Cyber Solidarity Act Seeks to Improve EU Responses to Cyber Incidents
The European Commission is proposing to spend more than 1 billion euros on cybersecurity operations centers amid long-standing worries that cyberthreats against the members of the continental alliance go undetected, concerns made more urgent by Russia’s invasion of Ukraine.
The commission late last month introduced a proposal for a European “Cyber Shield” underpinned by a network of national SOCs and cross-border SOCs that are a consortium of at least three national centers.
The bill, the Cyber Solidarity Act, would also create a Cybersecurity Emergency Mechanism allowing governments to tap into private sector incident responses during emergencies.
Even before Russia’s February 2022 attempt to conquer Ukraine, European officials lamented poor information sharing between national capitals on cybersecurity incidents, noting in a 2020 cybersecurity strategy that “no operational mechanism” exists to coordinate among member countries and European Union institutions in the event of “a large-scale, cross-border cyber incidents or crisis.”
That omission has since grown more glaring for European Commission officials monitoring reports of suspicious critical infrastructure security incidents occurring since the Russian invasion.
The commission initiated a first phase of setting up cross-border security operations centers in November by soliciting interest in deploying and managing a platform for cross-border SOCs.
“Today, an average of 190 days elapse between the beginning of the spread of malware and the moment it is detected,” EU Internal Market Commissioner Thierry Breton
The Cyber Solidarity Act also seeks to address the cybersecurity skill shortage by setting up a training academy. The bill is the latest in a string of efforts aimed at boosting European cybersecurity, including the proposed Cyber Resilience Act and an expanded cybersecurity directive known as NIS2 that went into effect in January.
The Cyber Solidarity Act is more “action-oriented” and focuses on “cybercrime prevention,” said Simran Mann, security policy adviser at German industrial body Bitkom. The war in Ukraine has “boosted” the EU’s efforts to tackle threatening cybersecurity events, she told Information Security Media Group.