Wednesday

26th Jun 2019

Companies must report cyber attacks, EU says

  • "There is no true freedom without security," said EU digital agenda commissioner Neelie Kroes. (Photo: European Commission)

Large EU-based companies will have to disclose major cyber-attacks to designated national authorities, under new legislative rules proposed by the European Commission on Thursday (7 February).

“Under our proposal, sectors using telecoms networks in ways vital to our economy and society would have to manage risks and report significant incidents,” EU digital agenda commissioner Neelie Kroes told reporters in Brussels.

Read and decide

Join EUobserver today

Support quality EU news

Get instant access to all articles — and 18 year's of archives. 30 days free trial.

... or join as a group

Speaking alongside EU commissioner for home affairs Cecilia Malmstrom and EU foreign policy chief Catherine Ashton, Kroes said companies dealing with energy, transport, banking, healthcare and Internet fall under the directive.

The scope reaches just over 40,000 firms in the EU. Hardware manufacturers and software developers are exempt.

Member states will need to come up with plans to better manage risks. They will also need to create a so-called cooperation network to pool and share knowledge with other member states and the commission.

The directive also calls for Computer Emergency Response Teams (Certs) to handle incidents.

A chief authority will need to be appointed to prevent, handle and respond to risks and incidents. He or she would be the go-to-point for companies required to report serious breaches and can decide to make it public or keep it secret.

The ideas have already attracted critics.

For one, German Green euro-deputy Jan-Philip Albrecht told this website in an email that making IT firms report only major incidents means they would not have to reveal known other vulnerabilities and risks.

“This leads to action only after the damage has already been done ... it also falls back behind the ‘responsible disclosure’ practices about vulnerabilities that are already established in the IT security industry today,” he said.

But the commission hopes the directive will help reverse a growing reluctance, in its view, among people to make purchases off the Internet or use online services like banking.

Few companies publicly report cyber attacks in fear of damaging their reputation and losing clients. Each attack costs anywhere between several thousand to several million euros of damage.

Over 90 percent of large corporations had their systems hacked in 2012 though the figure drops to 76 percent for small businesses, says the commission.

In one case, Dutch certificate authority DigiNotar went bust in 2011 after failing to disclose that hackers had stolen valuable data. The cyber invaders took digital certificates and circulated them online for widespread fraudulent use.

Larger companies like Amazon are also victims.

Last year, one of the online giant’s retailers had its database breached with hackers accessing the personal details of some 24 million customers. More recently, on 31 January 2013, Amazon’s homepage was briefly taken offline.

The origins of the attacks are rarely made public, though former Google CEO Eric Schmidt points the finger squarely east at China in a book that comes out in April.

A preview from the Wall Street Journal published on 1 February quotes the book as saying China is “the most sophisticated and prolific” hacker of foreign-based companies.

Ashton, who presented a EU cyber security strategy alongside the commission’s draft proposals, refused to respond to a reporter’s question if China was indeed a major culprit.

“I’m not going to comment on what intelligence operations across the European Union are discovering about the origin of cyber attacks...suffice it to say, in my discussions across the world, cyber security is increasingly becoming part of the dialogue of our discussion,” she said.

US free to grab EU data on American clouds

An obscure section in a US law is said to entitle authorities to access, without a warrant, data stored by any EU citizen on clouds run by American companies.

Focus

EU to force firms to report major cyber attacks

Negotiators from the European Parliament and national governments have reached an agreement on new cyber-security rules. Amazon, Ebay and Google are expected to be affected.

News in Brief

  1. EU universities to share students, curricula
  2. Migrant rescue ship loses Human Rights Court appeal
  3. Denmark completes social democrat sweep of Nordics
  4. Johnson offers 'do or die' pledge on Brexit
  5. Weber indirectly attacks Macron in newspaper op-ed
  6. EU to sign free trade deal with Vietnam
  7. EU funding of air traffic control 'largely unnecessary'
  8. Share trading ban looms as Swiss row with EU escalates

Stalling on VAT reform costing billions, says Commission

German media outlet Correctiv, along with other newsrooms, have revealed how criminals annually cheat EU states out of billions in VAT fraud. The EU Commission says solutions exist - but member states refuse to budge on tax unanimity.

Stakeholders' Highlights

  1. International Partnership for Human RightsEU-Uzbekistan Human Rights Dialogue: EU to raise key fundamental rights issues
  2. Nordic Council of MinistersNo evidence that social media are harmful to young people
  3. Nordic Council of MinistersCanada to host the joint Nordic cultural initiative 2021
  4. Vote for the EU Sutainable Energy AwardsCast your vote for your favourite EUSEW Award finalist. You choose the winner of 2019 Citizen’s Award.
  5. Nordic Council of MinistersEducation gets refugees into work
  6. Counter BalanceSign the petition to help reform the EU’s Bank
  7. UNICEFChild rights organisations encourage candidates for EU elections to become Child Rights Champions
  8. UNESDAUNESDA Outlines 2019-2024 Aspirations: Sustainability, Responsibility, Competitiveness
  9. Counter BalanceRecord citizens’ input to EU bank’s consultation calls on EIB to abandon fossil fuels
  10. International Partnership for Human RightsAnnual EU-Turkmenistan Human Rights Dialogue takes place in Ashgabat
  11. Nordic Council of MinistersNew campaign: spot, capture and share Traces of North
  12. Nordic Council of MinistersLeading Nordic candidates go head-to-head in EU election debate

Latest News

  1. EU moves to end car-testing 'confidentiality clause'
  2. EU parliament gives extra time for leaders on top jobs
  3. Europe's rights watchdog lifts Russia sanctions
  4. EU-Vietnam trade deal a bad day for workers' rights
  5. EU 'special envoy' going to US plan for Palestine
  6. Polish judicial reforms broke EU law, court says
  7. EU study: no evidence of 'East vs West' food discrimination
  8. Russia tried to stir up Irish troubles, US think tank says

Stakeholders' Highlights

  1. Nordic Council of MinistersNew Secretary General: Nordic co-operation must benefit everybody
  2. Platform for Peace and JusticeMEP Kati Piri: “Our red line on Turkey has been crossed”
  3. UNICEF2018 deadliest year yet for children in Syria as war enters 9th year
  4. Nordic Council of MinistersNordic commitment to driving global gender equality
  5. International Partnership for Human RightsMeet your defender: Rasul Jafarov leading human rights defender from Azerbaijan
  6. UNICEFUNICEF Hosts MEPs in Jordan Ahead of Brussels Conference on the Future of Syria
  7. Nordic Council of MinistersNordic talks on parental leave at the UN
  8. International Partnership for Human RightsTrial of Chechen prisoner of conscience and human rights activist Oyub Titiev continues.
  9. Nordic Council of MinistersNordic food policy inspires India to be a sustainable superpower
  10. Nordic Council of MinistersMilestone for Nordic-Baltic e-ID
  11. Counter BalanceEU bank urged to free itself from fossil fuels and take climate leadership
  12. Intercultural Dialogue PlatformRoundtable: Muslim Heresy and the Politics of Human Rights, Dr. Matthew J. Nelson

Join EUobserver

Support quality EU news

Join us