More European Businesses Would be Required to Report Cyber Incidents under New Proposal

By Ed Silverstein February 07, 2013

European officials want businesses across several additional sectors to quickly report cyber-attacks in many instances.

A new proposal announced on Thursday would expand the region’s response to cyber incidents far beyond current requirements.

“The new proposed Directive works to level the playing field by applying to all owners of critical infrastructure,” according to an EU statement.

“Under our proposal, sectors using telecoms networks in ways vital to our economy and society – energy, transport, banking, healthcare, and key Internet companies – would have to manage risks and report significant incidents, as we already require for the telecoms sector,” Neelie Kroes, vice president of the European Commission responsible for the Digital Agenda, said in a speech.

The nations which comprise the European Union would also need to identify authorities for network and information security, as well as computer emergency response teams, according to the plan. Information would be shared among member states and there would be other forms of cooperation.

Businesses would have a role to play, too.

“With the right investment in research and development, and the right policy framework, we can take security research and turn it into commercial reality – right here in Europe,” Kroes said.

“Europe needs resilient systems and networks,” she added. “A single cyber incident can cost from tens of thousands of euros for a small business — to millions for a large-scale data breach. Yet the majority of them could be prevented just by users taking simple and cheap measures.”

The need is there. Some 93 percent of large corporations and 76 percent of small businesses had a cyber-security breach in the past year, according to a PwC survey in 2012.

In her speech, Kroes also singled out DigiNotar, a Dutch certification company. DigiNotar did not report its systems were hacked. It failed to revoke digital certificates. Certificates were issued fraudulently and circulating online.

The new requirements would apply to: Internet companies such as large cloud providers, social networks, e-commerce platforms, and search engines; the banking sector and stock exchanges; energy such as electricity and gas; operators of air, rail and maritime transport and logistics; healthcare such as electronic medical devices and patient medical records; and government records.

In addition, PC Magazine reports that the proposal requires European states to adopt a network and information security (NIS) strategy. Responsible parties will respond and prevent NIS risks and incidents. There will be sharing among states information about early warnings on risks and incidents. Critical infrastructures in some sectors have to adopt risk management procedures and report major security incidents.

Altogether, the proposal could affect over 40,000 firms, the BBC reported.

EU member states will implement the cyber directive within 18 months of its adoption.

In a related matter, in the United States President Obama will likely issue an Executive Order on cyber-security. The order is likely to contain recommendations for operators of critical infrastructure. This follows in October Obama signing a limited “secret directive” to prevent cyber-attacks on computer networks.

The October directive relates to government agencies, including the military, TechZone360 said.




Edited by Braden Becker

TechZone360 Contributor

SHARE THIS ARTICLE
Related Articles

Practical Step-by-Step Guidance After Your Company Has Been Hacked

By: TMCnet Special Guest    6/30/2015

Everybody tends to think that hackers will never ever target them or their company/organization-until a breach occurs. We have already published sever…

Read More

Why the Apple Watch Failed

By: Rob Enderle    6/29/2015

The Apple Watch hasn't exactly been the success the iPod, iPhone, and iPad initially were (though to be fair the iPhone and iPod weren't that great th…

Read More

Department of Defense Wants to Move Majority of Apps to the Cloud by 2020

By: Peter Bernstein    6/29/2015

It is no secret that the U.S. government wants to upgrade its IT capabilities and that moving them into the cloud is a priority. In fact, it is a mand…

Read More

HBO Now Proves Big Hit with Cable Cutters

By: Steve Anderson    6/26/2015

For those have made the jump from traditional cable service to online sources for entertainment- also known as "cable cutters" or "cord cutters"-the I…

Read More

OneWeb Satellite Broadband Effort Gets $500M

By: Doug Mohney    6/26/2015

OneWeb, intent on building a 900 satellite Low-Earth-Orbit (LEO) broadband network encompassing the globe, released a flurry of information today. The…

Read More