Tuesday, October 8, 2024
 
 

EU strives to boost ability to detect and prepare for cyber threats

MEPs and Council reach deal on cyber solidarity act and on managed security services
EU PARLIAMENT
Lead MEP on cyber solidarity Lina Galvez Munoz after an agreement on the Cyber Solidarity Act.

- Advertisement -

The Belgian Presidency of the European Council on March 6 informally agreed on the Cyber Solidarity Act (CSoA), aiming to build a more resilient, collective EU response against cyber-threats.

The legislative proposal seeks to bolster the European Union’s ability to detect, prepare for, and respond to cybersecurity threats and incidents, the European Parliament’s Committee on Industry, Research, Telecoms & Energy said, adding that the proposal’s key objectives include strengthening EU-wide detection and situational awareness of cyber threats, enhancing preparedness and response capabilities for significant cybersecurity incidents, and fostering European technological sovereignty in cybersecurity.

These objectives would be primarily achieved through a pan-European network of National Cyber Hubs and by establishing a Cyber Emergency Mechanism and a European Cybersecurity Incident Review Mechanism.

During negotiations, MEPs advocated for sufficient funding for the EU Cybersecurity Reserve, which could play an important role in supporting member states and EU institutions in dealing with large-scale cybersecurity incidents. They also pushed to ensure adequate support for the development of cybersecurity skills across the EU. This budget line will allow Cybersecurity competence centres to help member States prepare against cyber threats.

“This agreement on the Cyber Solidarity Act is a victory for our democracies in an increasingly digitised world,” lead MEP on cyber solidarity Lina Galvez Munoz from Spain said on March 6. “This regulation will protect our institutions and critical infrastructure by strengthening our capabilities to detect, prepare and respond to cyber threats and cyber attacks through cooperation between member states,” she added.

Lead MEP on managed security services, Josianne Cutajar from Malta said the agreement paves the way for a democratic and transparent cybersecurity certification scheme for managed security services that avoids market fragmentation.

“This provisional agreement recognises the importance of supporting SMEs in light of the implementation of the new act, such as through more financial and technical support, a clearer definition of managed security services, and acknowledging the challenges posed by the existing skills gap,” she said. By setting up this clear framework, we are increasing transparency in the process of the certification of the schemes, ensuring the participation of the European Parliament and strengthening security within the EU for the many, not just the few,” Cutajar added.

A separate legislative proposal on managed security services, also agreed upon with Council in the evening, aims to introduce EU cybersecurity certification schemes for outsourced services that support an organization’s cybersecurity risk management.

The law comes in response to the increasing importance of managed security services in preventing and mitigating cybersecurity incidents, ITRE said, adding that the law seeks to prevent market fragmentation due to varying national certification schemes by establishing a unified European certification framework. The goal is to enhance trust in managed security services across the EU, supporting the overall cybersecurity posture and ensuring a high level of cybersecurity across member states.

Both legislations will now have to be formally endorsed by both Parliament and Council in order to become law. The Industry, Research and Energy committee will hold a vote on the texts in the coming weeks. Parliament as a whole will then hold its vote during the plenary session on April 22-25 in Strasbourg.

The Cyber Solidarity Act ranks alongside the Cyber Resilience Act (CRA) as one of the most recent proposals in the European Commission’s cyber resilience package.

Lessons learned from cyber-attacks in Russia’s war against Ukraine

An earlier report for the Security and Defence Sub-Committee at the European Parliament, co-authored by Pavlina Pavlova, Public Policy Advisor at CyberPeace Institute, and Stéphane Duguin, CEO CyberPeace Institute, assessed the lessons learned from the use of cyber in the Russian war against Ukraine.

The report position the CRA as an important regulatory answer to the cyber threat landscape that is increasing in the scope, sophistication, and severity of cyber attacks and operations. In this regard, the report, published in September 2023 states that: “Important lessons can be learned from the war in Ukraine and the cyber preparedness of the country’s infrastructure, which has adopted horizontal approaches to cybersecurity. Cross-ecosystem consistency and coherence are crucial to avoid fragmentation of the EU’s cyber ecosystem, and strengthen the cybersecurity of interconnected ICT products, services, and components. Vulnerability disclosure is an important part of both the proposed CRA and the adopted NIS2 Directive (on measures for a high common level of cybersecurity across the Union)”.

Notably, vulnerability disclosure requirements in the earlier drafts of CRA were criticised in a joint letter of experts in October 2023.

 

- Advertisement -

Subscribe to our newsletter

Latest

Strategic Partnership or Strategic Risk? France’s Deepening Ties with Qatar

It has recently marked the half-year anniversary since France...

In energy-rich Azerbaijan, COP29 preview targets a greener future

Ahead of the UN’s annual climate conference, COP29, key...

The 10 most significant consequences of climate change

The most significant threats of climate change in the...

Interview: A Polish view of cooperation with the EU

As Poland prepares for its presidency over the Council...

Don't miss

Strategic Partnership or Strategic Risk? France’s Deepening Ties with Qatar

It has recently marked the half-year anniversary since France...

In energy-rich Azerbaijan, COP29 preview targets a greener future

Ahead of the UN’s annual climate conference, COP29, key...

The 10 most significant consequences of climate change

The most significant threats of climate change in the...

Interview: A Polish view of cooperation with the EU

As Poland prepares for its presidency over the Council...

Seven new members join the Minerals Security Partnership Forum

Meeting on the sidelines of the UN General Assembly...

Strategic Partnership or Strategic Risk? France’s Deepening Ties with Qatar

It has recently marked the half-year anniversary since France and Qatar announced a strategic partnership that will see the emirate invest €10 billion into...

In energy-rich Azerbaijan, COP29 preview targets a greener future

Ahead of the UN’s annual climate conference, COP29, key stakeholders from policy, private sector, finance, trade and investment, civil society, cities, regions, science and...

The 10 most significant consequences of climate change

The most significant threats of climate change in the year 2024 are of environmental, economic and social actions that could change significantly the way...

Interview: A Polish view of cooperation with the EU

As Poland prepares for its presidency over the Council of the European Union in the first half of 2025, NE Global sat down with...

Seven new members join the Minerals Security Partnership Forum

Meeting on the sidelines of the UN General Assembly in New York on September 26, the recently formed Minerals Security Partnership (MSP) came together...

Supplying Russia and Iran, Armenia emerges as a new sanctions black hole

For the past two years, Armenia has been attempting to demonstrate its shift towards the West, all the while maintaining its geopolitical role as...

Development of the Congress of Leaders of World and Traditional Religions: an integrative future vision

When the issue at hand is as significant as the integration between world religions in terms of shared values and collective thinking, it is...

UNGA 2024 overshadowed by Middle East turmoil

At the end of September, as usual, most of the world’s leaders converge on New York for the annual UN General Assembly (UNGA) session...