“If everything is networked, everything can be hacked” – Ursula von der Leyen described the challenges and the status of IT security in the Internet of Things in clear terms. In view of the increasing cyber attacks in 2021, the President of the Commission calls on the member states to act together: von der Leyen has announced the draft of a new law with the aim of improving the security situation and formulating a uniform European cybersecurity policy.
Thierry Breton, the EU commissioner responsible for the internal market commented on the announcement the commission and outlines the objectives of the new law. According to Breton, the new law aims at four fields of action: prevention through improved protection mechanisms and uniform cybersecurity standards, measures for the early detection of attacks and vulnerabilities, a uniform European defense policy against cyber attacks and a doctrine of deterrence.
Insufficient security of networked products
Breton also names the Internet of Things as a problem area in his commentary. “To increase resilience, we have to introduce a common European cybersecurity standard for networked products and services in the internal market,” said Breton. In addition to prevention, he also advocates further active measures. In his view, it takes too much time before a cyber attack is detected. According to Breton, it takes an average of 190 days for a sophisticated attack to be noticed.
Do you already know the free one iX-Newsletter? Register now and do not miss anything on the monthly publication date: heise.de/s/NY1E The next issue will be about the title topic of the OctoberiX: Professions, Careers and Salaries for IT Professionals.
In order to reduce this period of time, Security Operation Centers (SOC) are to be set up and operated across Europe to detect suspicious activities at an early stage. Breton also advocates the formation of a Joint Cyber Unit, which, as a joint defense center of the member states, is to coordinate the defense against cyber attacks. The EU Commissioner names a common deterrent doctrine as the last building block. This should include means and measures to sanction identified attackers.
So far, the President of the Commission in her speech to the EU Parliament only announced the draft cyber resilience law. However, details or a concrete roadmap have not yet been published.