New EU cybersecurity laws

Energy, transport and water firms will be among those needing to tighten up their cybersecurity.

Posted on 11 December 2015 -
Tibus BY Tibus

MEPs have agreed proposed new cybersecurity laws that could come into effect from 2017.

The laws will set minimum levels of security for large businesses with high levels of public responsibility. That means banks, energy, transport and water firms, plus online marketplaces, such as eBay and Amazon, and search engines such as Google, will all have to meet new standards in order to stay on the right side of the law.

We've previously written about our experience of hosting websites for energy companies. In that blog post we touched upon the need for energy companies to recognise that they are a high risk target for hackers and cybercriminal - largely due to their prominent position and the large numbers of customers they serve. We also discussed how energy firms effectively perform a public service and, therefore, needed infrastructure to reflect that.

Well, MEPs are inclined to agree with those points and have moved to set out in law new measures to ensure organisations operating in the sectors mentioned above take seriously their responsibilities. The key rules agreed include:

Firms must report suspected security breaches to authorities

The sharing of information in regard to cyber-attacks and attempted cyber-attacks is seen as an important way of minimising damage.

Greater cooperation between member states

Rather than each country dealing with their own breaches, they will be expected to exchange information on breaches, advise on best practice and assist other member states in cyber-security matters.

German MEP Andreas Schwab said: "Today, a milestone has been achieved: we have agreed on first ever EU-wide cyber-security rules, which the Parliament has advocated for years.

"Parliament has pushed hard for a harmonised identification of critical operators in energy, transport, health or banking fields, which will have to fulfil security measures and notify significant cyber incidents. Member states will have to cooperate more on cybersecurity – which is even more important in light of the current security situation in Europe."

The proposed laws still need still final approval from the European Parliament and individual governments, but the direction of travel looks very clear.

Read more on web hosting in the energy sector.