EURACTIV PR

An easy way of publishing your relevant EU press releases.

Response to EU Cybersecurity Strategy and proposed Directive on Network and Information Security (NIS)

Date

07 Feb 2013

Sections

Innovation & Enterprise
InfoSociety

BRUSSELS, Thursday, 7 February 2013

DIGITALEUROPE believes in a co-ordinated approach to cybersecurity and welcomes various initiatives under the Cybersecurity Strategy published today. We believe that elements of the strategy will strengthen European citizens', companies' and public sector institutions' resilience to cyber incidents and criminal activity. We support the strengthening of public sector Computer Emergency Response Teams' capabilities, the introduction of a co-operation network, continuation and the scaling-up of cyber exercises, awareness raising activities, measures to tackle cybercrime and capacity building in third nations.

However, we see room for improvement in the Strategy. Member States are building communities and trust through local, regional, or sector specific private public partnerships, yet we see a general change in approach in the draft Network and Information Security Directive from working hand-in-hand with industry, to top-down, unidirectional reporting obligations and requirements. These could divert resources from effective security measures and would also undermine the benefits that companies gain from bi-directional exchange, which allows for the understanding of new threats and improves incident response. If the scope of the proposed incident reporting mechanism is too wide and burdensome, it could weaken trust at a time when we need to build on real-time information sharing and collective response. We are also concerned that the measures imposed on market operators could lead to interference with the design and manufacture of ICT products, which would stifle innovation and lead to a balkanisation of the network.

DIGITALEUROPE believes the proposed requirements should not be targeted at sectors which are not critical infrastructure, and question the inclusion of enablers of internet services on this basis. In this new economy, data security is most relevant for citizens, governments and companies alike, and respective data breach notification obligations are currently already under way in the draft privacy regulation.

By not addressing applicable law or adopting a fully harmonised approach, we feel that the proposal could lead to a patchwork of authorities that could strain the resources of market operators.

DIGITALEUROPE will continue to work with the EU institutions in order to achieve these improvements and to participate in initiatives that strengthen the partnership between public and private sectors.

---

Media and interview enquiries Jonathan Murray - DIGITALEUROPE, Director T. +32 2 609 53 10 E. jonathan.murray@digitaleurope.org