show image

Cybersecurity Act: European Commission plans to beef up its infosec agency

The European Commission (EC) wants to beef up the EU’s cyber security agency, ENISA, by granting it new powers in a “Cybersecurity Act”.

The legislation would help ENISA counter threats by becoming a “centre of expertise on cyber security certification”, according to EC president Jean Claude-Juncker.

Under the proposals, the agency would play a key role in managing crises, operating a cybersecurity certification scheme and standardising ICT products and services.

ENISA’s executive director Dr Udo Helmbrecht said the plan would improve the Digital Single Market and strengthen the European IT industry.

“[It] forms a good basis for the upcoming discussions with the Council and Parliament on the future of the Regulation for ENISA and the building of a stronger cybersecurity framework for Europe,” he said.

One of the ambitions of the overhaul is to help organisations across the continent implement the NIS Directive.

Coming into force in May 2018, the directive grants relevant authorities the power to fine critical infrastructure providers up to £17m if a cyber attack takes out the service they provide.

It applies to a range of industries, including energy, transport and digital. In the latter case, it covers search engines, cloud providers and online marketplaces.