The weekend’s events have highlighted the need for greater efforts in cybersecurity, but also that the EU is on the right path. No legislation can ever remove the risk of cyber-attacks, but the right policy framework does make it easier to respond to them more effectively. The EU’s Network and Information Security Directive (“NIS-D”) and General Data Protection Regulation (“GDPR”) will provide a framework for critical infrastructure providers to notify governments of cyber incidents, require authorities to share information across national borders, while also allowing organisations to process and exchange personal data such as IP addresses and other network identifiers for legitimate network and information security purposes. These are welcomed and needed steps when it comes to tackling complex cyber-threats.
However, to prevent and effectively respond to future WannaCry-like cyber-attacks, legitimate cybersecurity research should be exempted from cybercrime law, cybersecurity researchers and cyber incident response specialists should be able to share intrusion software and related vulnerability and exploit information across organisations and across borders without being hindered by new EU rules on export controls and restrictions on dual-use items. It is equally important for future ePrivacy measures to ensure that security researchers, as well as all those who need to defend their networks and their data against compromise enjoy the necessary access to internet communications data.
“What the EU does next on cybersecurity will be equally as important as what it has done over recent years. As we move forward with updating the EU’s Cybersecurity Strategy, we must make sure that the new ePrivacy and dual use Regulations are fit for purpose,” stated Cecilia Bonefeld-Dahl, Director General of DIGTALEUROPE. “The cyber threat is real. We must not lose sight of its role in on-going legislative debates and find ourselves in a restrictive future policy environment,” added Ms Bonefeld-Dahl.
For more information please contact: