IDG News Service >
 

Proposed EU cyber security law would firm up breach notification rules

o Jennifer Baker
07.02.2013 kl 11:29 | IDG News Service\Brussels Bureau

New rules on cyber security across the European Union were presented on Thursday after weeks of speculation and leaked drafts.

 

New rules on cyber security across the European Union were presented on Thursday after weeks of speculation and leaked drafts.

The main part of the European Commission's Cyber Security Strategy is a proposed Directive on Network and Information Security. If approved by the European Parliament and member states, this would become E.U. law.

Previous voluntary efforts have fallen short, "leaving many gaps in our overall cybersecurity" according to a Commission document. Currently only telecom companies are required to report significant security incidents. The new Directive would extend that to major Internet companies such as large cloud providers, social networks, e-commerce platforms and search engines, the banking sector and critical infrastructure services including energy, transport and health as well as public administrations.

All these organizations would have to report any security breach that has "a significant impact on the security of core services" to a national authority. This authority "may require that the public be informed", but a public announcement will not be mandatory.

"At the end of the day openness and transparency about your experience is going to result in a better environment for all," said Digital Agenda Commissioner Neelie Kroes.

She hit out at business managers who deny cyber attacks are happening because they are worried about reputation. Secrecy is not the way forward, she said. Statistics show that in 2012, 93 percent of large corporations experienced a cyber attack. "It is near-by normal," said the Commissioner, so there is no reason for secrecy.

Follow Jennifer on Twitter at @BrusselsGeek or email tips and comments to jennifer_baker@idg.com.

Keywords: Telecommunication  Legal  Internet  Security  Business Issues  
Latest news from IDG News Service

Copyright 2009 IDG Magazines Norge AS. All rights reserved

Postboks 9090 Grønland - 0133 OSLO / Telefon 22053000

Ansvarlig redaktør Henning Meese / Utviklingsansvarlig Ulf Helland / Salgsdirektør Tore Harald Pettersen