EU proposes new law for reporting cyber hacking
Firms will have to report cyber attacks if the proposals are approved
Around 42,000 firms in the European Union, including airports, banks and hospitals, would have to inform regulators whenever their computers are hacked, under a proposed EU law to be published this week.
The law could set a global precedent for safeguarding critical infrastructure against digital attacks that have hit companies and government departments in an era of increasing "cyber-crime" and "cyber-terrorism".
But some businesses worry they face extra costs.
Under the draft law, EU member states would have to draw up a monitoring system for companies that are critical to the economy.
Those firms would then have to report major online attacks to national authorities and reveal security breaches.
Almost 15,000 transport companies, 8,000 banks, 4,000 energy firms, and 15,000 hospitals will have to report cyber attacks if the proposals are approved by EU governments and the European Parliament.
Public administrations and operators of critical Internet services would also have to report.
Firms with fewer than 10 employees would not be covered by the legislation.
"As the online world becomes a part of everything we do, securing that world is essential to ensuring a society that remains secure, prosperous and free," EU telecoms chief Neelie Kroes said in a speech last week.
Inefficient measures on cyber security carry an economic cost in lost trade, an EU poll showed.
In 2012, 38 per cent of the EU's Internet users said they were concerned about making payments online.
The proposed law would require all 27 EU states to appoint a national authority responsible for network and information security and to set up a computer emergency response team to handle security incidents.
Some firms say the regulations are too vague and could mean extra costs.
They also worry that being forced to divulge attacks on their networks to a regulator could be bad for their reputations.
In deciding whether to make a cyber attack public, the national authority would have to weigh the public interest in knowing about the incident against possible reputation damage.
The proposed legislation leaves it up to national authorities to decide whether companies would face any penalty for failing to report a cyber-attack.
"It is not about the criminalisation of attacks," one EU official said.
"There has been a lot of talk about the reported £30bn cost of the Sochi Games, so we go behind the scenes to find out where all that money has been spent"
- Repeated Alternator Failure on Power Plant rated 16MVA/ 11,000V using 12x 415V generators [05:04 pm 10/03/14]
- How and when will DECC's electricity capacity market fail? [01:30 pm 10/03/14]
- Technology that has died since the year 2000 [12:14 pm 10/03/14]
- what about intematix led assembly ? [11:33 am 10/03/14]
- High Voltage Breakdown 315KeV [06:24 pm 09/03/14]
The essential source of engineering products and suppliers.
Tune into our latest podcast