The European Union has decided to bring into effect new rules governing the security of the region's digital infrastructure. Under the new rules, which were provisionally agreed by MPs, transport, energy and other key sectors of industry and commerce will have to ensure that they have sufficient cyber security controls in place.
What this effectively means is that the digital infrastructure that major players in key sectors use to deliver essential services, such as traffic control or electricity grid management, is resilient enough to withstand online attacks.
However, these new rules are not restricted to key industry sectors but also apply to major digital marketplaces like eBay or Amazon, Furthermore, the rules could apply to search engines, and cloud service providers as they to will be required to ensure that their infrastructure is secure, and to report major incidents. However, smaller digital companies will be exempt from these requirements.
This is a step in the right direction when it comes to unifying IT governance and security across the EU, however it does appear to be contradictory to the individual aims of some member states governments. The UK in particular has been working strenuously to introduce the so called 'snoopers charter,' which will allow law enforcement and government agency access to all sorts of digital communications. However for this to work requires that there are backdoors into applications, systems and above all ways for government agencies to defeat encryption.
Encryption is of course the prime method to ensure privacy and confidentiality of data and information and importantly to ensure that passwords and user credentials that may – in an increasingly mobile world – pass over the airwaves, and therefore be susceptible to WiFi eavesdropping.
The concern here is that the EU's new cyber rules may already be neutered by individual states' determination to deny privacy by weakening encryption available to citizens, whilst introducing backdoors that will almost certainly become an access point for cyber criminals.
Therefore, introducing new cyber security legislation aimed at enforcing big businesses to be responsible for their security infrastructure may prove to be mere rhetoric.
Photo Credit: Sergey Nivens/Shutterstock