EU to propose cybersecurity rules

Posted by   Virus Bulletin on   Feb 6, 2013

Companies required to report breaches.

The European Union is due to set out a new set of cybersecurity rules tomorrow - in which companies including search engines, energy providers, banks and financial service providers and 'internet enablers' will be required to report any breaches or cybersecurity incidents to national bodies.

The proposals drafted by the European Commission would affect around 40,000 companies including 'internet enablers" such as Google, Facebook, Twitter, eBay and Skype, obligating them to notify national authorities of any instances in which their services are disrupted or data privacy is breached - besides cybersecurity attacks, this also includes cases of human error and natural disasters. Sanctions would be determined and enforced by the individual member states.

The proposals have been drafted in an attempt to force the hand of the various parties involved since voluntary information sharing and regulation has not so far been successful. The document states: "The current situation in the EU, reflecting the purely voluntary approach followed so far, does not provide sufficient protection against network and information security incidents and risks across the EU."

Ahead of the formal announcement of the rules, the strategy has already received criticism from various industry leaders, whose concern is that enforcing such reporting mandates could harm business - and European digital rights group EDRi claims that such a move could give national authorities access to a level of information that would be in breach of the European Convention on Human Rights.

Following the official announcement of the rules, the proposal will be reviewed by the European Parliament and the leaders of the EU's 27 national governments before (if approved) becoming law.

Posted on 06 February 2013 by Helen Martin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

WannaCry shows we need to understand why organizations don't patch

Perhaps the question we should be asking about WannaCry is not "why do so many organizations allow unpatched machines to exist on their networks?" but "why doesn't patching work reasonably well most of the time?"

Modern security software is not necessarily powerless against threats like WannaCry

The WannaCry ransomware has affected many organisations around the world, making it probably the worst and most damaging of its kind. But modern security is not necessarily powerless against such threats.

Throwback Thursday: CARO: A personal view

This week sees the 11th International CARO Workshop taking place in Krakow, Poland – a prestigious annual meeting of anti-malware and security experts. As a founding member of CARO, Fridrik Skulason was well placed, in August 1994, to shed some light…

VB2016 paper: Uncovering the secrets of malvertising

Malicious advertising, a.k.a. malvertising, has evolved tremendously over the past few years to take a central place in some of today’s largest web-based attacks. It is by far the tool of choice for attackers to reach the masses but also to target…

Throwback Thursday: Tools of the DDoS Trade

As DDoS attacks become costlier to fix and continue to increase in both number and diversity, we turn back the clock to 2000, when Aleksander Czarnowski took a look at the DDoS tools of the day.