Thursday, May 23, 2024
 
 

EU strives to boost ability to detect and prepare for cyber threats

MEPs and Council reach deal on cyber solidarity act and on managed security services
EU PARLIAMENT
Lead MEP on cyber solidarity Lina Galvez Munoz after an agreement on the Cyber Solidarity Act.

- Advertisement -

The Belgian Presidency of the European Council on March 6 informally agreed on the Cyber Solidarity Act (CSoA), aiming to build a more resilient, collective EU response against cyber-threats.

The legislative proposal seeks to bolster the European Union’s ability to detect, prepare for, and respond to cybersecurity threats and incidents, the European Parliament’s Committee on Industry, Research, Telecoms & Energy said, adding that the proposal’s key objectives include strengthening EU-wide detection and situational awareness of cyber threats, enhancing preparedness and response capabilities for significant cybersecurity incidents, and fostering European technological sovereignty in cybersecurity.

These objectives would be primarily achieved through a pan-European network of National Cyber Hubs and by establishing a Cyber Emergency Mechanism and a European Cybersecurity Incident Review Mechanism.

During negotiations, MEPs advocated for sufficient funding for the EU Cybersecurity Reserve, which could play an important role in supporting member states and EU institutions in dealing with large-scale cybersecurity incidents. They also pushed to ensure adequate support for the development of cybersecurity skills across the EU. This budget line will allow Cybersecurity competence centres to help member States prepare against cyber threats.

“This agreement on the Cyber Solidarity Act is a victory for our democracies in an increasingly digitised world,” lead MEP on cyber solidarity Lina Galvez Munoz from Spain said on March 6. “This regulation will protect our institutions and critical infrastructure by strengthening our capabilities to detect, prepare and respond to cyber threats and cyber attacks through cooperation between member states,” she added.

Lead MEP on managed security services, Josianne Cutajar from Malta said the agreement paves the way for a democratic and transparent cybersecurity certification scheme for managed security services that avoids market fragmentation.

“This provisional agreement recognises the importance of supporting SMEs in light of the implementation of the new act, such as through more financial and technical support, a clearer definition of managed security services, and acknowledging the challenges posed by the existing skills gap,” she said. By setting up this clear framework, we are increasing transparency in the process of the certification of the schemes, ensuring the participation of the European Parliament and strengthening security within the EU for the many, not just the few,” Cutajar added.

A separate legislative proposal on managed security services, also agreed upon with Council in the evening, aims to introduce EU cybersecurity certification schemes for outsourced services that support an organization’s cybersecurity risk management.

The law comes in response to the increasing importance of managed security services in preventing and mitigating cybersecurity incidents, ITRE said, adding that the law seeks to prevent market fragmentation due to varying national certification schemes by establishing a unified European certification framework. The goal is to enhance trust in managed security services across the EU, supporting the overall cybersecurity posture and ensuring a high level of cybersecurity across member states.

Both legislations will now have to be formally endorsed by both Parliament and Council in order to become law. The Industry, Research and Energy committee will hold a vote on the texts in the coming weeks. Parliament as a whole will then hold its vote during the plenary session on April 22-25 in Strasbourg.

The Cyber Solidarity Act ranks alongside the Cyber Resilience Act (CRA) as one of the most recent proposals in the European Commission’s cyber resilience package.

Lessons learned from cyber-attacks in Russia’s war against Ukraine

An earlier report for the Security and Defence Sub-Committee at the European Parliament, co-authored by Pavlina Pavlova, Public Policy Advisor at CyberPeace Institute, and Stéphane Duguin, CEO CyberPeace Institute, assessed the lessons learned from the use of cyber in the Russian war against Ukraine.

The report position the CRA as an important regulatory answer to the cyber threat landscape that is increasing in the scope, sophistication, and severity of cyber attacks and operations. In this regard, the report, published in September 2023 states that: “Important lessons can be learned from the war in Ukraine and the cyber preparedness of the country’s infrastructure, which has adopted horizontal approaches to cybersecurity. Cross-ecosystem consistency and coherence are crucial to avoid fragmentation of the EU’s cyber ecosystem, and strengthen the cybersecurity of interconnected ICT products, services, and components. Vulnerability disclosure is an important part of both the proposed CRA and the adopted NIS2 Directive (on measures for a high common level of cybersecurity across the Union)”.

Notably, vulnerability disclosure requirements in the earlier drafts of CRA were criticised in a joint letter of experts in October 2023.

 

- Advertisement -

Subscribe to our newsletter

Latest

Good news – the UK is not in recession; Bad news – it doesn’t feel like it

One of the greatest problems that both economists and...

Outline for Luzon Economic Corridor takes shape

While most headlines from the Indo-Pacific Business Forum held...

U.S.-Kazakhstan dialogue on human rights and democratic reforms continues

The United States and Kazakhstan convened the third annual...

Tackling new threats to critical energy infrastructure

The explosions that targeted the Nord Stream pipelines from...

Don't miss

Good news – the UK is not in recession; Bad news – it doesn’t feel like it

One of the greatest problems that both economists and...

Outline for Luzon Economic Corridor takes shape

While most headlines from the Indo-Pacific Business Forum held...

U.S.-Kazakhstan dialogue on human rights and democratic reforms continues

The United States and Kazakhstan convened the third annual...

Tackling new threats to critical energy infrastructure

The explosions that targeted the Nord Stream pipelines from...

Georgia’s “Foreign Representatives Law” moves forward amid protests

On May 14, Georgia’s parliament approved (84/150) a hotly...

Good news – the UK is not in recession; Bad news – it doesn’t feel like it

One of the greatest problems that both economists and politicians face is the key element of communication. Yes, they may indeed be trying to...

Outline for Luzon Economic Corridor takes shape

While most headlines from the Indo-Pacific Business Forum held on May 21 in Taguig, just outside Manila, focused on the latest official data concerning...

U.S.-Kazakhstan dialogue on human rights and democratic reforms continues

The United States and Kazakhstan convened the third annual U.S.-Kazakhstan High-Level Dialogue on Human Rights and Democratic Reforms on May 20 in Astana, focusing...

Tackling new threats to critical energy infrastructure

The explosions that targeted the Nord Stream pipelines from Russia to Germany in September 2022 and the suspected sabotage of Baltic-connector pipeline, which supplies...

Georgia’s “Foreign Representatives Law” moves forward amid protests

On May 14, Georgia’s parliament approved (84/150) a hotly contested law on “Transparency of Foreign Interests” regulating the amount of aid local civil society...

North Macedonia: Sliding back towards the political dark side?

As most analysts predicted after the strong showing of the nationalist presidential candidate in the first-round presidential elections on April 24, VMRO-DPMNE (Internal Macedonian...

A Green 5+1, regional water issues in Central Asia and previewing next year’s Astana International Forum

Kazakhstan’s Astana International Forum (AIF) has been postponed to 2025, as Astana is diverting financial resources to assist the relief efforts after massive flooding hit several regions....

Navigating the climate challenges for COP29

The impacts of climate change have become more evident as greenhouse gas emissions (GHG) from human activities cause increased heat, drought, floods etc. Changes...