Cybersecurity – Image by VIN JD on Pixabay
(BRUSSELS) – The EU’s new cybersecurity regulation which lays down measures for a high level of common cybersecurity at the Union’s institutions, bodies, offices and agencies came into force on 7 January.
The Regulation lays down a number of measures for the establishment of an internal cybersecurity risk management, governance and control framework for each Union entity, and it sets up a new Interinstitutional Cybersecurity Board (IICB) to monitor and support its implementation by Union entities.
“As the cyber threats are becoming more pervasive and the cyber attackers more sophisticated, achieving a high common level of cybersecurity across Union entities is paramount to ensure an open, efficient, secure and resilient EU public administration,” said the EU’s Commissioner for Budget and Administration Johannes Hahn.
The Regulation provides an extended mandate of the Computer Emergency Response Team for the EU institutions, bodies, offices and agencies (CERT-EU), as a threat intelligence, information exchange and incident response coordination hub, a central advisory body, and a service provider.
CERT-EU is now renamed to Cybersecurity Service for the Union institutions, bodies, offices and agencies, but it retains the short name “CERT-EU”.
The EU will follow a timeline in the Regulation under which EU entities have to establish internal cybersecurity governance processes and will progressively put in place specific cybersecurity risk management measures foreseen by the Regulation.
The IICB will be set up and will become operational as soon as possible, says the Commission, with the objective of ensuring the strategic steering to CERT-EU under its extended mandate, provide guidance and support to the Union entities and monitor the implementation of the Regulation.
