Towards an e-solidary Europe, the Council of Europe and the European Parliament have decided.

img-post
Blog
Cybersecurity

Rédigé par colas Bonvicini , 14 March 2024

March 6, 2024 will mark the political agreement reached between the European Parliament and the Council of the European Union on the Cyber Solidarity Act.

Motivated in large part by the increase in cyber attacks since the start of the war on Europe’s doorstep, the European Union’s Cyber Resilience Act has been agreed by all 27 EU member states.

The Cyber Resilience Act will help to improve preparedness, detection and response to cyber security incidents across the EU.

Here are the actions presented in this new cybersolidarity legislation:

I] A European cyber shield

This alert system will be made up of a network of national and cross-border cyberpoles (SOCs) throughout the EU.

These Security Operations Centers (SOCs) will rely on state-of-the-art tools and infrastructures, such as artificial intelligence and advanced data analysis, to detect cyberthreats and incidents at an early stage.

Speed of detection is a key factor in responding to cyber threats. With the deployment of a European SOC infrastructure, we are improving response times and facilitating cooperation to achieve a truly European cyberspace shield. “said Thierry Breton, Internal Market Commissioner.

Thanks to this infrastructure, the authorities and other concerned entities will be informed of the state of the cyber threat in real time.

II] A cyber emergency mechanism

This will strengthen our preparedness and response capabilities in the face of the largest and most far-reaching cyber incidents.

Here are the three main areas supported by this mechanism:

Support for preparatory actions

By coordinating vulnerability preparedness tests for entities operating in critical sectors, such as healthcare, finance and energy, to name but a few.

Testing these entities in crucial sectors will then detect potential weaknesses that could make them vulnerable to cyber threats. A joint risk assessment at EU level is planned to select the entities to be prioritized for testing.

The creation of an EU cybersecurity reserve

This EU cybersecurity reserve will consist of incident response services provided by private service providers, so-called trust providers. These trust providers can therefore be deployed at the request of Member States, EU institutions, bodies and agencies, and under the Digital Europe program, to help them deal with major cybersecurity incidents.

The European Parliament and the Council of Europe have also reached agreement on amending the cybersecurity regulation. This amendment opens up the possibility of adopting European certification schemes for managed security services. It will establish a framework for the establishment of trusted providers in the EU cybersecurity pool under the cybersolidarity regulation. “writes the European Commission on its website.

Financial support and insurance for mutual assistance

This mechanism will support a Member State offering assistance to another Member State affected by a cybersecurity incident.

III] A European cybersecurity incident review mechanism

Insofar as major incidents have already occurred, this European mechanism will be designed to examine and assess the criticality of these cyber incidents, with the aim of formulating recommendations to improve the EU’s cybersecurity position.

At the request of the European Commission or national authorities such as the EU-CyCLONe network or the CSIRT network, the EU Cybersecurity Agency(ENISA) will be responsible for examining so-called significant or large-scale cybersecurity incidents, and is expected to present a report outlining the conclusions drawn from these cyberattacks, or where appropriate, make recommendations to improve the EU’s cybersecurity response capability.

Conclusion

In the context of the European Union’s ordinary legislative procedure, informal inter-institutional informal inter-institutional negotiation (trialogue) between representatives of the European Parliament, the Council of the European Union and the European Commission.

This e-solidarity legislation will then be submitted to the European Parliament and the Council for formal approval. Once formally adopted, this cybersolidarity regulation will enter into force on the twentieth day following that of its publication in the Official Journal.

The cybersolidarity regulation will subsequently increase funding for cybersecurity actions under the Digital Europe program (DIGITAL) for the period 2025-2027.

Understanding the NIS2 directive and its impact on French companies
NIS2 is an evolution of the NIS1 directive, taking into account new threats and technological developments since its adoption in 2016. It introduces stricter network and information system security requirements, as well as additional obligations for providers of essential digital services and critical infrastructure operators. Lire l'article