MEPs call for tighter EU cybersecurity standards for connected devices, apps and operating systems, amid recent cyberattacks on critical infrastructure in the EU.
A resolution adopted on Thursday calls for connected products and associated services, including supply chains, to be made secure-by-design, resilient to cyber incidents, and quickly patched if vulnerabilities are discovered. MEPs welcome the European Commission’s plans to propose horizontal legislation on cybersecurity requirements for connected products and associated services, but also want the Commission to attempt to harmonise national laws in order to avoid the fragmentation of the Single Market. The text also demands legislation imposing cybersecurity requirements for apps, software, embedded software (that control various devices and machines that are not computers) and operating systems (software that runs a computer’s basic functions) by 2023.
Hybrid threats
MEPs warn that hybrid threats, i.e. methods or activities used by hostile state or non-state actors to target democratic states and institutions, are increasing and are becoming more sophisticated. This includes the use of disinformation campaigns and cyberattacks on infrastructure, economic processes and democratic institutions. They fear the impact on elections, legislative procedures, law enforcement and justice. Moreover, the COVID19 crisis has again exposed the cyber vulnerabilities of some critical sectors, in particular healthcare, while teleworking and social distance has increased our dependency on digital technologies and connectivity. MEPs note the recent series of cyberattacks on healthcare systems such as in Ireland, Finland and France, which cause significant damage to healthcare systems and patient care, they say. The resolution, adopted with 670 votes to 4, with 12 abstentions, comes in response to the EU’s Cybersecurity Strategy for the Digital Decade.
The Internet of Things is made of connected devices such as machines, sensors, industrial components and networks that are quickly increasing in number, with 22.3 billion devices expected to be linked to the Internet worldwide by 2024. MEPs note that cybersecurity awareness among individuals and businesses remains low and that there is a shortage of skilled workers in the sector. Cybersecurity capabilities are also heterogeneous among Member States amid a lack of EU agreement on cyber intelligence collaboration and collective response against cyber and hybrid attacks.