EU considering mandatory cybersecurity rules for social networks

Mandatory risk management for social networks could form part of a European Commission legislative proposal on network and information security, it was revealed as a public consultation on the issue was announced yesterday.

Europe's law makers want input from governments and industry as well as citizens on how to manage incidents that could cause disruption to essential network and information systems, including the internet. One of the elements that will form part of the planned EU Strategy on Cyber Security is a security breach reporting requirement.

The Commission is also considering mandatory risk management practices for networks and information systems that are "critical to the provision of key economic and societal services (e.g. finance, energy, transport and health) and to the functioning of the Internet (e.g. e-commerce, social networking)." Currently only telecoms operators and ISPs are required by EU law to adopt risk management practices and to report security incidents.

According to the Commission, in 2011 web-based attacks increased by 36% over the previous year and there was a five-fold increase in companies reporting security incidents with a financial impact between 2007 and 2010.

The Commission together with the EU High Representative for Foreign Affairs and Security Policy is due to present the Strategy on Cyber Security later this year.

Interested parties can respond to the consultation until October 12.