European Parliament gives first approval for creation of cyber “shield”

The European Parliament took the 1st step to approve the so-called Cybersolidarity project. The proposal creates a kind of “European shield”, with the establishment of a common infrastructure for EU (European Union) countries to, among other things, detect and respond to cyber threats.

The text (full – PDF – 675 kB) was approved by the deputies in a 1st round on Wednesday (April 24, 2024). There were 470 votes in favor, 23 against and 86 abstentions. Now, the project goes to the European Council. There will then be 2nd and 3rd rounds of reading and voting in both bodies before the legislation comes into force in the EU.

In general, the project creates:

• a European infrastructure that functions as a cybersecurity alert and attack prevention system;
• an emergency mechanism to support EU countries with preparatory actions and mutual assistance in the event of cyber incidents;
• a kind of list made up of private suppliers that can assist countries with cybersecurity issues if necessary.

The proposal may still undergo modifications both in the European Council and in Parliament. But, according to the text approved on Wednesday (April 24), the main measure is the creation of the European Cybersecurity Alert Systemto strengthen coordinated detection capabilities at EU level.

This system, says the text, “should reinforce technological sovereignty“da UE ea”open strategic autonomy in the field of cybersecurity, competitiveness and resilience”. In addition to acting on prevention and intelligence in the cyber area, the European system will also analyze recorded incidents. The money for the project will come from the EU’s PED (Digital Europe Program) budget.

It will be composed of a digital security entity from each EU country, “responsible for coordinating cyber threat detection activities in that Member State” and share the information.

National entities, the text reads, must be equipped with “cutting-edge infrastructure” e “have highly qualified personnel”. The project cites the use “the latest artificial intelligence and data analysis technologies”. Countries can turn to private companies and request financial assistance from the EU.

“The Union’s financial contribution covers up to 50% of the acquisition costs of tools, infrastructure and services, and up to 50% of operational costs, with the remaining costs being covered by the Member State”, says the text.

The project determines the creation of a emergency cybersecurity mechanism. Among the actions listed is testing organizations in highly critical sectors (such as health, transport and energy) to detect potential vulnerabilities.

This mechanism also seeks to reinforce cooperation between EU countries to prevent and respond to cyber attacks. The text says that a country in the bloc can help another in case of need and then turn to the EU to pay for this help. “Eligible costs may include travel, accommodation and daily allowances for cybersecurity experts”, says the project.

It will be created EU Cybersecurity Poolwith contracts with “trusted providers” that will be deployed to help countries respond to attacks. It is a kind of list of private services that intervene when an institution or country considers that its capacities are overloaded. The creation and coordination of this list is the responsibility of the European Commission.