Governance & Risk Management , Government , Industry Specific

Europe Vows to Unify the Fight Against Cyberthreats

Trading Bloc Reaches Political Agreement on the Cyber Solidarity Act
Europe Vows to Unify the Fight Against Cyberthreats
European Union lawmakers and government representatives reached an agreement Tuesday on the Cyber Solidarity Act. (Image: Shutterstock)

The European Parliament and the council of direct European national governments are poised to approve a proposal that seeks to improve the trading bloc's ability to mitigate cyberthreats.

See Also: OnDemand | How To Meet Your Zero Trust Goals Through Advanced Endpoint Strategies

The European Commission first proposed the Cyber Solidarity Act last year in the wake of increased cyberattacks against European critical infrastructure tied to the Russian invasion of Ukraine in 2022 (see: European Commission Proposes Network of Cross-Border SOCs).

Negotiators announced Wednesday they reached a provisional agreement on the bill text, which must undergo one more round of voting in Parliament and approval by the council - steps that in European lawmaking are typically formalities.*

The initiative proposes several measures intended to strengthen European response to cyber risk. They include creating a European "cybersecurity shield" consisting of cross-border security operations centers and establishing a cyber emergency mechanism capable of running vulnerability checks on European critical infrastructure.

"These rules will strengthen the EU's and member states' capabilities to prepare, prevent, respond, and recover from large-scale cyberthreats or incidents," said Mathieu Michel, Belgian secretary of state for digitization.

The bill was proposed after Russian nation-state attacks against European critical infrastructure spiked following the invasion of Ukraine in 2022. A recent threat report from the European Union Computer Emergency Response Team or CERT-EU says the trading bloc recorded 241 nation-backed attacks against 104 software products in 2023. A majority of those attacks stemmed from Russian groups.

Even before Russia's February 2022 invasion of Ukraine, European officials criticized poor information sharing between national capitals on cybersecurity incidents. They said in a 2020 security strategy that there is "no operational mechanism" to coordinate response among member countries and European Union institutions in the event of "a large-scale, cross-border cyber incidents or crisis."

European agencies on also reached an agreement on expanded certification plans to include managed security services. The certification plan, developed by the European Union Agency for Cybersecurity, lays out measures for hardware and software products to ensure compliance under European plans such as the Directive for a High Level of Cybersecurity, known as NIS2, and the Cyber Resilience Act.

European lawmaker Josianne Cutajar, who headed the certification talks on Tuesday, said the inclusion of managed service providers will help "avoid market fragmentation" and ensure "transparency in the process of the certification."

*Correction April 24, 2024 16:43 UTC: Clarified that the compromise text on the Cyber Resilience Act agreed to by negotiators from the European Parliament and European Council must still undergo approval from the Parliament, as well as the European Council.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.