Activities of Rasmus ANDRESEN related to 2022/0085(COD)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union
Amendments (9)
Amendment 14 #
Proposal for a regulation
Recital 8
Recital 8
(8) In order to avoid imposing a disproportionate financial and administrative burden on Union institutions, bodies and agencies, the cybersecurity risk management requirements should be proportionate to the risk presented by the network and information system concerned, taking into account the state of the art of such measures. Each Union institution, body and agency should aim to allocate an adequate percentage ofresources from its IT budget to improve its level of cybersecurity; in the longer term a target in the order of 10% should be pursued and to ensure at least a minimum level of cybersecurity corresponding to the risk assessment. The cost of ensuring cybersecurity is dependent on several factors such as size of the entity, need to ensure specific protections, surface of attacks and threat profile, and include fixed costs and a variable portion. Due to the ever increasing threats, in the longer term up to of 10% of an entity budget could be necessary to ensure an appropriate security level.
Amendment 18 #
Proposal for a regulation
Recital 8 a (new)
Recital 8 a (new)
(8 a) Prior to the allocation of additional staff resources, the Commission should conduct an analysis of the needs, including with regards to the long-term perspective.
Amendment 21 #
Proposal for a regulation
Recital 14
Recital 14
(14) In addition to giving CERT-EU more tasks and an expanded role, an Interinstitutional Cybersecurity Board (IICB) should be established, which should facilitate a high common level of cybersecurity among Union institutions, bodies and agencies by monitoring the implementation of this Regulation by the Union institutions, bodies and agencies and by supervising implementation of general priorities and objectives by CERT-EU and providing strategic direction to CERT-EU. The IICB should ensure representation of the institutions and include representatives of agencies and bodies through the Union Agencies Network and enforce a gender balanced appointment procedure. The IICB should require that all its members nominate a gender balanced representation.
Amendment 22 #
Proposal for a regulation
Recital 24 a (new)
Recital 24 a (new)
Amendment 24 #
Proposal for a regulation
Article 4 – paragraph 4
Article 4 – paragraph 4
4. Each Union institution, body and agency shall have effective mechanisms in place to ensure that an adequate percentage ofresources from the IT budget isare spent on cybersecurity.
Amendment 25 #
Proposal for a regulation
Article 4 – paragraph 4 a (new)
Article 4 – paragraph 4 a (new)
4 a. Each Union institution, body and agency shall ensure that the gender equality and gender balance principles apply in their appointments to the CERT- EU as well as in the allocation of their human resources for cyber security. Targeted training and adequate resources shall be devoted to promoting the employment of women in the area of cybersecurity within all Union institutions, bodies and agencies in order to help to close the digital gender gap.
Amendment 26 #
Proposal for a regulation
Article 9 – paragraph 3 – subparagraph 2
Article 9 – paragraph 3 – subparagraph 2
Members may be assisted by an alternate. Other representatives of the organisations listed above or of other Union institutions, bodies and agencies may be invited by the chair to attend IICB meetings without voting power. The nominations of Members shall be made under the application of the principle of gender balance.
Amendment 27 #
Proposal for a regulation
Article 12 – paragraph 7 a (new)
Article 12 – paragraph 7 a (new)
7 a. If the demand for chargeable services is higher than CERT-EU’s available resources to provide for these services, CERT-EU shall prioritise demands based on a risk analysis and the risk profile of the institutions, bodies and agencies.
Amendment 31 #
Proposal for a regulation
Article 23 – paragraph 1
Article 23 – paragraph 1
The Commission shall propose the reallocation of staff and financial resources from relevant Union institutions, bodies and agencies to the Commission budget. Theis reallocation shall be effective at the same time as the first budget adopted following the entry into force of this Regulation. The reallocations shall be made under due consideration of the principle of gender balance.