EU Cybersecurity plan to protect open internet and online freedom and opportunity
The
European Commission, together with the High Representative of the Union
for Foreign Affairs and Security Policy, has published a cybersecurity
strategy alongside a Commission proposed directive on network and
information security (NIS).
The cybersecurity
strategy – "An Open, Safe and Secure Cyberspace" - represents the EU's
comprehensive vision on how best to prevent and respond to cyber
disruptions and attacks. This is to further European values of freedom
and democracy and ensure the digital economy can safely grow. Specific actions are aimed at enhancing cyber resilience of information systems, reducing cybercrime and strengthening EU international cyber-security policy and cyber defence.
The strategy articulates the EU's vision of cyber-security in terms of five priorities:
- Achieving cyber resilience
- Drastically reducing cybercrime
- Developing cyber defence policy and capabilities related to the Common Security and Defence Policy (CSDP)
- Developing the industrial and technological resources for cyber-security
- Establishing a coherent international cyberspace policy for the European Union and promoting core EU values
The EU international
cyberspace policy promotes the respect of EU core values, defines norms
for responsible behaviour, advocates the application of existing
international laws in cyberspace, while assisting countries outside the
EU with cyber-security capacity-building, and promoting international
cooperation in cyber issues.
The EU has made key advances in
better protecting citizens from online crimes, including establishing a
European Cybercrime Centre (IP/13/13), proposing legislation on attacks against information systems (IP/10/1239) and the launch of a Global Alliance to fight child sexual abuse online (IP/12/1308).
The Strategy also aims at developing and funding a network of national
Cybercrime Centers of Excellence to facilitate training and capacity
building.
The
proposed NIS Directive is a key component of the overall strategy and
would require all Member States, key internet enablers and critical
infrastructure operators such as e-commerce platforms and social
networks and operators in energy, transport, banking and healthcare
services to ensure a secure and trustworthy digital environment
throughout the EU. The proposed Directive lays down measures including:
(a) Member
State must adopt a NIS strategy and designate a national NIS competent
authority with adequate financial and human resources to prevent, handle
and respond to NIS risks and incidents;
(b) Creating
a cooperation mechanism among Member States and the Commission to share
early warnings on risks and incidents through a secure infrastructure,
cooperate and organise regular peer reviews;
(c) Operators
of critical infrastructures in some sectors (financial services,
transport, energy, health), enablers of information society services
(notably: app stores e-commerce platforms, Internet payment, cloud
computing, search engines, social networks) and public administrations
must adopt risk management practices and report major security incidents
on their core services.
Neelie Kroes, European Commission Vice-President for the Digital Agenda said:
"The
more people rely on the internet the more people rely on it to be
secure. A secure internet protects our freedoms and rights and our
ability to do business. It's time to take coordinated action - the cost
of not acting is much higher than the cost of acting."
Catherine Ashton, High Representative of
the Union for Foreign Affairs and Security Policy/Vice-President of the
Commission said:
"For cyberspace to remain open and free,
the same norms, principles and values that the EU upholds offline,
should also apply online. Fundamental rights, democracy and the rule of
law need to be protected in cyberspace. The EU works with its
international partners as well as civil society and the private sector
to promote these rights globally."
Cecilia Malmström, EU Commissioner for Home Affairs said:
"The
Strategy highlights our concrete actions to drastically reduce
cybercrime. Many EU countries are lacking the necessary tools to track
down and fight online organised crime. All Member States should set up
effective national cybercrime units that can benefit from the expertise
and the support of the European Cybercrime Centre EC3."