Internet security cannot be left to the national security agencies said the EU's digital agenda commissioner as she outlined her plans for a Europe-wide cybersecurity strategy.
The Commission is due to present its plan for a European Strategy for Internet Security in the third quarter of this year, but Commissioner Neelie Kroes said that under the proposals, EU member states will be asked to guarantee minimum capabilities to respond adequately to threats.
Kroes also wants data breach notification rules, such as in the telecoms sector, for critical information-infrastructure sectors like energy, water, finance and transport. She pointed out that the recent World Economic Forum estimated that there is a one in 10 chance of a major breakdown of critical information infrastructure in the next decade.
"Prompt reporting means competent national authorities can react quickly to incidents and minimise their impact. We'll need to share critical information in a secure and confidential manner: within and between public and private sectors. CERTs and other competent bodies need to exchange regularly and rapidly, to warn and assist," said the commissioner.
The plans would require member states to centralise information and to establish competent authorities responsible for it. "A European Forum could then be created to establish collaboration between these authorities and the private sector. This would support a European cyber-incident contingency plan and exchange of best practices," said Kroes.