EU plans more robust security to shore up cyber defences

Growing cyber crime has spurred proposals to strengthen the European Union’s specially dedicated security agency and set up a fund to help countries who suffer such attacks.

An increase in ransomware attacks such as this year’s WannaCry worm that locked up more than 200,000 computers around the world has convinced the European Commission to act.

The European Union’s executive proposed on Wednesday a common plan to coordinate the bloc’s response in case of a large-scale attack and a cyber security emergency response fund.

“Our initiatives strengthen cooperation and coordination so that Europe tackles them (cyber security challenges) together,” Andrus Ansip, Commission Vice-President for the digital single market said in a statement.

The revamped cyber security agency would work on annual pan-European exercises and contribute to the improvement of EU and national public authorities’ capabilities and expertise.

The Commission also proposed a Cybersecurity Research and Competence Centre to gather expertise and support new technologies, such as assessing encryption methods.

The proposal includes an EU certification framework to evaluate the cyber security level of products and services.

While the industry applauded the push for greater cyber security measures, it expressed caution on certification.

“We caution against the development of a regional EU scheme as this would do little to raise Europe’s cyber resilience,” said Thomas Boue, Director General for Policy in EMEA at BSA, the software companies’ trade association that represents the likes of Adobe, Apple and Microsoft.

END TO DATA LOCALISATION

Separately, the Commission proposed a regulation prohibiting unjustified data localisation measures in the EU as it seeks to ensure the bloc can benefit from new data-driven technologies.

Under the proposed law national governments will not be able to require that companies store data within their borders except for justified public security reasons.

However authorities will be able to access data stored in another member state, for example tax data.

The Commission also wants to make it easier for firms to switch providers of cloud computing by avoiding vendor lock-in practices. It will work with industry to have more transparency on portability conditions in cloud providers’ contracts.

Some in the industry welcomed the free flow of data proposal, calling it a step in the right direction.

“The European Commission has chosen to promote innovation and growth across Europe,” Liam Benham, Vice President, Government and Regulatory Affairs, Europe at IBM, said.

Both the cyber security and data proposals will need to be approved by the European Parliament and member states before becoming law.