[ad_1]

Governance & Risk Management
,
Government
,
Industry Specific

Trading Bloc Reaches Political Agreement on the Cyber Solidarity Act

Europe Vows to Unify the Fight Against Cyberthreats
European Union lawmakers and government representatives reached an agreement Tuesday on the Cyber Solidarity Act. (Image: Shutterstock)

The European Parliament and the council of direct European national governments reached a political agreement Tuesday on a proposal that seeks to improve the trading bloc’s ability to mitigate cyberthreats.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

The European Commission first proposed the Cyber Solidarity Act last year in the wake of increased cyberattacks against European critical infrastructure tied to the Russian invasion of Ukraine in 2022 (see: European Commission Proposes Network of Cross-Border SOCs).

Following its approval by lawmakers and the European Council on Tuesday, the finalized text must undergo one more round of voting and approval by the council – steps that in European lawmaking are typically formalities.

The initiative proposes several measures intended to strengthen European response to cyber risk. They include creating a European “cybersecurity shield” consisting of cross-border security operations centers and establishing a cyber emergency mechanism capable of running vulnerability checks on European critical infrastructure.

“These rules will strengthen the EU’s and member states’ capabilities to prepare, prevent, respond, and recover from large-scale cyberthreats or incidents,” said Mathieu Michel, Belgian secretary of state for digitization.

The bill was proposed after Russian nation-state attacks against European critical infrastructure spiked following the invasion of Ukraine in 2022. A recent threat report from the European Union Computer Emergency Response Team or CERT-EU says the trading bloc recorded 241 nation-backed attacks against 104 software products in 2023. A majority of those attacks stemmed from Russian groups.

Even before Russia’s February 2022 invasion of Ukraine, European officials criticized poor information sharing between national capitals on cybersecurity incidents. They said in a 2020 security strategy that there is “no operational mechanism” to coordinate response among member countries and European Union institutions in the event of “a large-scale, cross-border cyber incidents or crisis.”

European agencies on Tuesday also reached an agreement on expanded certification plans to include managed security services. The certification plan, developed by the European Union Agency for Cybersecurity, lays out measures for hardware and software products to ensure compliance under European plans such as the Directive for a High Level of Cybersecurity, known as NIS2, and the Cyber Resilience Act.

European lawmaker Josianne Cutajar, who headed the certification talks on Tuesday, said the inclusion of managed service providers will help “avoid market fragmentation” and ensure “transparency in the process of the certification.”



[ad_2]

Source link