The EU Council of Ministers finally approved the draft cyber solidarity law on Monday. It aims to establish and network national and cross-border security operations centers (“hubs”) across the EU to better detect digital threats using artificial intelligence (AI) and advanced data analytics. The aim is to use the new operations centers to exchange information about threats such as cyber attacks and deliver “appropriate” responses. According to the EU Commission’s original proposal, this early warning system is intended to provide authorities and other responsible bodies with a “real-time picture of the situation”.
Advertisement
Vulnerable submarine cables: New working group should help
But regulation Negotiators from the Committee of Member States and the EU Parliament agreed in principle in March. Accordingly, countries will also establish a mechanism for cyber emergencies. It aims to improve preparedness and ability to respond to significant and large-scale IT attacks. This mainly involves precautionary measures including testing of facilities in highly critical sectors such as health, transport and energy with a focus on potential vulnerabilities. To do this, governments need to create common risk scenarios. Furthermore, an EU cybersecurity reserve with emergency services from trusted certified providers should act as a rapid reaction force. These may be States, EU institutions, bodies or agencies or even third countries if they have joined the “Digital Europe” programme.
EU auditors have serious concerns
The EU Cyber ​​Security Agency (ENISA) will also be able to investigate certain cyber security incidents further at the request of the Commission or national authorities. It must then submit a report with findings and recommendations. Member states that provide technical assistance to another EU country in the event of a “significant or large-scale cybersecurity incident” must receive financial assistance from EU funds. The council also gave green signal to amendments to the Cyber ​​Security Act of 2019. This makes it possible to introduce a European certification system for security services. This includes penetration testing, security checks, advice and support. Its purpose is to help establish a framework for appointing trusted providers for the desired security reserves.
Parliament has already approved the package. Following signature by the Presidents of both Houses, both legal acts will now be announced in the Official Journal of the EU in the coming weeks. They will come into effect from the 20th day of publication. The European Court of Auditors warned last year that the Cyber ​​Solidarity Act would further complicate the EU’s already confusing “cybersecurity galaxy” with multiple overlapping bodies and rules. The function of virtual screens is also at risk of being impaired due to the lack of information exchange between EU countries.
(MKI)
Vulnerable submarine cables: New working group should help
