CYBER SECURITY : COMMISSION IMPOSES OBLIGATIONS ON PRIVATE AND PUBLIC SECTORS.

Operators of critical infrastructure and key internet companies will have to apply cyber security measures and report "significant" incidents to competent national authorities. The latter will have to be set up by EU member states. Unveiled on 7 February by the European Commission, the draft directive on the security of networks and information systems is designed to step up the fight against cyber attacks in the European Union. It is part of the global EU strategy on cyber security presented in parallel by Commissioners Neelie Kroes (Digital Agenda) and Cecilia Malmstrom (home affairs) and High Representative for Foreign Affairs Catherine Ashton (see separate article).

"The more we depend on the virtual world, the more we need it to be secure" and "there is no true freedom without security," stressed Commissioner Kroes. Cyber security aims to protect networks and information systems from cyber incidents. These have multiple origins, including natural disasters, human error, information system failures and attacks by criminals and terrorists.

The voluntary approach used in the last ten years to improve cyber security has not lived up to expectations, notes the Commission, which regards progress as being insufficient. Incidents that are occurring on these networks and information systems are becoming more and more significant, frequent and complex. This insecurity may compromise vital services that depend on their integrity, explains the EU institution. It also points out that "it can stop companies from working, lead to substantial financial losses for the EU economy and have a negative effect on the common good". In its draft directive, the EU executive therefore plans to impose obligations both on member states and the private sector.

The EU27 countries will each have to adopt a strategy to safeguard the security of networks and information systems and, above all, set up competent authorities in charge of cyber security. These bodies and the European Commission will cooperate within the future European cyber security network, a sort of platform that will allow them to exchange information on cyber incidents and prepare emergency plans. It will be possible to exchange confidential and sensitive information via this cooperation through a secure system.

Member states will have to have sufficiently resilient and secured information and communications infrastructure and adequate human, financial and technical resources to be authorised to...