The European Union has announced a new cybersecurity directive, that will place legal bindings on companies in key internet positions to report any breaches of their security, such as hacking attacks. This would bring companies like Facebook, Twitter, Youtube and other large scale services in-line and force them to keep users and the public informed.
This directive extends to countries too however, stating that all “member states, key internet enablers and critical infrastructure operators,” would be liable and “must adopt a NIS (network and information security) strategy and designate a national NIS competent authority with adequate financial and human resources to prevent, handle and respond to NIS risks and incidents.”
Those effected by the directive are also instructed to create a mechanism to cooperate and deal with unified threats to infrastructure.
Neelie Kroes, European Commission Vice-President for the Digital Agenda said:
“The more people rely on the internet the more people rely on it to be secure. A secure internet protects our freedoms and rights and our ability to do business. It’s time to take coordinated action – the cost of not acting is much higher than the cost of acting.”
While part of the reason for this directive is to make companies keep the public in the loop, it’s also designed to shame them into implementing better security. If you have to air your dirty laundry in public, you at least want to make sure it’s a brand name pair – or at least so my metro brother tells me.
KitGuru Says: This seems like a good plan, for all involved. If companies – like Sony – don’t inform their user base that they’ve been hacked and it gets found out, it goes very poorly for them.