The European Commission (EC) has proposed new regulations to establish common cyber and information security measures to bolster resilience and response capacity against a wider range of cyber threats.
Under the new proposal cybersecurity regulation published on March 22 2022, all European Union (EU) institutions, bodies, offices and agencies are required to have working cybersecurity frameworks in place for government, risk management and control.
On top of this, they will also be required to conduct regular maturity assessments and implement any improvement plans. They will also have to share any incident-related information with the Computer Emergency Response Team without any delay.
Upon this regulation moving ahead, a new inter-institutional Cybersecurity board will be established to help push and monitor all aspects of the implementation of the regulation, further ensuring the steer of CERT-EU which will extend its mandate to fill a triple role of incident response coordination, central advisory body and service provider.
On the same day, a separate information security regulation proposal was published with the EC seeking to create a minimum set of security rules to enhance and standardise how EU public organizations will better protect themselves against threats to their information.
Over connected environments, just one singular threat can lead to damage to the entire organization, which is making it critical for a strong shield to be built against all cyber threats and incidents for organizations. The proposed regulations are viewed as a milestone in the EU cybersecurity and information security fields.
The regulations are based on reinforced cooperation and mutual support among EU institutions and other parties in regards to coordinated preparedness and response, making a real collective endeavour for all.
New World Challenges
The EC has also mentioned the need for change in the context of the Covid-19 pandemic and the growing geopolitical challenges currently faced, with the rules strengthening inter-institutional cooperation, minimising the risk exposure and bolstering the EU security culture.
Cybersecurity threats are now viewed as one of the top risks facing the world, including ransomware attacks and nation-state-backed attacks to proliferate whilst organizations become more reliant on technology.
In the UK, the government is seeking to make updates to the 2018 Network and Information Systems (NIS) regulations also, as they were initially designed to protect the security of providers of critical national infrastructure such as utilities, transport, healthcare and communications. The updates will expand to include managed service providers and specialised online and digital services such as managed security services, workplace services and general IT outsourcing.