend to do these days, the more secure it must be. She said this is a necessary step to protecting the freedom and rights to do business in a coordinated, organized fashion. Cecilia Malmström, EU Commissioner for Home Affairs, said the strategy highlights concrete actions by the union to stop or slow cybercrime.
“Many EU countries are lacking the necessary tools to track down and fight online organized crime,” she said on the EU’s website. “All Member States should set up effective national cybercrime units that can benefit from the expertise and the support of the European Cybercrime Centre EC3.”
ZDNet said that in addition to pushing out this new legislation, officials are also setting funds aside to help countries identify and patch lingering security holes. There is also a launch of the European Cybercrime Centre in the Netherlands that is said to be the main spot for fighting against crime, security threats and helping to share information across sectors.
How this will affect the private sector
The strategy said the majority of network and information systems are privately owned and operated, so there must be dedicated outreach made to the private sector. EU’s guidelines said the private sector should develop its own capabilities and share best practices across multiple sectors. The plan, according to ZDNet, is to eventually legislate that large companies must disclose when they have been attacked. There is still something of a lack of effective incentives in place to provide for security in private business, so adding that key companies would be made to make sure their IT and information services is up to par where it should be.
“While the private sector should continue to play a leading role in the construction and day-to-day management of the Internet, the need for requirements for transparency, accountability and security is becoming more and more prominent,” the strategy said.
A story on Computerworld U.K. said the private sector could be considered the weak link in any plan for improved data security. Chi Onwurah wrote on the website that these smaller companies often have comparatively weak network security protections in place, especially when it comes to the financial sector.
The security of the financial sector becomes even more concerning considering the impact of the 2008 financial crash is still felt, she wrote, adding that cyberattacks usually go unreported and there is a limited range of what is known about how to stop attacks. In order to have the best security possible, Onwurah said that there needs to be a secure private sector. Without this, she does not believe the public sector will be secured, so the EU and other governing bodies may want to look at a way to bridge the gap between these two sectors.
EU reported on its website that 38 percent of internet users have changed how they behave online due to data security worries, with 18 percent less likely to buy goods online and 15 percent cutting out online banking. These fears will likely not subside until better security is proven to be in place
Data Security News from SimplySecurity.com by Trend Micro.