Blog Credit : Trupti Thakur
Image Courtesy : Google
Cyber Legislation By European Union
New laws proposed to introduce alert system and encourage adoption of certification schemes.
The Council of the European Union has announced the adoption of two new laws to improve the overall cybersecurity across the continent.
The new laws establish a cybersecurity shield that calls for member states to cooperate in detecting and responding to cyber-attacks, and amend the EU’s Cybersecurity Act (CSA) of 2019 to ensure adequate security standards for managed security services.
According to Security Week, the first legislative act will establish a European Cybersecurity Alert System, a pan-European network of cyberhubs that creates “coordinated detection and situational awareness capabilities, reinforcing the Union’s threat detection and information-sharing capabilities.”
The second law amends the Union’s cyber resilience through the adoption of certification schemes for managed security services, which play an essential role in preventing, detecting, responding to, and recovering from cyber-attacks.
The two laws are expected to be published in the EU’s official journal and will be enforced 20 days after their publication.
As The Council of the European Union on Monday announced the adoption of two new laws meant to improve the overall cybersecurity across the EU.
The two new laws in the cybersecurity package establish a cybersecurity shield that calls for member states to cooperate in detecting and responding to cyberattacks, and amend the EU’s Cybersecurity Act (CSA) of 2019 to ensure adequate security standards for managed security services.
The first legislative act (PDF) establishes a European Cybersecurity Alert System, a pan-European network of cyberhubs that creates “coordinated detection and situational awareness capabilities, reinforcing the Union’s threat detection and information-sharing capabilities”.
The alert system’s infrastructure will include cross-border cyber hubs that will group together national cyber hubs meant to coordinate cyber threat detection and action activities with other member states.
“The cyber hubs will use state-of-the-art technology, such as artificial intelligence (AI) and advanced data analytics, to detect and share timely warnings on cyber threats and incidents across borders. They will strengthen the existing European framework and, in turn, authorities and relevant entities will be able to respond more efficiently and effectively to cybersecurity incidents,” the European Council said.
The new regulation also establishes a Cybersecurity Emergency Mechanism to support member states in preparing for, detecting, and recovering from major cybersecurity attacks, and a European Cybersecurity Incident Review Mechanism to review and assess major attacks.
The mechanism will support preparedness actions, including testing for potential vulnerabilities; a new EU cybersecurity reserve that will include private incident response services that will intervene at the request of member states; and technical mutual assistance.
The second law (PDF) amends the Union’s cyber resilience through the adoption of certification schemes for managed security services, which play an essential role in preventing, detecting, responding to, and recovering from cyberattacks.
“These services can consist of, for example, incident handling, penetration testing, security audits, and consulting related to technical support,” the Council said.
By amending the CSA, the council aims to increase the quality of managed security services, foster the emergence of trusted providers, and prevent market fragmentation in the context of some member states developing their own national certification schemes.
With the presidents of the Council and the European Parliament having signed them, the two laws are expected to be published in the EU’s official journal and will be enforced 20 days after their publication.
Blog By : Trupti Thakur