← Back to Blog

EU Cyber Solidarity Act: Forging a Stronger, More United Front Against Cyber Threats

Introduction

We live in a digital world, no doubt. It's transformed our lives in countless positive ways. But this increased reliance on tech has also made us more vulnerable, hasn't it? Cyberattacks are on the rise, and recent events, like the war in Ukraine, have really highlighted just how fragile our digital space can be. When critical systems – things like energy grids, hospitals, and financial networks – are targeted, the impact can be huge.

That's where the EU Cyber Solidarity Act comes in. It's a proposal for a new regulation that's all about boosting the EU's ability to detect, prepare for, and respond to cybersecurity threats and incidents. Think of it as a framework built on three core ideas: a European cyber shield, a cybersecurity emergency mechanism, and a way to review cybersecurity incidents to learn from them. It's designed to work alongside existing cybersecurity laws, making the EU as a whole more resilient in the face of cyber challenges.  

What is the EU Cyber Solidarity Act and Why is it Important?

Essentially, the Cyber Solidarity Act is a plan for how the EU can better tackle cybersecurity threats and incidents. It's about improving our ability to spot threats early, getting ready for them, and acting decisively when major incidents occur.  

Key Components

The Cyber Solidarity Act is built around three main pillars:

  • European Cyber Shield: This is all about creating a network of Security Operations Centres (SOCs) across Europe. These SOCs, both national and those spanning multiple countries, will work together to get better at detecting, analyzing, and responding to cyber threats. The aim? To create a system that can gather and share information on threats, develop useful intelligence, and support the cybersecurity community.  
  • Cybersecurity Emergency Mechanism: This is focused on getting the EU better prepared for and able to respond to major cybersecurity incidents. It includes things like preparedness testing, having response actions ready through an EU Cybersecurity Reserve, and helping each other out between Member States. The EU Cybersecurity Reserve will be made up of incident response services from trusted providers, ready to jump in and assist Member States when things get serious.  
  • Cybersecurity Incident Review Mechanism: This is about taking a close look at major cybersecurity incidents. ENISA, the European Union Agency for Cybersecurity, will play a key role in reviewing these incidents, providing reports on what was learned, and making recommendations on how to improve the EU's cybersecurity defenses.  

When and Why is it Mandatory to Implement?

Once it's adopted, the Cyber Solidarity Act will create certain obligations for EU Member States and other relevant parties.

  • Member States will have to designate at least one National SOC to be part of the European Cyber Shield.  
  • There will be requirements for setting up Cross-border SOCs, which involve at least three Member States working together.  
  • Entities in critical and highly critical sectors will need to undergo coordinated preparedness testing as part of the Cybersecurity Emergency Mechanism.  

Putting this into action is essential for boosting the EU's collective power to detect, get ready for, and respond to the growing number and complexity of cyber threats.  

Who Does it Apply To?

The Cyber Solidarity Act will have implications for a range of stakeholders:

  • Member States: National governments will have responsibilities in setting up SOCs, participating in cross-border cooperation, and implementing the cybersecurity emergency mechanism.  
  • Entities in Critical and Highly Critical Sectors: These organizations will face preparedness testing and may receive support from the EU Cybersecurity Reserve if incidents occur.  
  • Security Providers: Trusted managed security service providers will have a role to play in the EU Cybersecurity Reserve.  
  • ENISA and ECCC: These EU agencies will have major roles in putting the Act into practice and overseeing its various parts.  

What Problems Do These Frameworks Solve?

The Cyber Solidarity Act is designed to tackle some key challenges:

  • Insufficient Detection and Situational Awareness: The Act aims to improve the EU's ability to spot and analyze cyber threats and incidents through the creation of the European Cyber Shield.  
  • Lack of Preparedness and Response Capacity: The Cybersecurity Emergency Mechanism is focused on enhancing the EU's ability to get ready for and respond to major cyber incidents.  
  • Need for Solidarity and Cooperation: The Act encourages Member States to work together and provide mutual assistance when dealing with cyber crises.  
  • Gaps in Incident Review and Learning: The Cybersecurity Incident Review Mechanism will make it easier to analyze incidents and share lessons learned to improve how we respond in the future.  

What are the Timelines to Implement?

  • NIS 2 needs to be implemented into national law by October 2024.  
  • The Joint Cyber Unit (JCU) platform was supposed to be fully up and running by June 30, 2023.  
  • The first report evaluating the regulation by the Council and the Parliament is due 4 years after the regulation starts being used.  

What are the Nuances?

  • The Cyber Solidarity Act is meant to complement and build on existing cybersecurity laws and programs, like the NIS Directive and the Cybersecurity Act.  
  • The European Cyber Shield will involve a network of SOCs at both the national and cross-border levels, with specific rules for how they're set up and how they operate.  
  • The Cybersecurity Emergency Mechanism includes setting up an EU Cybersecurity Reserve, which will rely on trusted providers and have specific procedures for requesting and providing support.  
  • Interoperability and information sharing are crucial to the Act, with a focus on ensuring secure communication and data exchange between SOCs and other relevant parties.  
  • Funding for the initiatives under the Act will be implemented according to the Digital Europe Programme (DEP) Regulation.  

Conclusion

The EU Cyber Solidarity Act is a big step towards a stronger and more coordinated European cybersecurity system. By creating a European cyber shield, a cybersecurity emergency mechanism, and a cybersecurity incident review mechanism, the Act aims to improve the EU's ability to detect, prepare for, and respond to cyber threats and incidents. It's something that cybersecurity professionals should definitely keep a close eye on, as it will play a key role in shaping the future of cybersecurity in the EU.

Written by :

Purnima Kushwaha

Our products
Security Maturity Lifecycle Cloud Security PostureAutomated Threat ModelingASPM - Pipeline Security
Patents pending -> Europe - EP23020192.3, US IP 18135688, India - 202341029005
Copyright © 2024 Aristiun - All Rights Reserved.