Tag: NIS Directive

NIS Directive has been adopted by the EU Commission

12. July 2016

On the 6th July 2016, the Vice-President of the EU Commission, Andrus Ansip, and Commissioner Günther H. Oettinger announced the approval of the NIS Directive, this is the Directive on Security of Network and Information Systems.

NIS Directive is one of the main legislative proposals in the context of the Cybersecurity Strategy developed by the EU and focuses on the following aspects:

  • The development of a national system to face cybersecurity attacks such as a Computer Security Incident Response (CSIRT) and a competent authority in cybersecurity issues.
  • A strategic cooperation mechanism between Member States and a development of a CSIRT Network in order to share information about risks.
  • To promote a culture of IT-security in all industry sectors, especially those identified as being “operators of essential services”. This also means to adopt adequate incident response plans. The Directive will apply also to digital service providers such as cloud computing, search engines and e-commerce businesses.

The Directive will enter into force in August 2016 and EU Member States will have 21 months to implement it into their national laws.

Agreement on cybersecurity signed between the EU Commission and the industry

7. July 2016

On Wednesday, the EU Commission announced the launch of a public-private partnership with the cybersecurity industry as part of its Digital Single Market strategy. This partnership aims at providing the industry with better equipment and infrastructure to reduce cybersecurity threats.

Recent surveys have revealed that around 80% of European companies have suffered at least one cybersecurity incident during 2015. Worldwide, the number of cybersecurity incidents increased up to 38%. Andrus Ansip, Vice-President for the Digital Single Market, stated that “without trust and security, there can be no Digital Single Market”. Therefore several measures haven been proposed in order to tackle the increasingly sophisticated threats.

The initiative focuses on the following aspects:

  • Reinforcement of cooperation across borders and between all sectors of the cybersecurity branch
  • Support the development of innovative and secure products and services
  • Creation of a possible certification framework for information and communications technology security products
  • Ease access to the cybersecurity market for smaller business
  • Assessment of the capabilities and mandate of European Union Agency for Network and Information Security (ENISA) to achieve its mission to support EU Member States in reinforcing cyber-resilience
  • Evaluation of methods to strengthen cybersecurity cooperation, trainings and education

Both, the EU and the cybersecurity industry actors, represented by the European Cybersecurity Organization (ECSO), will invest around €1.8 billion in this initiative. Members from national, regional and local public administration, as well as research centres and academies will also participate.

The main industry sectors to which this partnership is focused are finance, health, energy and transport.

The EU Digital Single Market strategy also includes the 2013 EU Cybersecurity strategy and the Network and Information Security Directive (NIS Directive), which is expected to be approved within the next weeks.

EU Directive on Cyber Security to be expected in August 2016

19. May 2016

The EU Council adopted this week the Network and Information Security Directive (NIS Directive) at first reading. The NIS Directive is part of the EU cyber security strategy, which main objective is to prevent and respond to disruptions and cyber-attacks in telecommunications systems located in the EU.

The Directive aims at achieving a minimum level of IT security and implementing an effective risk management culture for digital technologies. Furthermore, it also aims at dealing with IT security breaches by imposing the obligation to report significant incidents without delay, especially for business or organizations whose main activity is subject to a higher risk, such as cloud providers or social networks.

The five main goals of the NIS Directive are:

  • To achieve cyber resilience
  • To reduce cybercrime significantly
  • To develop a cyber defense policy at EU level by creating authorities at national level
  • To promote the development of technological resources
  • To implement a solid international cyberspace policy

After the EU Council has adopted the NIS Directive at first reading, the draft must be approved by the EU Parliament at second reading. If the EU Parliament approves the Directive, it might enter into force in August 2016.