BETA

18 Amendments of Urmas PAET related to 2017/0225(COD)

Amendment 7 #
Proposal for a regulation
Recital 3 a (new)
(3 a) ENISA should give more practical and information based support to the EU cybersecurity industry, in particular SMEs and start-ups, which are key sources of innovative solutions in the area of cyber defence, and should promote closer cooperation with university research organisations and large players with a view to reducing dependencies on cybersecurity products form external sources and to creating a strategic supply chain inside the Union.
2018/03/28
Committee: BUDG
Amendment 8 #
Proposal for a regulation
Recital 4
(4) Cyber-attacks are on the increase and a connected economy and society that is more vulnerable to cyber threats and attacks requires stronger defences. However, while cyber-attacks are often cross-border, policy responses by cybersecurity authorities and law enforcement competences are predominantly national. Large-scale cyber incidents could disrupt the provision of essential services across the EU. This requires effective EU level response and crisis management, building upon dedicated policies and wider instruments for European solidarity and mutual assistance. Training needs in the area of cyber defence are substantial and increasing, and are most efficiently met cooperatively at Union level. Moreover, a regular assessment of the state of cybersecurity and resilience in the Union, based on reliable Union data, as well as systematic forecast of future developments, challenges and threats, both at Union and global level, is therefore important for policy makers, industry and users.
2018/03/28
Committee: BUDG
Amendment 10 #
Proposal for a regulation
Recital 13 a (new)
(13 a) Cooperation between the EU and NATO is essential in order to organise regular strategic level exercises with the participation of the top political leadership of both organisations. A good example of that cooperation is the Estonian exercise EU CYBRID 2017.
2018/03/28
Committee: BUDG
Amendment 11 #
Proposal for a regulation
Recital 15 a (new)
(15 a) International law applies to cyberspace and the 2013 and 2015 UN Group of Governmental Experts on Information Security (UNGGE) reports provide relevant guidelines, in particular as regards the prohibition for states to conduct or knowingly support cyber activities contrary to their obligations under international rules. The relevance of the Tallinn Manual 2.0 in this context is an excellent basis for a debate on how international law applies to cyberspace and it is now time for the Member States to start analysing and applying the Manual.
2018/03/28
Committee: BUDG
Amendment 204 #
Proposal for a regulation
Article 1 – paragraph 1 – point b
(b) lays down a framework for the establishment of European cybersecurity certification schemes for the purpose of ensuring an adequate level of cybersecurity of ICT products, processes and services in the Union. Such framework shall apply without prejudice to specific provisions regarding voluntary or mandatory certification in other Union acts.
2018/04/30
Committee: ITRE
Amendment 228 #
Proposal for a regulation
Article 2 – paragraph 1 – point 10
(10) ‘European cybersecurity certificate’ means a document issued by a conformity assessment body attesting that a given ICT product, process or service fulfils the specific requirements laid down in a European cybersecurity certification scheme;
2018/04/30
Committee: ITRE
Amendment 241 #
Proposal for a regulation
Article 3 – paragraph 2 a (new)
2 a. The Agency shall assist Member States and Union institutions in establishing policies and practices for the responsible management and coordinated disclosure of vulnerabilities in ICT products and services that are not publicly known.
2018/04/30
Committee: ITRE
Amendment 271 #
Proposal for a regulation
Article 4 – paragraph 7 a (new)
7 a. The Agency shall assist and advise Member States and Union institutions in establishing policies and practices for the responsible management and coordinated disclosure of vulnerabilities in ICT products and services that are not publicly known, inter alia, by establishing government vulnerability disclosure review processes and coordinated vulnerability disclosure policies.
2018/04/30
Committee: ITRE
Amendment 273 #
Proposal for a regulation
Article 5 – paragraph 1 – point 2
2. assisting Member States to implement consistently the Union policy and law regarding cybersecurity notably in relation to Directive (EU) 2016/1148, including by means of opinions, guidelines, advice and best practices on topics such as secure software and systems development, risk management, incident reporting and information sharing, technical and organisational measures, in particular the establishment of coordinated vulnerability disclosure programmes, as well as facilitating the exchange of best practices between competent authorities in this regard;
2018/04/30
Committee: ITRE
Amendment 277 #
Proposal for a regulation
Article 5 – paragraph 1 – point 2 a (new)
2 a. proposing a blueprint which establishes the roles, responsibilities and legal obligations of vendors, manufacturers, CERTs and CSIRTs, and which further clarifies the legal rights and protections of information security researchers in the context of a coordinated vulnerability disclosure programme, in particular in cases of multi-party vulnerability disclosures that affect multiple vulnerability finders and vendors in different Member States
2018/04/30
Committee: ITRE
Amendment 286 #
Proposal for a regulation
Article 5 – paragraph 1 – point 4 – point 2 a (new)
(2 a) the development and promotion of policies that would sustain the general availability or integrity of the public core of the open internet, which provide the essential functionality to the Internet as a whole and which underpin its normal operation, including, but not limited to, the security and stability of key protocols (in particular DNS, BGP, and IPv6), the operation of the Domain Name System (including those of all Top Level Domains), and the operation of the Root Zone
2018/04/30
Committee: ITRE
Amendment 288 #
Proposal for a regulation
Article 6 – paragraph 1 – point a a (new)
(a a) Members States and Union institutions in establishing and implementing coordinated vulnerability disclosure policies and government vulnerability disclosure review processes, whose practices and determinations should be transparent and subject to independent oversight.
2018/04/30
Committee: ITRE
Amendment 306 #
Proposal for a regulation
Article 7 – paragraph 7 a (new)
7 a. The Agency shall prepare, together with the EEAS, a regular global Cybersecurity Situational Report on incidents and threats towards individuals, including towards vulnerable users outside the EU such as lawyers, journalists, or human rights defenders, in order to help the Union institutions respond to external needs and uphold its human rights responsibilities abroad
2018/04/30
Committee: ITRE
Amendment 311 #
Proposal for a regulation
Article 7 – paragraph 8 – point e a (new)
(e a) assisting and advising Member States on establishing and implementing coordinated vulnerability disclosure policies and government vulnerability disclosure review processes.
2018/04/30
Committee: ITRE
Amendment 344 #
Proposal for a regulation
Article 8 – paragraph 1 – point c a (new)
(c a) support and promote the development and implementation of coordinated vulnerability disclosure policies and government vulnerability disclosure review processes
2018/04/30
Committee: ITRE
Amendment 511 #
Proposal for a regulation
Article 46 – paragraph 2 a (new)
2a. The methodology to distinguish between the different assurance levels should be guided by a test which assesses the resistance of the security functionalities against attackers that have significant to unlimited resources.
2018/04/30
Committee: ITRE
Amendment 534 #
Proposal for a regulation
Article 47 – paragraph 1 – point j
(j) rules concerning how previously undetected cybersecurity vulnerabilities in ICT products and services are to be reported and dealt with; requiring vulnerabilities in ICT products and services that are not publicly known to be reported expeditiously by the appropriate authorities to relevant vendors and manufacturers using a coordinated vulnerability disclosure process.
2018/04/30
Committee: ITRE
Amendment 540 #
Proposal for a regulation
Article 47 – paragraph 1 – point m a (new)
(ma) rules concerning how and when Member States must inform each other when they acquire knowledge of a vulnerability that is not publicly known in an ICT product or service that is certified under this certification scheme.
2018/04/30
Committee: ITRE