The strategy “An Open, Safe and Secure Cyberspace”, is built on five priorities:
• Achieving cyber resilience
• Drastically reducing cybercrime
• Developing cyber defence policy and capabilities related to the Common Security and defence Policy (CSDP)
• Developing the industrial and technological resources for cyber-security
• Establishing a coherent international cyberspace policy for the European Union and promoting core EU values.
The Commission stresses the fact that a lack of NIS (Network Information Security) can compromise vital services, hence the need to issue a Directive. The proposed Directive contains several measures including the requirement for Member State to adopt a NIS strategy and designate a national NIS competent authority with adequate financial and human resources to prevent, handle and respond to NIS risks and incidents.
A cooperation mechanism among Member States and the Commission is essential to share early warnings on risks and incidents through a secure infrastructure, and to cooperate and organise regular peer reviews.
Critical infrastructures in most sectors, enablers of information society services and public administrations, must adopt risk management practices and report major security incidents on their core services.
Competent authorities and the Commission shall form a network to cooperate against risks and incidents affecting network and information systems. The network shall bring into permanent communication the Commission and the competent authorities. When requested, the European Network and Information Security Agency (“ENISA”) shall assist the cooperation network by providing its expertise and advice.
Given the importance and relevant arguments contained in the EU Cybersecurity plan, over the coming days GCSEC will conduct a thorough examination of the two documents.