EU plans to implement mandatory cyber incident reporting
To improve cyber security, the EU is considering making it mandatory for businesses to report cyber attacks. Although a big supporter of self regulation, Neelie Kroes, the EU Commissioner for the Digital Agenda for Europe, told German Süddeutsche Zeitung newspaper that she did not think there would be much progress with it in this case. Together with the European Commissioner for Home Affairs, Cecilia Malmström, and the EU's High Representative for Foreign Affairs and Security Policy, Catherine Ashton, Kroes plans to propose a European cyber security strategy before the end of the year. The proposal is to be followed by a draft law that will regulate the consequences for internet service providers and data centre operators.
Similar plans were announced by the German Ministry of the Interior in early November: A proposed law on IT security is to regulate the reporting duties of businesses; the proposed law will generally cover, for example, telecommunications providers. To ensure an optimum outcome, the Ministry said that these companies, which are "responsible for the backbone of the information society", must guarantee the security of personal data as well as fully protect their infrastructures against unauthorised access. The proposal wasn't exactly greeted with enthusiasm by the German IT industry. At the German government's IT summit, the Federal Minister of Economics and Technology, Philip Rösler, said that he advocates a voluntary incident reporting strategy for businesses. He added that a single-handed German effort would threaten the German economy's ability to compete.
A joint EU cyber incident reporting strategy would largely neutralise Rösler's concerns. Kroes also advocated more openness when discussing the dangers of hacker attacks and the currently insufficient protection against them. She told Süddeutsche Zeitung that the reporting requirement wasn't about blaming each other but was a way to learn from the experiences of others. The Commissioner noted that people must feel confident that new technologies such as cloud computing are secure. The outsourcing of data and services to the internet won't catch on otherwise, she added. In the Commissioner's opinion, Europe would waste an opportunity to boost its ailing economy and alleviate the pressure on governments to cut public spending.
Kroes estimates that the increased use of cloud technologies could create about two and a half million new jobs by 2020. When presenting its cloud strategy, the European Commission had said that improving the support for cloud computing could enable European businesses to generate up to €220 billion in revenue in 2020. However, the German Federal Council criticised the EU's cloud strategy last week, saying that it needs improvements, particularly in terms of data protection and technical security.