The EU is investing more in cyber resilience. With the new “solidarity law”, the Commission plans Union-wide security centers and emergency mechanisms.
The EU Commission has adopted a proposal for a cybersolidarity law. The goal is to strengthen the EU’s cybersecurity capabilities and improve the preparedness of critical facilities, according to a statement.
The budget for the measures to be implemented under the new law amounts to 1.1 billion euros. Around two thirds are to be funded by the EU through the Digital Europe program.
As the name suggests, the law aims to strengthen solidarity between countries. Among other things, it provides for the promotion of mutual administrative assistance, so that member states could assist each other in the event of an incident.
In addition, a European cyber protection shield is planned: The Commission wants to establish a Europe-wide infrastructure consisting of several Security Operations Centers (SOCs). These are designed to detect and warn of cross-border cyber threats and incidents.
The SOCs could be operational as early as early 2024, the EU Commission writes. For the launch, it has selected 3 consortia that already bring together public bodies from 17 Member States and Iceland. This initiative was announced in late 2022 as part of the European Cybersecurity Strategy by the Commission in collaboration with the European Cybersecurity Competence Centre (ECCC).
The ECCC will now work with the selected centers to organize the procurement of tools and infrastructure to further build and expand cyber attack detection capabilities.
On-call service for emergencies and analysis of attacks
Further, the Solidarity Act provides for a contingency mechanism to improve response capacity in the event of incidents in the EU. This will include supporting tests that identify potential vulnerabilities in critical facilities. Further, an EU cybersecurity reserve is envisaged, consisting of emergency services. This would involve contracting trusted providers who could then intervene quickly and provide support in the event of serious incidents.
The regulation also seeks to establish a review mechanism. Serious cybersecurity incidents will be evaluated in the future. In this way, it should be possible to learn from experience and, if necessary, make a recommendation.
Central training and further education offer
An EU cybersecurity skills academy is also intended to bundle private and public initiatives. In this way, the Commission aims to bundle security on the one hand, but also to counteract the shortage of specialists in the IT security sector on the other.
Initially, an online presence is planned where interested parties will be able to find training offers, courses and certifications from all over the EU in a single place. In the future, the academy will evolve into a shared space for higher education institutions, training providers and the industry to help them coordinate educational programs and funding opportunities.
Source: https:%C2%