Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







New EU Cybersecurity Regulation Revamping Government Agencies

Executive Summary

On January 8th, the European Union (EU) introduced the new Cybersecurity Regulation to improve cybersecurity across its agencies.

This initiative addresses the increasing digital threats and mandates uniform cyber compliance requirements. Agencies have until September 2024 to adhere to these new standards, including risk control measures and regular cybersecurity assessments.

About the Regulation

The EU Cybersecurity Regulation is a comprehensive framework aiming to enhance cybersecurity across EU institutions. Its key aspects include:

  • Uniform Compliance Requirements: Establishes standard cyber hygiene practices for all EU entities.
  • Risk Management and Control Frameworks: Focuses on creating robust internal frameworks for cyber risk management.
  • CERT-EU’s Enhanced Role: Reinforces CERT-EU as a central hub for cybersecurity, intelligence sharing, and incident response.
  • Interinstitutional Cybersecurity Board (IICB): A new body to oversee the regulation’s implementation and supervise CERT-EU.
  • Emphasis on Regular Reviews and Transparency: Prioritizes continuous improvement and open-source software usage.
  • Flexibility and Adherence: Balances the diverse nature of EU entities with the need for strict compliance.

To access more detailed information, please refer to the official regulation page for comprehensive insights. You can access more Cubic Lighthouse news about cybersecurity regulations here.

Role of CERT-EU and the New IICB

CERT-EU’s role is enhanced as a central hub for cybersecurity assistance and information sharing.

It will operate under the supervision of the new Interinstitutional Cybersecurity Board (IICB), ensuring a high level of cybersecurity and privacy protection for personally identifiable information.

CERT-EU’s responsibilities include:

  • Incident Response and Coordination: Handling cybersecurity incidents and coordinating responses.
  • Information Exchange: Acting as a hub for sharing threat intelligence and incident-related information among EU agencies.
  • Advisory Body: Providing expert cybersecurity advice and guidance.
  • Privacy Protection: Ensuring safeguards for personally identifiable information processed during cyber risk management activities.

The IICB, scheduled to be operational by September 8, will be responsible for overseeing the implementation of the regulation.

The IICB’s responsibilities include:

  • Monitoring Implementation: Ensuring that EU entities are adhering to the cybersecurity regulation.
  • Supervision of CERT-EU: Overseeing the activities of CERT-EU and ensuring it fulfils its role effectively.
  • Policy Oversight: Guiding and supervising the implementation of cybersecurity policies and practices across EU agencies.

IICB and CERT-EU are expected to submit a report on policy implementation by January 2025.

Addressing Cyber Threats and Compliance Challenges

These measures are considered a response to increased cyberattacks, especially following events like Russia’s invasion of Ukraine in February 2022. A European oversight body highlighted that many agencies had not implemented effective cybersecurity practices. The new regulation aims to rectify this by enforcing good cybersecurity practices and allocating appropriate resources for cyber defence.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.

-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00