Mar 29– In the European Union, a new set of cyber security rules have been proposed to establish common cyber security and information security measures across EU-based institutions and to support the EU Agency for Cybersecurity.
Although the region has accelerated its cyber security initiatives across the past few years to shield from economic damage, recent geopolitical events have further speed up preparations.
The European Commission reports that a recent cyber attack hit the ViaSat satellite-based internet access provider, affecting nearly 30,000 satellite terminals throughout Europe. Speculators suggest that the attack may have been intended to disrupt the communications of the Ukrainian military, which relied on satellite transmissions.
The EU’s new cyber security rules
Last week, the European Union announced new cyber security rules. The initial outlay of rules aimed to enhance the resilience and response capacities of EU institutions, agencies and offices in the face of cyber threats.
Amidst an interconnected network system, a single cyber security event can set off something akin to a chain reaction, causing disruption for multiple organizations and entities, possibly across economic sectors.
The new regulation will instate a framework for risk management and control across entities. In addition, it will extend the mandate of the Computer Emergency Response Team, which is due to function as a central advisory body.
The new regulatory mandates also require EU institutions to maintain a cyber security governance framework, to apply basic measures for risk identification purposes, to conduct regular assessments and to immediately report cyber security incidents to the Computer Emergency Response Team.
The second set of cyber security rules
Beyond last week’s announcement, a second set of EU cyber security rules have been proposed. Their purpose involves establishing a minimum set of cyber security standards for all EU institutions. Such rules will enable institutions, offices and agencies to securely transfer information with member states in accordance with standardized security practices.
This latest piece of proposed legislation may be ready by the end of the year. Last week, the European Commission commenced a commentary period for its Cyber Resilience Act. This regulation is intended to establish horizontal cyber security requirements and common standards for digital products. The goal is to provide common cyber security policies for purveyors of physical and digital products and ancillary services.
For more information about national and international cyber security initiatives, see CyberTalk.org’s past coverage. Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.