Cyber security: MEPs clarify their expectations
By Manon Malhère | Tuesday 12 June 2012
The future strategy on cyber security should help streamline national and European efforts and establish minimum resilience standards in member states. This recommendation is found in the resolution on the protection of critical information infrastructures, adopted by the European Parliament on 12 June at the Strasbourg plenary session
“The EU’s growth depends in large measure on the development of the new internet-based information and communication technologies.” Cyber security initiatives have been taken – including the action plan for the protection of critical information infrastructures (PCII), published in 2009 and revised in 2011 - but “national results differ widely and we have no action at European level,” explained the rapporteur, Ivailo Kalfin (S&D, Bulgaria), during the debate ahead of the vote.
The EP resolution therefore invites the European Commission to propose an internet security strategy before the end of this year. It should detail the principles, goals, methods, instruments and policies necessary to “streamline national and EU efforts”. The text also recommends the creation of minimum resilience standards among the member states.
Digital Agenda Commissioner Neelie Kroes, who was present for the debate, told MEPs that the Commission would propose an “exhaustive strategy” that will help “Europe clean up its house”. The text is set to be presented next autumn, according to a European source.
MEPs also urge the Commission to propose an EU framework for the notification of security breaches in critical sectors to ensure that member states concerned and users are notified of incidents and attacks. On this point, the resolution calls for extension of the scope of Directive 2008/114/EC on the identification and designation of European critical infrastructures to the sectors of the new information and communication technologies (ICT) and financial services. That text covers only the energy and transport sectors.
Other measures called for by the EP include the establishment by the 27 member states of national CERTs (computer emergency response teams) and cooperation between public and private players for the establishment of security and resilience standards for critical information infrastructures. The resolution stresses the importance of international cooperation in this area.
“National results differ widely and we have no action at European level”(1) ‘Critical information infrastructure protection – Achievements and next steps: Towards global cyber security’, available at
www.europolitics.info > Search = 316148