The European Commission's plan for a secure and open internet depends on national security strategies and cooperation.
In its strategy , 'An Open, Safe and Secure Cyberspace', the EC aims to increase security resilience; drastically reduce cyber crime; develop defence policy and capabilities related to the Common Security and Defence Policy; develop the industrial and technological resources for cyber security; and establish a coherent international cyber space policy for the European Union.
Each member state must adopt a network information security strategy and designate a national competent authority with adequate financial and human resources to prevent, handle and respond to risks and incidents related to network information security.
It also states that a cooperation mechanism should be established to share early warnings on risks and incidents between member states and the commission, via a secure infrastructure.
Critical infrastructure operators (such as financial services, transport, energy and health) along with enablers of information society services (app stores, e-commerce platforms, internet payment, cloud computing, search engines and social networks) and public administrations must adopt risk management practices and report major security incidents on their core services.
EU home affairs commissioner Cecilia Malmström said: “All member states should set up effective national cyber crime units that can benefit from the expertise and the support of the European Cybercrime Centre ‘EC3'.”
Huawei global cyber security officer John Suffolk said: “The strategy comes at a crucial moment, providing the public and the private sector with the tools they need to move beyond debating the problem and take concrete steps to tackle security issues.”
Jason Hart, vice president of cloud solutions at SafeNet, said: “This move is a welcome change as past breaches have demonstrated that delays in reporting may have exacerbated the initial problem. However reporting the breach itself is only a small part of the equation, what is of real importance is preventing the damage that the exposure of unencrypted data can cause in the event of a security breach.