Network and Information Security Directive

The Network and Information Security Directive (aka NIS Directive or Cybersecurity Directive) is proposed legislation by the European Commission.

It aims to create a single "competent authority" in each member state to deal with information security issues. In the UK this would likely be some branch of the security services (e.g. OCSIA/CSOC). This would be the authority that security breaches would be reported to, which in turn would decide if the information can be publicly released.

Authorities would also have the power to "issue binding instructions to market operators and public administrations" which would enable them to make demands equivalent to those of the draft Communications Data Bill.

It also requires that each country establish a national CERT. (e.g. CERT-UK.)

See also: European Network and Information Security Agency, Attacks Against Information Systems Directive, Cyber Security Strategy

External links

• EU Cybersecurity plan to protect open internet and online freedom and opportunity, 2013-02-07

• Proposed Directive on Network and Information Security – frequently asked questions, Europa, 2013-02-07

• ENDitorial: Questions On The Draft Directive On Cybersecurity Strategy, 2013-01-16, EDRi / Ross Anderson
• EU cyber security directive considered harmful, Ross Anderson, 2013-02-08

• UK Government call for evidence (deadline 2013-06-21)

Media

• Infosec pros give verdict on EU’s new cybersecurity strategy: "Nice try", Sophos blog
• Mixed reaction to EC’s cyber security plan, 2013-02-07, Computer Weekly

References