Europe is improving its cyber security defenses

This post is also available in: עברית (Hebrew)

לעברית לחץ כאן


4648970_sThe European steps to counter cyber security attacks on vital installations and organizations will have an effect on Israel. The European Union will soon set out new common rules for cyber-security across the 27-nation bloc, with requirements to report disruptions extending to search engines, energy providers and banks.

Airports, stock exchanges and a host of other sectors are included in the proposal, which the European Commission, the bloc’s executive arm, has drafted after a decade of failed voluntary measures.

The proposals must be reviewed by the European parliament and the leaders of the EU’s 27 national governments before becoming law.

“Information systems can be affected by security incidents, such as human mistakes, natural events, technical failures or malicious attacks,” the draft proposal says. “These incidents are becoming bigger, more frequent, and more complex.”

With the EU’s 27 countries all offering differing standards of cyber-security, and with member states reluctant to share information with neighbors for fear they are less secure than themselves, the bloc is increasingly open to attack, according to the proposal.

“The current situation in the EU, reflecting the purely voluntary approach followed so far, does not provide sufficient protection against network and information security incidents and risks across the EU,” according to the document. “Existing capabilities and mechanisms are simply insufficient to keep pace with the fast-changing landscape of threats.”

Around 40,000 companies would be affected by the proposal, according to EU officials. This would include “internet enablers” such as Google Inc. (GOOG), Facebook Inc. (FB) and Twitter–as well banks, including U.S. banks active in the EU, energy companies and cloud computing providers.

Companies would have to notify authorities whenever their services have been disrupted or data privacy breached, including cases of human error, natural disasters or extreme weather, as well as cyber attacks.

Sanctions would be decided by the member states that have to transpose the directive into national law. The proposal makes an exception for “micro enterprises” in order to avoid an excessive administrative burden on small businesses.