The EPP has warned the West: always be ready for a cyber attack.
“In today’s world, it is not about whether a company or institution will be hacked, the question is whether you are prepared and resilient when it happens. Today’s vote is a clear signal that we stand for the strong cybersecurity protection of European citizens, businesses and institutions”, declared Eva Maydell MEP, the EPP Group’s negotiator of the Directive dealing with measures for a high common level of cybersecurity across the Union.
Members of the Industry, Research and Energy Committee today approved new rules to enhance the European Union’s cyber capacity and resilience in order to respond to the growing threats brought about by digitalisation.
Throughout the negotiations, Maydell had to take into account the increasing number and sophistication of cyberattacks around the world. EU data strikingly shows that 2/5 of EU users have experienced security-related problems. 1/8 of businesses have been affected by cyberattacks. The annual cost of cybercrime to the global economy was estimated at €5.5 trillion by the end of 2020. This is double that of 2015.
“There is not a single day that passes without a cyberattack somewhere – Solar Winds, Colonial Pipeline, the Irish Health Service Executive, to this very week, as Microsoft announced that Russian-backed hackers have been targeting cloud service companies since summer. The updated Cybersecurity Directive is a tool to enhance cyber capacity and to provide for the safe digital transition of Europe. Our economy and public life will not go backwards on the digitalisation process”, stated Maydell.
The Directive puts emphasis on the maturity levels of smaller companies, which often have a false sense of security, thinking that they are not an ‘interesting target’ for hackers.
MEPs also strengthened the requirements for the Computer Security Incidents Response Teams (CSIRTs), so these teams are able to monitor networks in real or near real time and detect anomalies. Members insisted that CSIRTs have the ability to investigate cyber incidents, including the ability to reverse engineer cyberattacks.
A CSIRT is a group of IT professionals that handle computer security emergencies. The Directive requires EU governments to designate one or more CSIRTs to be responsible for incident-handling in accordance with a well-defined process.
“No EU country can meet this challenge alone. This Directive is a good step in the process of building EU cybersecurity integration”, said Maydell.
On the global level, the EU needs to work more closely with organisations such as NATO and the OECD and to build strong instruments for international cyber diplomacy within the UN.
“We need cyber norms for cyber peace”, Maydell concluded.