The European Parliament and the council of direct European national governments have reached a significant political agreement on the Cyber Solidarity Act. This proposal aims to enhance the trading bloc’s ability to address and mitigate cyber threats effectively. The agreement was reached on Tuesday, marking a crucial step toward bolstering Europe’s cybersecurity defenses.

The Cyber Solidarity Act was initially proposed by the European Commission in response to the escalating cyberattacks against critical infrastructure in Europe following the Russian invasion of Ukraine in 2022. The proposal includes various measures designed to bolster the European response to cyber risks. One key aspect of the initiative is the establishment of a European “cybersecurity shield,” which will consist of cross-border security operations centers. Additionally, the proposal includes the creation of a cyber emergency mechanism that can conduct vulnerability checks on European critical infrastructure.

Upon approval by lawmakers and the European Council, the finalized text of the Cyber Solidarity Act must undergo one final round of voting and approval by the council. These procedural steps are customary in European lawmaking processes and are expected to proceed smoothly.

Mathieu Michel, Belgian secretary of state for digitization, emphasized the importance of the new rules in enhancing the EU and member states’ capabilities to prepare for, prevent, respond to, and recover from large-scale cyber threats or incidents. The Cyber Solidarity Act is a proactive response to the increasing risks posed by cyberattacks, particularly those originating from nation-state actors such as Russia.

According to a recent threat report from the European Union Computer Emergency Response Team (CERT-EU), the trading bloc experienced 241 nation-backed attacks targeting 104 software products in 2023, with the majority of these attacks attributed to Russian groups. The spike in cyber incidents underscored the urgent need for a more coordinated and robust cybersecurity strategy at the European level.

Even prior to the Russian invasion of Ukraine in February 2022, European officials had raised concerns about the lack of effective information sharing and coordination on cybersecurity incidents among member countries and EU institutions. The absence of operational mechanisms to address large-scale, cross-border cyber incidents was a key challenge highlighted in a 2020 security strategy.

In addition to the Cyber Solidarity Act, European agencies have also reached an agreement on expanding certification plans to include managed security services. This certification plan, developed by the European Union Agency for Cybersecurity, sets out measures for ensuring compliance with European cybersecurity directives such as the Directive for a High Level of Cybersecurity (NIS2) and the Cyber Resilience Act.

Josianne Cutajar, a European lawmaker involved in the certification talks, emphasized that including managed service providers in the certification process will help prevent market fragmentation and promote transparency in the certification process. The inclusion of managed security services is expected to further strengthen Europe’s cybersecurity posture and ensure the effective implementation of cybersecurity directives across the trading bloc.

In conclusion, the political agreement on the Cyber Solidarity Act represents a significant milestone in Europe’s efforts to enhance its cybersecurity capabilities and address the growing cyber threats facing the region. The proactive measures outlined in the proposal are vital in strengthening Europe’s resilience against cyberattacks and ensuring a coordinated response to cybersecurity challenges.

Source link