The EU Cyber Solidarity Act will improve the preparedness, detection and response to cybersecurity incidents across the EU.
The EU Cyber Solidarity Act aims to strengthen capacities in the EU to detect, prepare for and respond to significant and large-scale cybersecurity threats and attacks. The Act includes a European Cybersecurity Alert System, made of Security Operation Centres interconnected across the EU, and a comprehensive Cybersecurity Emergency Mechanism to improve the EU’s cyber resilience.
European Cybersecurity Shield
The European Cyber Solidarity Act includes a proposal for a European Cybersecurity Alert System to improve the detection, analysis and response to cyber threats.
This system will be composed of national and cross-border Security Operations Centres (SOCs) across the EU, who will use advanced technology such as Artificial Intelligence (AI) and data analytics to detect and share warnings on threats with authorities across borders.
During a first phase, launched in November 2022, three consortia of cross-border Security Operations Centres(SOCs) were selected, bringing together public bodies from 17 Member States and Iceland, under the Digital Europe Programme.
Cyber Emergency Mechanism
The Cyber Emergency Mechanism will ensure that preparedness and response to cybersecurity incidents are improved. It will do this by acting in 3 areas:
- Supporting preparedness actions: Testing entities in crucial sectors such as finance, energy and healthcare for potential weaknesses that could make them vulnerable to cyber threats. The selection of sectors to be tested will be based on common risk assessment at the EU level.
- Creating an EU Cybersecurity Reserve: The EU Cybersecurity Reserve will consist of incident response services from private service providers (‘trusted providers’), that can be deployed at the request of Member States or Union Institutions, bodies and agencies to help them address significant or large-scale cybersecurity incidents.
- Ensuring mutual assistance: The mechanism will support a Member State that offers mutual assistance to another Member State affected by a cybersecurity incident.
Cybersecurity Incident Review Mechanism
The Cyber Solidarity Act also establishes the Cybersecurity Incident Review Mechanism to assess and review specific cybersecurity incidents. At the request of the Commission or of national authorities (the EU-CyCLONe or the CSIRTs network), the EU Cybersecurity Agency (ENISA) will be responsible for the review of specific significant or large-scale cybersecurity incident and should deliver a report that includes lessons learned, and where appropriate, recommendations to improve Union’s cyber response.
Funding
The EU Cybersecurity Shield and the Cybersecurity Emergency Mechanism of this Regulation will be supported by funding under Strategic Objective ‘Cybersecurity’ of the Digital Europe Programme (DIGITAL).
The total budget includes an increase of €100 million that this Regulation proposes to re-allocate from other Strategic Objectives of DEP. This will bring the new total amount available for Cybersecurity actions under DIGITAL to €842.8 million.
Part of the additional €100 million will reinforce the budget managed by the ECCC to implement actions on SOCs and preparedness as part of their Work Programme(s). Moreover, the additional funding will serve to support the establishment of the EU Cybersecurity Reserve.
It complements the budget already foreseen for similar actions in the main DIGITAL and Cybersecurity DIGITAL work programme from the period 2023-2027 which could bring the total to €551 million for 2023-2027, while €115 million were dedicated already in the form of pilots for 2021-2022. Including Member States contributions, the overall budget could amount up to €1.109 billion.
Conținut asociat
Imaginea de ansamblu
The European Union works on various fronts to promote cyber resilience, safeguarding our communication and data and keeping online society and economy secure.
Citiți și
Noile norme ale UE în materie de securitate cibernetică asigură hardware și software mai sigure.
Operatorii de servicii esențiale (OES), autoritățile naționale de certificare a securității cibernetice (NCCA) și autoritățile naționale competente (ANC) pentru securitatea cibernetică se numără printre solicitanții selectați care vor primi finanțare în valoare de 11 milioane EUR...
Rețeaua europeană de securitate cibernetică și Centrul de competențe în materie de securitate cibernetică ajută UE să mențină și să dezvolte capacitățile tehnologice și industriale în materie de securitate cibernetică.
Grupul părților interesate pentru certificarea securității cibernetice a fost înființat pentru a oferi consiliere cu privire la aspecte strategice legate de certificarea securității cibernetice.
Legea privind securitatea cibernetică consolidează Agenția UE pentru securitate cibernetică (ENISA) și stabilește un cadru de certificare de securitate cibernetică pentru produse și servicii.
Cadrul UE de certificare a securității cibernetice pentru produsele TIC permite crearea unor sisteme UE de certificare adaptate și bazate pe riscuri.
Directiva NIS2 este legislația la nivelul UE privind securitatea cibernetică. Acesta prevede măsuri juridice pentru a stimula nivelul general de securitate cibernetică în UE.