These days, barely a week passes without a major cyber-attack making the headlines.
The Washington based NGO Center for Strategic and International Studies (CSIS), lists ten “significant cyber incidents” last month alone in their ongoing list.
Among them was an attack disabling the polling systems in Hungary’s opposition primary elections, two hours after the vote opened, and the Norwegian government reporting that “bad actors sponsored by and operating from China” performed a series of attacks against private and state IT infrastructure, trying to obtain classified information about the country’s defence and security intelligence.
The EU, through a statement by the High Representative, formally blamed Russia on 24 September for its involvement in the 'Ghostwriter’ cyber campaign, which targeted the elections and political systems of several EU Member States.
A week later, the rapporteur of Parliament’s legislative contribution to the reform of the Network and Information Security (NIS) Directive, and three of his shadow colleagues wrote for the Parliament Magazine underlining the crucial importance of an update to the EU’s cyber security framework, of which the NIS 2 Directive is a central part.
The Directive aims to improve Member States’ preparedness for cyber-attacks, mainly through newly established national Computer Security Incident Response Teams (CSIRTs) and better collaboration between them by means of a Cooperation Group.
Now, Renew Group MEP Bart Groothuis’ report on delivering a high common level of cybersecurity has been adopted by the Committee on Industry, Research and Energy (ITRE).
“With this new legislation we make the EU a safe place to work and do business. We can't stop all cybercrime from occurring, but we can protect ourselves better than before and better than others” Raporteur Bart Groothuis MEP
In a statement, the Dutch deputy said that “with this new legislation we make the EU a safe place to work and do business. We can't stop all cybercrime from occurring, but we can protect ourselves better than before and better than others.”
And he explained why we need to make sure of that more than ever: “Cybercrime doubled in 2019, ransomware tripled in 2020 and yet our companies and institutions are spending 41 percent less on cyber security than in the US.”
Meanwhile EPP Group shadow Eva Maydell tweeted on Thursday: “Our digital ambition cannot come to life if our networks are not secured”.
In terms of what the ITRE Committee’s report is adding to the European Commission’s proposals, the Bulgarian MEP listed “increasing CSIRTs' capacity to handle #cyber incidents; more flexibility for entities to work out & tackle #CyberAttack; #CyberHygiene as key skill for all staffers”.
She also warned that there was, among many companies and organisations, a “false sense of security, because an entity is not an 'interesting' target”. This, though, had to end, Maydell demanded, because “everyone is vulnerable. It is not about whether a company or institution will be hacked, the question is whether you are prepared and resilient when it happens.”
“[There is a] false sense of security... everyone is vulnerable. It is not about whether a company or institution will be hacked, the question is whether you are prepared and resilient when it happens” Shadow Rapporteur Eva Maydell MEP
The S&D Group’s shadow rapporteur Eva Kaili told the Parliament Magazine on Friday that the NIS2 Directive would make the EU, “stronger, secure and resilient”, adding “Europe now has better tools to raise the levels of cybersecurity, and protect citizens, businesses and governments in the digital era”.
The Greek MEP also believes that now, “our cybersecurity standards in Europe [have] become fit for the future, and [will] make Europe a global digital leader”.
Her German colleague Angelika Niebler, a long term ITRE Committee member and former chair, said in a press release on Thursday that the report is asking for more funds for the new bodies created by the NIS, and for the EU cybersecurity agency ENISA.
Investment in the infrastructure is needed argued the EPP MEP, because “if important supply chains, power supply or public administration are brought to a standstill by an attack, then it is too late”.
Meanwhile a major corporate stakeholder told this website that they believed the European Parliament had been positively committed to finding practical and implementable solutions, but that more work was needed before an ideal solution on the act was found.