Brussels to launch new cyber-security agency
Photo © ktsdesign - Fotolia
(BRUSSELS) - The European Union proposed Tuesday a set of measures to step up its cyber-security capacity, including a cyber-safety scheme and other tools to ensure Europe is better equipped to deal with cyber-attacks.
The opportunities brought by new digital technologies have been accompanied by new risks from non-state and state actors who are increasingly trying to steal data, commit fraud and destabilise governments.
Last year saw more than 4,000 ransomware attacks every day, while 80 pre cent of European companies experienced at least one cybersecurity incident. The Commission says the economic impact of cyber-crime has risen five-fold over the past four years.
The cybersecurity measures proposed by the EU executive, in conjunction with the EU's foreign policy chief, include a proposal for an EU Cybersecurity Agencyto assist Member States in dealing with cyber-attacks, and a new European certification scheme that will ensure that products and services in the digital world are safe to use.
"The EU will pursue an international cyber policy promoting an open, free and secure cyberspace," said foreign policy head Federica Mogherini, "as well as support efforts to develop norms of responsible state behaviour, apply international law and confidence building measures in cybersecurity."
EU countries must tackle these challenges together, added Andrus Ansip, EC vice-president for the Digital Single Market: "Our initiatives strengthen cooperation so that EU countries can tackle these challenges together. We also propose new measures to boost investment in innovation and promote cyberhygiene."
The new EU Cybersecurity Agency will be given a permanent mandate to assist EU Member States in effectively preventing and responding to cyber-attacks. It will organise yearly pan-European cybersecurity exercises, ensuring better sharing of threat intelligence and knowledge through the setting up of Information Sharing and Analyses Centres. It will also help implement the Directive on the Security of Network and Information Systems which contains reporting obligations to national authorities in case of serious incidents.
The EU-wide certification framework, which the Cybersecurity Agency would help put in place and implement, is aimed at ensuring that products and services are cyber secure. Just as with EU food labels, the new European cybersecurity certificates are expected to ensure the trustworthiness of the billions of devices which drive today's critical infrastructures, such as energy and transport networks, but also new consumer devices, such as connected cars. Cybersecurity certificates will be recognised across EU Member States, and will thus cut down on the administrative burden and costs for companies.
The Commission is also proposing to boost deterrence through new measures to combat fraud and the counterfeiting of non-cash means of payment. A proposed Directive would strengthen the ability of law enforcement authorities to tackle this form of crime by expanding the scope of the offences related to information systems to all payment transactions, including transactions through virtual currencies. The law will also introduce common rules on the level of penalties and clarify the scope of Member States' jurisdiction in such offences.
Factsheet on EU resilience to cyber-attacks
Factsheet on the EU Cybersecurity Agency
Factsheet on combating fraud and counterfeiting of non-cash means of payment