The European Commission published a cyber-security strategy and a proposed directive on network and information security (NIS) Feb. 7, which is likely to affect U.S. businesses with international operations.
The directive is stricter than current U.S. regulations, which don’t require companies to publically disclose breaches unless identifying information, such as credit card or Social Security numbers, is involved.
“If and when adopted, it will be a game-changer,” Stewart Baker, a former assistant secretary at the U.S. Department of Homeland Security told Bloomberg, according to Feb. 8 report.
The Obama administration, however, is working on what it hopes will also be a game-changer. The administration has been working on an executive order designed to heighten cyber-security standards, and it is expected to issue it after President Obama’s Feb. 12 State of the Union address, according to Bloomberg. Though adherence would be voluntary, the order would establish new standards for companies responsible for critical U.S. infrastructure.
In November 2012, the Senate voted on whether to close debate on the much-debated Cybersecurity Act of 2012, but for the second time, the measure failed to receive the 60 votes required to send the legislation to a final vote, creating greater urgency for the Obama administration to create an executive order.
Further heightening such urgency is the recent increase in high-level hacks.
During the Feb. 3 Super Bowl, the U.S. Federal Reserve was hacked, though the agency said that “no critical functions” were affected.
On Jan. 30, The New York Times announced that it had been the victim of Chinese hackers, and in the following days The Washington Post and The Wall Street Journal said they had as well. Among those targeted, reported The Times, were journalists who had written unflattering information about Chinese leaders and telecom companies Huawei Technologies and ZTE.
In October 2012, the U.S. House Intelligence Committee released a report warning U.S. companies in charge of critical U.S. infrastructure, such as railways and utility companies, not to use equipment from Huawei or ZTE. The committee said that the pairs’ “incomplete, contradictory and evasive responses” during a monthslong investigation made it fear that the brands answer to the Chinese government and so pose a potential threat to U.S. security.
Obama’s upcoming order would incorporate new standards into current regulation, Bloomberg reported, citing former White House officials. It would also direct the government to “share more information about computer threats with the private sector and issue more security clearances allowing industry representatives to receive classified information.”
The new European Commission (EC) directive articulates five priorities: achieving cyber-resilience, drastically reducing cyber-crime, developing a cyber-defense policy, developing the industrial and technological means for cyber-security, and establishing a “coherent international cyberspace policy for the European Union and promoting core EU values.”
“The more people rely on the Internet, the more people rely on it to be secure,” Neelie Kroes, EC vice president for the Digital Agenda, said in a Feb. 7 statement from Brussels. “A secure Internet protects our freedoms and rights and our ability to do business. It’s time to take coordinated action—the cost of not acting is much higher than the cost of acting.”
