The European Commission is boosting the EU’s cybersecurity regulation and information security to bolster resilience and response capacities against cyber threats and incidents.
The European Commission has recommended the implementation of new rules to facilitate common cybersecurity and information security measures across EU agencies and institutions.
The novel proposal intends to strengthen the EU’s resistance and response capabilities against cyber threats and incidents, on top of safeguarding a safe and robust EU public administration, in the midst of a global growth in malicious cyber activities.
A robust security framework
In its resolution from March 2021, the Council of the European Union emphasised the significance of a strong and reliable security framework to protect all EU personnel, data, communication networks, information systems and decision-making processes. It is only possible to attain this through improved strength and an enhanced security culture of the EU institutions, bodies, offices and agencies.
Cybersecurity in a connected world
Commissioner for Budget and Administration, Johannes Hahn, explained: “In a connected environment, a single cybersecurity incident can affect an entire organisation. This is why it is critical to build a strong shield against cyber threats and incidents that could disturb our capacity to act. The regulations we are proposing today are a milestone in the EU cybersecurity and information security landscape. They are based on reinforced cooperation and mutual support among EU institutions, bodies, offices, and agencies and on a coordinated preparedness and response. This is a real EU collective endeavour.”
In the context of the COVID-19 pandemic and the increasing geopolitical difficulties, a collaborative approach to cybersecurity and information security is more urgent than ever. It is with this in mind that the Commission has now recommended a Cybersecurity Regulation and an Information Security Regulation. Through establishing shared priorities and structures, these rules will increasingly reinforce inter-institutional collaboration, reduce risk exposure and further strengthen the EU security culture.
Cybersecurity Regulation
The proposed Cybersecurity Regulation will put in place a framework for governance, risk management and control in the cybersecurity area. It will lead to the creation of a new inter-institutional Cybersecurity Board, boost cybersecurity capabilities, and stimulate regular maturity assessments and better cyber-hygiene. It will also extend the mandate of the Computer Emergency Response Team for the EU institutions, bodies, offices and agencies (CERT-EU), as a threat intelligence, information exchange and incident response coordination hub, a central advisory body, and a service provider.
Information Security Regulation
The proposed Information Security Regulation will establish a minimum set of information security rules and standards for all EU institutions, bodies, offices and agencies to certify an improved and stable protection to counter the changing threats. These novel rules will offer a stable ground for a secure exchange of information across EU institutions, bodies, offices and agencies and with the Member States, based on standardised practices and measures to protect information flows.