The EU Commission has proposed a new Directive for cybersecurity, recently. Designed to ensure a common framework is in place for both nation states and companies providing critical infrastructure, the Directive will provide a clear and defined roadmap of needed improvements.
As stated by the Commission's Digital Agenda for Europe website, according to this proposal:
- Member States will have to put in place a minimum level of national capabilities by establishing NIS (Network and Information Security) national competent authorities, by setting up well-functioning Computer Emergency Response Teams (CERTs), and by adopting national NIS strategies and national NIS cooperation plans;
- NIS national competent authorities will have to exchange information and to cooperate so as to counter NIS threats and incidents;
- Operators of critical infrastructure (such as energy, transport, banking, stock exchange, healthcare), key Internet enablers (e-commerce platforms, social networks, etc) and public administrations will be required to assess the risks they face and to adopt appropriate and proportionate measures to ensure NIS. These entities will also be required to report to competent authorities incidents with a significant impact on core services provided.
Further updates on this Directive will be posted on this blog as they develop over the coming months.