In the face of a flood of cyber attacks, the EU is asking key departments in the region to strengthen defense. Earlier on Friday, negotiations on a new EU cybersecurity directive had progressed, which would force sensitive industries such as banking, energy, telecommunications and transportation to better protect their networks and invest in cybersecurity to prevent hackers from undermining key functions of society. The public administration is also affected by the directive.
The new law is the cornerstone of the EU's broader strategy to deal with multi wave cyber attacks accompanied by the coronavirus pandemic, geopolitical tensions and the recent war in Ukraine. Major incidents include cybercrime "blackmail software" attacks, such as attacks on American oil pipeline operator colonial and Irish health care system, as well as cyber espionage against EU institutions, departments and commissions.
According to the new directive, important European companies and organizations will have to establish and audit network security response plans, file network security incidents with the authorities within 24 hours, and use the most advanced network security technology to prevent hacker attacks, otherwise they will face huge fines.
Representatives of the European Commission, Parliament and the European Council agreed on the details of the network and information security directive (NiS2 directive) during a late night meeting in Brussels.
Bart groothuis, a member of the Dutch liberal party who led the negotiations on behalf of the European Parliament, said that the law "will help more than 100000 entities strengthen security control and make Europe a safe place to live and work. If we are attacked on an industrial scale, we need to respond on an industrial scale."
The law is the first revision of EU cybersecurity legislation. The legislation was passed in 2016 and is the first step for EU authorities to monitor and control cybersecurity. Member states have long been touched by this issue because it is closely related to the national security of Member States, but the proliferation of destructive cyber attacks in the past few years has forced EU governments to cooperate more closely at the European level.
Strengthening cyber security in Europe "involves the core of many other policies, from the development of artificial intelligence, semiconductor and defense sectors to our ability to keep lights and hospitals open," EVA may [Dell], a member of the center right European Parliament from Bulgaria( http://www.anrdoezrs.net/links/9019719/type/dlg/sid//https://www.dell.com/zh -Cn / shop / deals) said in a text message.
The law imposes a long list of requirements on companies, organizations and public services, including fixing software vulnerabilities, preparing risk management measures, sharing information and notifying authorities of incidents within 24 hours, and providing a complete report within three days. Lawmakers have decided that operators and organizations that violate basic network security obligations will face fines ranging from 1.4-2% of turnover. Interestingly, these figures are roughly equivalent to the ransom usually required by blackmail software groups when they invade major organizations.
"The result of the trade-off is whether I pay a ransom, a fine or invest in security before being hacked," said groothuis, a leading member of the European Parliament.
Negotiators also agreed to include key public administrations within the scope of legal regulation, which means that many government services must also comply with these requirements. Governments must also develop policies to help cyber authorities take preventive action to prevent hackers and attacks, rather than just waiting to deal with the crisis.
"This agreement is not a silver bullet, but the scale of this challenge means that we must build an arsenal to protect our digital networks from harm," said medell, a member of the Bulgarian Parliament
The law will require formal approval by EU Member States and the European Parliament. These rules will then be implemented by governments.