Home>Blog>The Hacker News Headlines>Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity
The Hacker News Headlines

Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity

Hardening Cybersecurity

The European Parliament announced a “provisional agreement”
aimed at improving cybersecurity and resilience of both public and
private sector entities in the European Union.

The revised directive, called “NIS2” (short for network
and information systems), is expected to replace the existing legislation[1]
on cybersecurity that was established in July 2016.

The revamp sets ground rules, requiring companies in energy,
transport, financial markets, health, and digital infrastructure
sectors to adhere to risk management measures and reporting
obligations.

Among the provisions in the new legislation are flagging
cybersecurity incidents to authorities within 24 hours, patching
software vulnerabilities, and readying risk management measures to
secure networks, failing which can incur monetary penalties.

“The directive will formally establish the European Cyber Crises
Liaison Organization Network, EU-CyCLONe, which will support the
coordinated management of large-scale cybersecurity incidents,” the
Council of the European Union said[2]
in a statement last week.

The development closely follows the European Commission’s
plans[3]
to “detect, report, block, and remove” child sexual abuse images
and videos from online service providers, including messaging apps,
prompting concerns that it may undermine end-to-end encryption
(E2EE) protections.

The draft version of NIS2 explicitly spells out that the use of
E2EE “should be reconciled with the Member States’ powers to ensure
the protection of their essential security interests and public
security, and to permit the investigation, detection and
prosecution of criminal offenses in compliance with Union law.”

It also stressed that “Solutions for lawful access to
information in end-to-end encrypted communications should maintain
the effectiveness of encryption in protecting privacy and security
of communications, while providing an effective response to
crime.”

CyberSecurity

That said, the directive will not apply to organizations in
verticals such as defense, national security, public security, law
enforcement, judiciary, parliaments, and central banks.

As part of the proposed agreement, the European Union member
states are mandated to incorporate the provisions into their
national law within a period of 21 months from when the directive
goes into force.

“The number, magnitude, sophistication, frequency and impact of
cybersecurity incidents are increasing, and present a major threat
to the functioning of network and information systems,” the Council
noted in the draft.

“Cybersecurity preparedness and effectiveness are therefore now
more essential than ever to the proper functioning of the internal
market.”

References

  1. ^
    existing
    legislation     (digital-strategy.ec.europa.eu)
  2. ^
    said
    (www.consilium.europa.eu)
  3. ^
    plans
    (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.