The Commission adopted on Tuesday a proposal for an EU regulation on cyber solidarity with the aim of strengthening the Union’s capabilities in cyber security. The Regulation would support the detection and awareness of cyber security threats and incidents, increase the degree of preparedness of critical entities and strengthen solidarity and concerted crisis management and response capacities in all Member States.
The proposed Regulation on cyber solidarity sets out the capabilities the Union needs to help Europe become more resilient and ready to react to cyber threats, while strengthening the existing cooperation mechanism. It will help ensure a safe and secure digital landscape for citizens and businesses and protect critical entities and essential services such as hospitals and public services.
The Commission has also put forward the idea of setting up a Cyber Security Skills Academy as part of the European Year of Skills 2023. The Academy could provide a more coordinated approach to addressing the cybersecurity talent gap, step by step of which we cannot improve Europe’s resilience. The Academy will bring together various existing initiatives that seek to promote cybersecurity skills and make them available on an online platform. Thus, it will increase their visibility and create the conditions for increasing the number of qualified professionals in the field of cyber security in the EU.
As part of the European Security Union, the EU is determined to ensure that all European citizens and businesses are protected, both online and offline, and to promote an open, secure and stable cyberspace. However, the growing scale, frequency and impact of cyber security incidents represent a major threat to the functioning of networks and IT systems and to the European single market. Russia’s military aggression against Ukraine has further exacerbated this threat, given the large number of government-backed miscreants and “hacktivists” involved in current geopolitical tensions.
Building on the strong strategic, policy and legislative framework already in place, the proposed EU Cyber Solidarity Regulation and the Cyber Security Competence Academy will further contribute to improving the detection of cyber threats as well as increasing resilience and of readiness at all levels of the European cyber security ecosystem.
The EU Cyber Solidarity Regulation will strengthen Union-wide solidarity to better detect, anticipate and counter major or large-scale cybersecurity incidents by creating a European Cyber Security Shield and a global emergency response mechanism in the field of cyber security.
In order to quickly and efficiently detect major cyber threats, the Commission proposes the creation of a European cyber shield, i.e. a pan-European infrastructure composed of national and cross-border security operations centers throughout the Union. It is about entities that would have the task of detecting and countering cyber threats. They will use state-of-the-art technologies such as artificial intelligence (AI) and advanced data analytics to detect cyber threats and incidents and issue timely alerts across the Union. In turn, the authorities and entities concerned will be able to react more efficiently and effectively to major incidents.
These centers could be operational at the beginning of 2024. As a preparatory stage of the European Cyber Shield, in November 2023 the Commission selected, under the “Digital Europe” programme, three consortia of cross-border security operations centers, bringing together public bodies from 17 member states and Iceland.
The proposed EU regulation on cyber solidarity also includes the creation of a cyber security emergency response mechanism, aimed at increasing preparedness and strengthening incident response capabilities in the EU. The Regulation will support: preparation actions, including testing entities from extremely critical sectors (health, transport, energy, etc.) to detect possible vulnerable points, based on risk scenarios and common methodologies; the creation of a new EU cyber security reserve, consisting of response services provided by pre-contracted trusted providers, who will therefore be ready to intervene at the request of a Member State or the institutions, bodies and agencies of the Union, in the event an important or large-scale cyber security incident; providing financial support for mutual assistance, whereby a member state could provide support to another member state.
In addition, the proposed regulation establishes the cyber security incident assessment mechanism to increase the resilience of the Union by analyzing and evaluating important or large-scale cyber security incidents that have occurred, drawing the necessary conclusions and, as appropriate, issuing recommendations for improving the position of the Union in the cyber security sector.
The total planned budget for all actions related to the EU Cyber Solidarity Regulation is EUR 1.1 billion, of which approximately two-thirds will be funded by the EU through the Digital Europe programme.
The EU Cybersecurity Skills Academy will bring together private and public initiatives that seek to increase cybersecurity skills at European and national level, giving them greater visibility and helping to address the shortage of cybersecurity professionals. The Academy will initially be hosted online, on the platform of the Commission for Skills and Jobs in the Digital Sector. Citizens interested in pursuing a career in cyber security will be able to find online training and certification opportunities offered across the EU, all on one site. Stakeholders will also be able to commit to supporting the improvement of cybersecurity skills in the EU by initiating specific actions, for example by proposing cybersecurity training courses and certifications.
The Academy will develop in such a way that it can provide a common space for universities, training providers and businesses in this sector, helping them coordinate their educational programs, training courses, funding, as well as follow the evolution of the labor market in the field of cyber security.
On Wednesday, the Commission also proposed a specific amendment to the Regulation on cyber security, to allow the future adoption of European certification systems for “managed security services”. These are highly critical and sensitive services provided by cyber security service providers, such as incident response, penetration testing, auditing and security consulting services, to help businesses and other organizations prevent, detect , to counter or recover from such incidents. Certification is essential and can play an important role in the context of the EU cybersecurity reserve and the Directive on measures for a high common level of cybersecurity in the Union (NIS 2 Directive), facilitating the cross-border provision of these services.
The European Parliament and the Council will examine the proposal for an EU regulation on cyber solidarity and on the specific amendment of the Regulation on cyber security. The European Cyber Security Competence Center will organize, together with selected cross-border security operations centers, a joint public procurement procedure for tools and infrastructures to strengthen cyber detection capabilities. The EU Cyber Security Agency (ENISA) and the European Cyber Security Competence Center will continue to work on strengthening cybersecurity competences. They will contribute to the materialization of the Academy of competences in cyber security, in accordance with their mandates and in close cooperation with the Commission and the Member States.
The Commission proposes that the academy take the form of a European Digital Infrastructure Consortium (EDIC), a new legal framework for the implementation of projects involving several countries. This possibility is to be discussed with the Member States.
At the same time, we need to ensure that professionals follow the necessary training courses and that these courses are of quality. In this sense, ENISA will develop a pilot project through which the possibility of establishing a European attestation system for cyber security skills will be explored.
With its proposal for an EU regulation on cyber solidarity, the Commission responds to the call of Member States to strengthen the EU’s cyber resilience. At the same time, it thus fulfills its commitment expressed in the recent joint communication “EU Cyber Defense Policy”, that of preparing an EU Initiative on Cyber Solidarity. The proposed EU Regulation on Cyber Solidarity and the Cyber Security Competence Academy builds on the UERO Cyber Security Strategy••• and the EU legislative framework to strengthen the EU’s collective resilience against growing security threats cybernetic. It includes the Directive on measures for a high common level of cybersecurity in the Union (NIS 2) and the Cybersecurity Regulation.
For the most important news of the day, transmitted in real time and presented equidistantly, LIKE our Facebook page!
Follow Mediafax on Instagram to see spectacular images and stories from around the world!
Answer on the websites of Aleph News, Mediafax, Ziarul Financiar and on our social media pages – ȘTIU and Aleph News. See the answer to I know, from 19.55, Aleph News.
The content of the www.mediafax.ro website is intended exclusively for your information and personal use. It is forbidden republication of the content of this site without the consent of MEDIAFAX. To obtain this agreement, please contact us at [email protected].