EU enacts new laws to strengthen cybersecurity defenses and coordination

The European Union has enacted two new laws to bolster its cybersecurity defenses and coordination mechanisms. The measures, part of the cybersecurity legislative package, include the Cyber Solidarity Act and amendments to the Cybersecurity Act (CSA).

These steps aim to improve the EU’s ability to detect, prepare for, and respond to cyber threats while fostering uniformity in managed security services, the Council of the EU said in a statement.

“In view of the fast-evolving threat landscape, the threat of possible large-scale cybersecurity incidents causing significant disruption or damage to critical infrastructure demands a heightened preparedness of the Union’s cybersecurity framework,” the Council’s statement read.

The legislation will come into effect 20 days after publication in the EU’s official journal.

“It has the potential to enhance cross-border threat detections and response capabilities by forcing collaboration, improving threat intelligence sharing and strengthening overall cybersecurity resilience in the EU,” said Madelein van der Hout, senior analyst at Forrester. “Success will really depend on effective implementation and ongoing commitment from member states.”

Enhancing threat detection and preparedness

The Cyber Solidarity Act introduces a new cybersecurity alert system, creating a network of national and cross-border cyber hubs across the EU. These hubs will monitor and act on cyber threats using advanced technologies like AI and data analytics. This coordinated infrastructure is designed to share warnings and actionable insights across borders, ensuring a more unified response to cyber incidents.

“These cyber hubs will use state-of-the-art technology to detect and share timely warnings on cyber threats across borders,” the statement explained.

Analysts noted that while the Act is a positive step, the EU should not stop at regional collaboration.

“Cybersecurity challenges are inherently cross-border and require collaboration to address effectively,” said Faisal Kawoosa, Founder and lead analyst at Techarc. “The Solidarity Act is a positive step toward fostering information-sharing and collective learning across the EU. However, its impact could be limited if it doesn’t extend collaboration beyond the region. Threats often originate outside the EU, and working as a single block under the Act could streamline and expedite such efforts within the EU, but broader partnerships may be necessary to achieve global effectiveness.”

To address vulnerabilities in critical sectors such as healthcare, energy, and transport, the act also establishes an emergency mechanism. This includes preparedness measures such as stress testing entities for potential weaknesses and developing common risk scenarios and methodologies.

Streamlining incident response

A key component of the act is the creation of a cybersecurity reserve composed of private-sector response teams. These teams will be on standby to assist member states and EU institutions during significant cyber incidents. The reserve is supported by technical mutual assistance measures that promote collaboration among member states.

Additionally, an incident review mechanism will evaluate the efficacy of these emergency responses, ensuring continuous improvement in the EU’s cybersecurity strategies.

This feedback loop will help refine response efforts and identify gaps in preparedness, the statement added.

Addressing practical hurdles

While the unified SOC and enhanced information-sharing mechanisms are pivotal elements of the Cyber Solidarity Act, implementing such a system may encounter challenges.

“Two key challenges stand out,” Kawoosa said. “First, the hybrid system’s effectiveness hinges on extensive information sharing among member nations while balancing compliance with varying domestic data privacy and security laws. Despite having umbrella regulations, nuanced differences persist across countries. Second, establishing a unified Security Operations Center (SOC) will require clear definitions of its functions, limitations, and scope. Coordination with multiple law enforcement agencies across the region will further add complexity.”

According to Madelein, while the Cyber Solidarity Act presents a framework for enhancing cybersecurity across Europe, there are several challenges.

“The first is coordination complexity: the logistical challenges of coordinating efforts across multiple nations with different legal frameworks and operational protocols could hinder effective implementation. For instance, data localization laws mandate that data must be stored within the country of origin, leading to operational hurdles for companies operating across borders. The evolving nature of these regulations adds another layer of complexity requiring organizations to continuously adapt their practices to remain compliant,” Madelein said.

“Second is sustained investment: continuous funding and resource allocation will be necessary to maintain and evolve these initiatives in response to an ever-evolving threat landscape.  We also see infrastructure disparities: the technological infrastructure supporting cybersecurity varies significantly between nations. Some regions may lack the necessary resources or expertise to implement.”

She feels security risk is another major challenge. “Transportation of data across borders increases vulnerabilities to cyber threats. Data may pass through jurisdiction with weaker measures, raising concerns about breaches and misuse.”

These issues underscore the complexities involved in ensuring cross-border cybersecurity collaboration without undermining national regulations or operational efficiency.

Standardizing managed security services

A targeted amendment to the 2019 Cybersecurity Act complements the primary legislation by recognizing the growing importance of managed security services. This provision will enable the development of European certification schemes for specialized cybersecurity interventions, including incident handling, penetration testing, security audits, and technical consulting, the statement added.

The move addresses a critical gap in the current cybersecurity landscape. By creating standardized certification processes, the EU aims to foster trust, increase service quality, and prevent market fragmentation. Some member states had already begun developing national certification schemes, and this legislation provides a unified, comprehensive framework.

“This targeted amendment will enable the establishment of European certification schemes for these managed security services,” the Council’s statement read.  “It will help to increase their quality and comparability, foster the emergence of trusted cybersecurity service providers, and avoid fragmentation of the internal market given that some member states have already started the adoption of national certification schemes for managed security services.”

These certifications are expected to help businesses evaluate service providers more effectively, improving confidence in outsourcing critical cybersecurity functions.

“This will create a unified and standardized framework across the region,” Kawoosa noted, highlighting how the framework simplifies compliance, making it easier for businesses to navigate varying regulations in different member states.

“It is necessary in building trust among consumers and businesses,” Madelein pointed out. “Harmonization of cybersecurity standards is important in bringing better and more secure solutions. It also attracts investment investors are more inclined to support companies that operate within well-defined regulations.”

The proposals originated from the European Commission on April 18, 2023, and underwent extensive collaborative refinement. On March 6, 2024, co-legislators reached a provisional agreement, marking a significant milestone in digital policy development.

Both legislative acts are set to be published in the EU’s official journal in the coming weeks.

Read More

8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play

Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs.
“These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which

Read More

Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs

Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild.
The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in

Read More

Iranian Hackers Use “Dream Job” Lures to Deploy SnailResin Malware in Aerospace Attacks

The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group’s playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023.
“The campaign distributed the SnailResin malware, which activates the SlugResin backdoor,” Israeli cybersecurity company ClearSky said

Read More