In response to the increasing threats from cyber attacks and a lack of any common approach in Europe to digital network breaches, a new ‘Network and Information Security’ directive has been agreed this week by MEPs and ministers. This creates for the first time an EU-wide set of rules on cyber security.
Representatives from 28 EU countries have created a common set of minimum standards for cyber security in Brussels. Primarily designed to target any organisation running critical national infrastructures (eg. airports and power stations), it also sets a minimum benchmark of standards for organisations such as banks, energy and water companies.
On top of this, any company running critical services (plus some technology firms) will be required to report cyber breaches and attacks. The tech firms likely to be included are online marketplaces such as eBay, Amazon and search engines like Google.
The European Agency for Network and Information Security (Enisa) estimates that such breaches whether from human error, technical failure or malicious attack result in annual losses in the range of €260bn to €340bn (£188bn to £246bn).
The whole driver for creating consensus is based on the strength of shared intelligence and protocols between countries. In this new digital and dangerous age, countries must swallow historic aversions to sharing security information across Europe, for the greater good of its citizens. A boost to this is also the EU pledge to offer best practice to others and to assisting member states to secure their infrastructures where they do not have the technologies or cyber security specialists.
Knowing how witheringly slow EU politics can be, this political goodwill collaboration amongst EU partners is in no small part spurred on as a result of the Paris terrorist attacks on 13th November 2015.
There remain many hurdles as the agreement still needs approval from the European Parliament and national governments. With a vote in Spring 2016, it would then take around two years to put the measures in place.
MEP Vicky Ford (Chairman of the European Parliament Internal Market and Consumer Affairs Committee), who chaired the final round of talks, said that it was “a hugely complex piece of legislation. We have set up a network which will enable experts from each of the 28 countries in the EU to share and develop best practice in network security, whilst not compromising any individual member state’s own national security measures.”
One can only hope that EU security agencies are prompted by their leaders to be proactive in sharing digital network threat information altruistically in the intervening 24 months. The old “I’m all right Jack” mentality is now firmly a thing of the past as neighbours must support each other in this darker digital world.