On Tuesday 22 March the European Commission unveiled two legislative proposals to make all EU institutions and bodies more resilient to cyber threats and capable of ensuring a high level of information security.
A proposal for a regulation extends the mandate and resources of the Computer Emergency Response Team (CERT-EU). The mission of the ‘cyber security centre’ is to provide information on cyber threats, coordinate the response of EU institutions and bodies to incidents and provide services.
A new inter-institutional Cyber Security Council will be set up to steer and monitor the implementation of the future Regulation and guide the work of CERT-EU.
All EU institutions, bodies and agencies will need to have a cyber security governance, risk management and control framework in place, a plan to improve their cyber security and regular assessments of the maturity of this plan.
See the proposed regulation: https://aeur.eu/f/w0
A second proposal for a regulation will create minimum information security standards for the EU institutions and bodies to allow for a secure inter-institutional exchange of information.
Other areas of work include the development of a common approach to categorising information on the basis of confidentiality and the adaptation of information security policies to remote working.
See the proposal for a regulation: https://aeur.eu/f/vz (Original version in French by Mathieu Bion)