Tuesday, October 11, 2016
EU Cyber Security Directive 2016/1148/EU
For most people EU regulations can be a good cure for insomnia . However just recently directive 1148 was ratified which deals with Cyber Security
For the first time it places the onus on Member states to identify Essential Services ( Electricity, Air, water, rail etc ) and ensure that they have specific measures in place to mitigate against Cyber Attack
"Member States shall ensure that operators of essential services take appropriate and proportionate technical and organisational measures to manage the risks posed to the security of network and information systems which they use in their operations. Having regard to the state of the art, those measures shall ensure a level of security of network and information systems appropriate to the risk posed. "
For other organizations like search engines an onus is placed on them to work in an "Entire Union" approach.
The Department of Communications notes that
Directive 2016/1148/EU will have direct implications for many firms and utilities in the State. Many of these firms and utilities are to be designated as 'operators of essential services' with security obligations and incident reporting requirements binding on them. These will include:
electricity, gas and oil companies
airlines, shipping firms, ports and airports
rail and road authorities, traffic management authorities
banks, other credit institutions, some financial intermediaries
hospitals and clinics
water distribution and Internet based companies
This Directive will also result in Ireland having to regulate particular multinational corporations who have their European headquarters based in Ireland and provide digital services in Europe. These digital services are online/ecommerce marketplaces, online search engines and cloud computing services.