The European Union wants to strengthen its cybersecurity legislative arsenal and create a "cyber shield". The latter involves setting up a network of security operations centres (SOCs) to detect cyber threats early enough to respond effectively.
The European Commission presented its new cybersecurity strategy on Wednesday 16 December 2020. This strategy follows the cyber attack on the European Medicines Agency and an acceleration of cyber threats, particularly since the Covid-19 pandemic.
Cyber threats are evolving rapidly, and their complexity and adaptability are increasing. To ensure the protection of our citizens and our infrastructure, we need to anticipate. Thierry Breton, Internal Market Commissioner.
Creation of a network of security operations centres
The objective of this roadmap is to strengthen the level of cybersecurity "of critical entities in the public and private sectors, such as hospitals, energy networks, railways, but also data centres, public administrations, research laboratories and production facilities for medical devices and critical medicines". This will involve tightening up the rules laid down in the so-called SRI cybersecurity directive from 2016 and establishing a new directive on the resilience of critical entities.
Brussels also proposes to set up a network of Security Operations Centres (SOC) at EU level based on artificial intelligence. The aim is to detect the signs of a cyber attack early enough and act accordingly to establish a real cyber shield.
Strengthening cyber cooperation between Member States
The Commission speaks of a proactive approach allowing action to be taken even before damage is caused. The resources allocated to this SOC network are not specified. It should be remembered that certain cyber initiatives have already been put in place in several EU countries, such as the creation of the C3 Cyber Security Competence Centre and the MISP cyber risk sharing and treatment platform in Luxembourg. It will therefore be necessary to strengthen cooperation between Member States and European bodies through the creation of a joint cyber security unit, to harmonise the European cyber fight.
In order to strengthen the cybersecurity of private companies or public bodies, the Commission also mentions "an unprecedented level of investment in the digital transition over the next seven years" through various programmes.
The aim is to reach up to €4.5 billion of cumulative investment from the EU, Member States and industry. A large part of this amount will be allocated to small and medium-sized enterprises (SMEs). Finally, Brussels wants to strengthen its "cyber diplomatic toolbox" and sanctions against hackers.