8 Amendments of Annika BRUNA related to 2022/0084(COD)
Amendment 38 #
Proposal for a regulation
Recital 1 a (new)
Recital 1 a (new)
(1a) There are concerns surrounding the fact that the Commission and the European External Action Service (EEAS) are putting in place two concurrent initiatives to collaborate with private companies on cybersecurity threats.
Amendment 41 #
Proposal for a regulation
Recital 3
Recital 3
(3) Therefore, relevant rules ensuring a common level of information security in all Union institutions and bodies should be laid down, especially as the cybersecurity threats are growing and many national bodies have been attacked. They should constitute a comprehensive and coherent general framework for protecting EUCI and non- classified information, and should ensure equivalence of basic principles and minimum standards.
Amendment 47 #
Proposal for a regulation
Recital 3 a (new)
Recital 3 a (new)
(3a) EU governments should keep ownership of their sensitive information.
Amendment 52 #
Proposal for a regulation
Recital 5
Recital 5
(5) By creating a minimum common level of protection for EUCI and non- classified information, this Regulation contributes to ensuring that the Union institutions and bodies have the support of an efficient and independent administration in carrying out their missions. At the same time, each Union institution and body retains its autonomy in determining how to implement the rules laid down in this Regulation, in line with its own security needs. This Regulation shall in no case prevent Union institutions and bodies to fulfil their mission, as entrusted by the EU legislation, or encroach on their institutional autonomy. This minimum common level of protection for EUCI should ensure a careful balance between transparency and the use of classification in a way that prevents the EU bodies from carrying out their role.
Amendment 57 #
Proposal for a regulation
Recital 6 a (new)
Recital 6 a (new)
(6a) Most of the information on cyberthreats relates to the vulnerabilities exploited, in other words the weaknesses hackers exploit to obtain unauthorised access. The European Union Agency for Cybersecurity (ENISA) may not have sufficient capacity to deal with the volume of reports received from product manufacturers about such vulnerabilities. Member States would prefer these notifications to be sent to the national computer security incident response teams (CSIRT).
Amendment 61 #
Proposal for a regulation
Recital 10
Recital 10
(10) The Coordination Group should closely cooperate with the National Security Authorities of the Member States with a view to enhancing information security in the Union. An Information Security Committee of the Member States should therefore be set up to provide advice to the Coordination Group, while respecting the prerogatives of the Member States as regards confidential security data.
Amendment 66 #
Proposal for a regulation
Recital 14
Recital 14
(14) With the purpose of adjusting to the new teleworking practices, the networks used for connecting to the Union institution’s or body’s remote access services should be protected by adequate security measures, through investment in end-to-end network security.
Amendment 68 #
Proposal for a regulation
Recital 15
Recital 15
(15) Since Union institutions and bodies frequently make use of contractors and outsourcing, it is important to establish common provisions relating to contractors’ personnel carrying out tasks related to information security. and to verify the quality and confidentiality of external contractors.