"A secure internet protects our freedoms and rights and our ability to do business. It's time to take coordinated action – the cost of not acting is much higher than the cost of acting”, stated Neelie Kores, Vice President of the European Commission responsible for the Digital Agenda, during the launching of Commission's Cyber Security Strategy and proposed directive on network and information security (NIS) on 7 February.
The new action aims to prevent and respond to cyber disruptions and attacks that are taking or may take place across Europe. In this way, the EU wants to achieve cyber resilience, reduce cybercrime, and develop cyber defence policies, as well as expand industrial and technological resources for cyber-security, and establish a coherent international cyberspace policy.
In order to reduce the increasing number of cyber attacks and threats, the EU opened one month ago its European Cybercrime Centre, where different experts are building up models of past threats to avoid future disruptions, explained Cecilia Malmström, Commissioner for Home Affairs.
“We will not be able to reap all the potential benefits of the online economy if we cannot protect our citizens and provide them with a safe and secure Internet environment”, she said, and added that “if we want to be credible in our efforts to fight cybercrime we need better legislation, more resources and better coordination.”
According to the proposed NIS Directive, which is a key component of the overall strategy, all Member States, key internet enablers and infrastructure operators such as e-commerce platforms and social networks will be required to ensure a secure digital environment.
The Directive must be implemented by all EU countries within 18 months of its adoption by the Council and European Parliament. It includes measures like the designation of a national NIS authority and the creation of a cooperation mechanism among Member States and the Commission to share early warnings on risks and incidents.
However, only incidents having a significant impact on the security of core services provided by market operators should be reported to the competent national authority, which may inform citizens about the threat.
Internet companies and Internet Service Providers are also targeted by the Directive. The Chinese firm Huawei is one of those who welcomed Commission's strategy and its Global Security Officer, John Suffolk, highlighted that “the time has come to stop talking about the threat, stop talking about the challenges and start talking about the actions we have taken and will take.”
So far, reactions to the strategy have been varied. ALDE MEP Marietje Schaake welcomed the new plan, but pointed out that “we can not lose time in addressing the most difficult questions” and explained the Commission didn't announce new concrete actions.
In addition, ALDE MEP Sophie in ‘t Veld told viEUws that the strategy is not clear and affirmed that “this strategy is not a strategy, is a mishmash of different measures.”