EU cybercrime proposals could force organisations to report hacks

By Danny Palmer
07 Feb 2013 View Comments
European Union map

Any bank, hospital or energy provider that suffers a cyber-attack would have to inform regulators under new EU proposals announced today.

Launched in Brussels by European Commission Vice-President for the Digital Agenda Neelie Kroes, Commissioner for Home Affairs Cecilia Malmström, and High Representative for Foreign Affairs and Security Policy Catherine Ashton, the policy could affect over 40,000 firms across the EU.

Further reading

Under the plan, each EU member state would be required to establish a Computer Emergency Response Team (CERT.) Each country would also need to recommend an authority to deal with information and network security for organisations to report security breaches to.

It would be the responsibility of that body to decide if the reported cyber-attacks are made public and if the breached organisation should be fined.

"The recently launched European Cybercrime Centre already marks a significant step forward in our fight against cybercrime," said Catherine Ashton.

"But our efforts at an EU scale will only be effective, if the same level of ambition and preparedness is shown by member states. We need to acknowledge that today, many EU countries are still lacking the necessary tools to fight online organised crime.

"This is why the strategy calls for all member states to set up effective national cybercrime units that can benefit from the expertise and the support of the European Cybercrime Centre.

"Internet is very important for our economy and values," added Neelie Kroes, "We are all aware of the phishing scams... and natural disasters like storms. We need to protect our networks and make them resilient."

The EU's cybercrime proposals have been welcomed by a number of organisations.

"We warmly welcome this EU initiative," said Leo Sun, President of Huawei's European Public Affairs and Communications Office.

"Cyber threats do not stop at national borders, and neither can efforts to protect our networks and systems. At Huawei, we believe an international approach in which all stakeholders take their fair share of responsibility is a prerequisite to tackling this global challenge."

Jason Hart, vice-president for Cloud Solutions at online security firm SafeNet, also welcomed the proposals, but argued mandatory encryption of data should form a key part of the fight against cybercrime.

"This move is a welcome change as past breaches have demonstrated that delays in reporting may have exacerbated the initial problem," he said.

"However reporting the breach itself is only a small part of the equation. What is of real importance is preventing the damage that the exposure of unencrypted data can cause in the event of a security breach.

"Therefore, a key solution to tackle cyber security issues lies within pushing for more wide-scale mandatory encryption of all data," Hart added.

There doesn't appear to be a specific date for the proposals to be implemented by, but the report suggests the feasibility of CERT control teams will be examined this year.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

38 %
26 %
15 %
21 %