EU proposes new law for reporting cyber hacking
Firms will have to report cyber attacks if the proposals are approved
Around 42,000 firms in the European Union, including airports, banks and hospitals, would have to inform regulators whenever their computers are hacked, under a proposed EU law to be published this week.
The law could set a global precedent for safeguarding critical infrastructure against digital attacks that have hit companies and government departments in an era of increasing "cyber-crime" and "cyber-terrorism".
But some businesses worry they face extra costs.
Under the draft law, EU member states would have to draw up a monitoring system for companies that are critical to the economy.
Those firms would then have to report major online attacks to national authorities and reveal security breaches.
Almost 15,000 transport companies, 8,000 banks, 4,000 energy firms, and 15,000 hospitals will have to report cyber attacks if the proposals are approved by EU governments and the European Parliament.
Public administrations and operators of critical Internet services would also have to report.
Firms with fewer than 10 employees would not be covered by the legislation.
"As the online world becomes a part of everything we do, securing that world is essential to ensuring a society that remains secure, prosperous and free," EU telecoms chief Neelie Kroes said in a speech last week.
Inefficient measures on cyber security carry an economic cost in lost trade, an EU poll showed.
In 2012, 38 per cent of the EU's Internet users said they were concerned about making payments online.
The proposed law would require all 27 EU states to appoint a national authority responsible for network and information security and to set up a computer emergency response team to handle security incidents.
Some firms say the regulations are too vague and could mean extra costs.
They also worry that being forced to divulge attacks on their networks to a regulator could be bad for their reputations.
In deciding whether to make a cyber attack public, the national authority would have to weigh the public interest in knowing about the incident against possible reputation damage.
The proposed legislation leaves it up to national authorities to decide whether companies would face any penalty for failing to report a cyber-attack.
"It is not about the criminalisation of attacks," one EU official said.
"Summer is on the way, so we turn our attention to a few leisurely pursuits - and some not-so leisurely ones..."
- Greenpeace frowns at Centrica's getting a shale-gas venture stake
- World’s most advanced comms satellite shipped to launch site
- HMS Queen Elizabeth nears completion
- Scientist to benefit from exascale supercomputer deal
- Dinosaurs’ app uses augmented reality
- Titanic II - replica plans going full steam ahead
- Transformers Vector Group [04:55 pm 19/06/13]
- E&T magazine - Debate - HS2, the need for speed [01:33 pm 18/06/13]
- Creating an Iphone App [05:50 pm 17/06/13]
- CO2 is good [07:29 pm 16/06/13]
- DECC-EDF makes yet another attempt to fund 3rd Generation Nuclear at any cost [05:02 pm 15/06/13]
Tune into our latest podcast