EU reaches milestone agreement on cybersecurity rules

Council of Europe and European Union agree first regulations on cybersecurity for 28-nation bloc

Organisations operating "essential systems" in the EU will soon have to abide by a new set of cybersecurity rules that were agreed yesterday by the European Union and Council of Europe.

The guidelines mandate that critical systems must be robust enough to withstand cyber attacks, and will apply to all organisations operating within the transport, utilities, banking and finance industries.

Cloud service providers and online marketplaces will also be affected, as well as search engines like Google.

German MEP Andreas Schwab described the agreement between the two supranational bodies as "a milestone" in ending the fragmented approach to cybersecurity in critical sectors currently in place across the 28-nation bloc.

"Parliament has pushed hard for a harmonised identification of critical operators in energy, transport, health or banking fields, which will have to fulfil security measures and notify significant cyber incidents," he said. "Member states will have to cooperate more on cybersecurity - which is even more important in light of the current security situation in Europe."

Schwab added: "This directive marks the beginning of platform regulation. Whilst the Commission's consultation on online platforms is still ongoing, the new rules already foresee concrete definitions - a request that Parliament had made since the beginning in order to give its consent to the inclusion of digital services," he said.

The rules, which are separate from the General Data Protection Regulation currently making its way through the European Parliament, have been welcomed by the security industry.

Piers Wilson, head of product management at Huntsman Security, said: "The EU cybersecurity rules present a real opportunity to move computer security and data protection laws on from the 1990s."

He added, though, that the rules "must ensure that a 'robust' infrastructure is one that can really protect against 21st century threats", meaning not just prevention but also rapid detection and resolution.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Ryuk behind a third of all ransomware attacks in 2020
Security

Ryuk behind a third of all ransomware attacks in 2020

29 Oct 2020
REvil hacking group says it has made more than $100m in a year
Security

REvil hacking group says it has made more than $100m in a year

29 Oct 2020
36 billion personal records exposed by hacks in 2020 so far
Security

36 billion personal records exposed by hacks in 2020 so far

29 Oct 2020
Trump website defaced in second successive cyber breach
Security

Trump website defaced in second successive cyber breach

28 Oct 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020