[TheRecord] EU lawmakers reach agreement on stronger cyber rules for critical sectors

The European Parliament and EU member states on Friday announced an agreement on setting a higher baseline for cybersecurity standards in key sectors, including energy, transportation, and healthcare.

Once adopted, the revised directive — called NIS2 — would replace the first EU-wide law on cybersecurity that was set in 2016. NIS2 was introduced by the EU’s executive branch in December 2020, and expands the scope of cybersecurity regulations to medium and large entities in digital services, waste water and waste management, critical manufacturing, postal and courier services, public electronic communications services, and other critical sectors at the central and regional level.

Additionally, the new directive has stricter enforcement requirements, new information sharing provisions, and would establish the European Cyber Crises Liaison Organisation Network (EU-CYCLONE) to help coordinate responses to large-scale cybersecurity incidents.

Companies subject to the rules are required to assess their cyber risk, notify authorities and take steps to reduce those risks, and face fines for non-compliance of €10 million or 2 percent of global annual turnover, whichever is greater.

The European Commission applauded the agreement, which is still subject to final approval by the European Parliament and European Council.

“It was imperative to adapt our security framework to the new realities and to make sure our citizens and infrastructures are protected. In today’s cybersecurity landscape, cooperation and rapid information sharing are of paramount importance,” said European Commissioner for Internal Market Thierry Breton in a statement. “With the agreement of NIS2, we modernise rules to secure more critical services for society and economy.”

The post EU lawmakers reach agreement on stronger cyber rules for critical sectors appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ThreatPost] What Ragnar Locker Got Wrong About Ransomware Negotiators – Podcast

All posts, ThreatPost

There are a lot of “tells” that the ransomware group doesn’t understand how negotiators work, despite threatening to dox data if victims call for help. Source: Read More (Threatpost)

Read More

[NCSC-FI News] Näin Venäjän hyökkäys Kiovaan katkesi: Myyräntyö Valko-Venäjällä pysäytti panssarit

Venäjän Hyökkäys Kiovaan maaliskuussa epäonnistui huollon sakattua. Siihen vaikutti laajamittainen rautatiesabotaasi Valko-Venäjällä. Itseään Kyberpartisaaneiksi kutsuvan hakkeriyhteenliittymän hakkerointi lamautti liikenteenohjausjärjestelmän. Tietomurrot oli helppo toteuttaa, koska Valko-Venäjä käyttää yhä vanhentunutta ja haavoittuvaa Windows XP -käyttöjärjestelmää. Source: Read More (NCSC-FI daily news followup)

Read More

[ThreatPost] Cyberpunk 2077 Hacked Data Circulating Online

All posts, ThreatPost

CD Projekt Red confirmed that employee and game-related data appears to be floating around the cyber-underground, four months after a hack on the Witcher and Cyberpunk 2077 developer. Source: Read More (Threatpost)

Read More