The European Commission has published a cybersecurity strategy, following the commission-proposed directive on network and information security (NIS).
The cybersecurity strategy named "An Open, Safe and Secure Cyberspace" represents the EU's vision on how best to prevent and respond to cyber disruptions and attacks. Specific actions are aimed at enhancing cyber resilience of information systems, reducing cybercrime and strengthening EU international cybersecurity policy and cyber defense.
The EU's vision of cyber-security includes five major milestones: achieving resilience, drastically reducing cybercrime, developing cyber defense policy and capabilities, developing the industrial and technological resources for cyber-security, and establishing a coherent international cyberspace policy for the European Union.
The EU international cyberspace policy promotes the respect of EU core values, defines norms for responsible behavior, advocates the application of existing international laws in cyberspace, while assisting countries outside the EU with building the cybersecurity capacity and promoting international cooperation in cyber issues.
According to the proposed EU directive, each member state must adopt a cybersecurity strategy and designate a national competent authority with adequate financial and human resources to prevent, handle and respond to cyber risks and incidents. Also, the member states and the European Commission are to share early warnings on risks and incidents through a secure infrastructure, cooperate and organise regular peer reviews. Also, the operators of critical infrastructures in some sectors, like financial services, transport, energy, health – as well as app stores, e-commerce platforms, Internet payment platforms, cloud computing solutions, search engines, social networks and other information services – and public administrations must adopt risk management practices and report major security incidents on their core services.
A number of national Cybercrime Centers of Excellence is also expected to appear in the EU to facilitate training and capacity building.
Earlier EU initiatives included establishing a European Cybercrime Centre, proposing legislation on attacks against information systems and the launch of a Global Alliance to fight child sexual abuse online.
