January 14, 2016
Firms supplying essential services will have to take action to improve their ability to withstand cyber attacks under new rules approved by members of European Parliament on the Internal Market Committee.
The services covered would include energy, transport, banking and health, as well as digital ones, such as search engines and cloud computing.
Information systems, essential networks and services, such as online banking, electricity grids or airport control, can be affected by security incidents caused by human mistakes, technical failures or malicious attacks. These incidents result in annual losses of €260 billion to €340 billion, European Network and Information Security Agency (ENISA) estimates. The EU currently has no common approach on cyber-security and reporting.
The proposed rules, informally agreed by MEPs and Council negotiators Dec. 7, were approved by 34 votes to two. They now need to be endorsed by the Council and the full European Parliament.
The new directive for a high common level of security of network and information systems (NIS) across the EU aims to end the current fragmentation of 28 national cyber security systems, by listing sectors in which critical service companies will have to ensure that they are robust enough to resist cyber-attacks.