A more secure online environment - by Gianluca Cimini
Last July 2016, the European Parliament adopted the Directive on Security of Network and Information Systems – the so-called "NIS Directive" . The Directive entered into force in August and EU Member States will have 21 months to transpose the Directive into their national laws and 6 months more to identify operators of essential services. The adoption of the NIS Directive was commented as a milestone step towards a more efficient and integrated approach to cybersecurity, one of most critical challenges of our economy and society.
Over the last decades digital technologies have become the backbone of our everyday life and crucial resources all economic sectors rely on. If one targets a country's computer information systems, infrastructures, computer networks, and/or citizens' personal computer devices, he/she undermines – or even disrupts – its proper functioning, affecting a wide range of service that we take for granted, e.g. digital, economic, energy, infrastructural, electrical, water-related. Hence, the importance not only to counter but firstly to prevent cyberattacks, however labelled (cyber campaign, cyber warfare, cyberterrorism).
Since the adoption of the EU Cybersecurity Strategy in 2013 , the European Commission has been working towards a more secure online environment, including cybersecurity at the heart of its political priorities (see Digital Single Market Strategy, May 2015 and European Agenda on Security, April 2015). Many efforts have been stepped up to better protect Europeans online and they led to the adoption ofthe Directive on Security of Network and Information Systems (NIS Directive), which was presented by the European Commission in 2013, negotiated with the European Parliament, along with the Council of the European Union and finally adopted by the European Parliament on 6 July 2016 to provide the EU with a common level of cybersecurity.
In a nutshell, the NIS Directive is composed of three main pillars: 1. It increases Member States preparedness and resilience, urging them to equip properly, e.g. through a Computer Security Incident Response Team (CSIRT) and a national NIS authority;2. It sets up a "Cooperation Group" and "CSIRT Network", with the purpose of facilitating cooperative exchange of information and promoting effective operational cooperation on specific cybersecurity incidents respectively; 3.it ensures and call for the implementation of a cross-sector - energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure- culture of security.
In this scenario,both Governments and the private sector are the main actors contributing to a strengthened cybersecurity.However, it is clear that businesses which play a crucial role both for society and economy are identified as the key operators of essential services under the NIS Directive, standing on the front line as for the implementation of appropriate security measures and the notification of serious incidents to the relevant national authority.