EU-wide cyber security rules get green light

A draft framework ordering firms supplying essential services to improve their cyber security procedures has been approved by the European Parliament.

By Paul Walsh(2147491592)
A draft framework ordering firms supplying essential services to improve their cyber security procedures has been approved by the European Parliament.

The rules will list sectors in which critical service providers will have to ensure they are suitably equipped to deal with cyber attacks.

The new directive is designed to unify cyber security systems and end the current fragmentation of 28 separate systems.

EU member states will have to identify ‘operators of essential services’ in essential fields e.g. energy transport, banking and health and will be assessed to set criteria including whether the service is critical for society and the economy and whether an incident could be significantly disruptive.

Informally approved in December, the new rules received approval from Internal Market MEP’s of 34 votes to 2 but will still need to be endorsed by the EU council and full Parliament.

“Parliament has pushed hard for a harmonised identification of critical operators in energy, transport, health or banking fields, which will have to fulfil security measures and notify significant cyber incidents,” said rapporteur Andreas Schwab (EPP, DE).

As part of the new draft framework a strategic “co-operation group” for all member states to exchange information and best practices. Additionally, al members will be required to setup a computer security incident response team to handle any potential cyber risks.

«