Today, the Commission has proposed new rules for the introduction of common cybersecurity and information security measures in all the institutions and bodies of the Union. The proposal aims to strengthen the resilience and capacity to deal with cyber threats and incidents, as well as to ensure a resilient and secure EU public administration, amid growing cyber-malicious activity in the global landscape.
Budget and Administration Commissioner Johannes Hahn said: “In a connected environment, a single cybersecurity incident can affect an entire organization. That’s why it’s important to build a strong shield against cyber threats and incidents that could disrupt our ability to act. The regulations we are proposing today are a milestone in the cybersecurity and information security landscape in the EU. They are based on enhanced cooperation and mutual support between the other EU institutions and bodies, as well as on preparedness and coordination. This is a real collective effort of the EU. “
In the context of the COVID-19 pandemic and the growing geopolitical challenges, a common approach to cybersecurity and information security is essential. In view of the above, the Commission has proposed a regulation on cybersecurity as well as a regulation on information security. By setting common priorities and frameworks, these rules will further strengthen interinstitutional cooperation and the EU security culture, but also minimize risk exposure.
Cyber Security Regulation
The proposed cybersecurity regulation will implement a framework for cyber security governance, management and control. It will lead to the creation of a new Cyber Security Interinstitutional Council (IICB), strengthen cybersecurity capabilities, stimulate regular maturity level assessments, and improve cybersecurity. It will also extend the mandate of the IT Emergency Response Team for the other EU institutions and bodies (CERT-EE), as a coordination hub for information on cyber threats, information exchange and response, but also as central advisory body and service provider.
Key elements of the proposal for a cyber security regulation:
-Strengthen CERT-EU mandate and provide the resources needed to fulfill it
Requirement from all the institutions and bodies of the Union:
- provide a framework for cyber security governance, management and control;
- implement a basic set of cybersecurity rules to address the identified risks;
- carry out regular maturity assessments;
- implement a plan to improve their cybersecurity, which is approved by the entity’s leadership;
- exchange information on incidents with CERT-EU without undue delay.
Establishment of a new cybersecurity interinstitutional council to guide and monitor the implementation of the regulation and the guidance of CERT-EU;
– Renaming of CERT-EU from “IT emergency team” to “Cyber Security Center”, in line with developments in the Member States and worldwide, but retaining the short name “CERT-EU” due to the recognition of the name.
Information security regulation
The proposed Information Security Regulation will establish a minimum set of information security rules and standards for all the Union’s other institutions and bodies, in order to ensure enhanced and consistent protection against evolving threats against their information. These new rules will be a solid ground for the secure exchange of information between the institutions and bodies of the Union, as well as with the Member States, based on standard practices and measures for the protection of information flows.
Key elements of the proposal for a regulation on information security:
- Establishing effective governance to promote cooperation between all the other institutions and bodies of the Union, namely an interinstitutional information security coordination group;
- Establish a common approach to categorizing information based on the level of confidentiality;
- Modernize information security policies, including fully digital transformation and remote work;
- Streamlining current practices and achieving greater compatibility between relevant systems and devices.
Historical frame
In its resolution of March 2021, the Council of the European Union stressed the importance of a solid and coherent security framework for the protection of all EU personnel, data, communication networks, information systems and decision-making processes. achieved only by strengthening the resilience and improving the security culture of the Union’s other institutions and bodies.
Following the EU Strategy for the Security Union and the EU Cyber Security Strategy, the cybersecurity regulation proposed today will ensure consistency with existing cybersecurity policies, in full alignment with current European legislation:
- The Network and Information Systems Directive (NIS Directive) and the future Directive on measures for a high common level of cyber security across the Union (NIS 2) proposed by the Commission in December 2020;
- the Cybersecurity Act;
- The recommendation of the Commission to set up a Joint Government Unit;
- The recommendation of the Commission for the coordinated response to large-scale cyber incidents and crises.
Given the ever-increasing amount of sensitive unqualified and classified information handled by the Union institutions and bodies, the proposed Information Security Regulation aims to increase information protection by streamlining the various framework of the other institutions and bodies of the Union in this field. The proposal is in line with:
The EU Strategy for the Security Union, which includes an overall commitment by the EU to complement Member States’ efforts in all areas of security;
The key feature of the strategic agenda for the period 2019-2024, approved by the European Council in June 2019, for the protection of our societies from the constantly evolving threats aimed at the information handled by the institutions and other institutions and bodies of the Union ·
The conclusions of the General Affairs Council of December 2019, which call on the institutions and other institutions and bodies of the Union, with the support of the Member States, to develop and implement a comprehensive package of measures to ensure their security.
Lena Flytzani
Follow Skai.gr on Google News
and be the first to know all the news
