30 Amendments of Mauri PEKKARINEN related to 2023/0109(COD)
Amendment 57 #
Proposal for a regulation
Recital 15
Recital 15
(15) At national level, the monitoring, detection and analysis of cyber threats is typically ensured by SOCs of public and private entities, in combination with CSIRTs. In addition, CSIRTs exchange information in the context of the CSIRT network, in accordance with Directive (EU) 2022/2555. The Cross-border SOCs should constitute a new capability that is complementary to the CSIRTs network, by pooling and sharing data on cybersecurity threats from public and private entities, enhancing the value of such data through expert analysis and jointly acquired infrastructures and state of the art tools, and contributing to the development of Union capabilities and technological sovereigntya significant cybersecurity ecosystem with strong Union capabilities and cooperation with like-minded partners.
Amendment 59 #
Proposal for a regulation
Recital 16
Recital 16
(16) The Cross-border SOCs should act as a central point allowing for a broad pooling of relevant data and cyber threat intelligence, enable the spreading of threat information among a large and diverse set of actors (e.g., Computer Emergency Response Teams (‘CERTs’), CSIRTs, Information Sharing and Analysis Centers (‘ISACs’), operators of critical infrastructures). The information exchanged among participants in a Cross- border SOC could include analyzed data from networks and, sensors, logging, and telemetry, threat intelligence feeds, indicators of compromise, and contextualised information about incidenttactics, techniques and procedures (TTPs), incidents, malware samples, threats and vulnerabilities. In addition, Cross-border SOCs should also enter into cooperation agreements with other Cross- border SOCs.
Amendment 63 #
Proposal for a regulation
Recital 20
Recital 20
(20) By collecting, sharing and exchanging data, the European Cyber Shield should enhance the Union’s technological sovereigntysignificant cybersecurity ecosystem. The pooling of high-quality curated data should also contribute to the development of advanced artificial intelligence and data analytics technologies. It should be facilitated through the connection of the European Cyber Shield with the pan- European High Performance Computing infrastructure established by Council Regulation (EU) 2021/117325 . _________________ 25 Council Regulation (EU) 2021/1173 of 13 July 2021 on establishing the European High Performance Computing Joint Undertaking and repealing Regulation (EU) 2018/1488 (OJ L 256, 19.7.2021, p. 3).
Amendment 68 #
Proposal for a regulation
Recital 33
Recital 33
(33) A Union-level Cybersecurity Reserve should gradually be set up, with initial funding of 10 million euro under this Regulation until the Evaluation. It consistings of services from private providers of managed security services to support response and immediate recovery actions in cases of significant or large-scale cybersecurity incidents. The EU Cybersecurity Reserve should ensure the availability and readiness of services. The services from the EU Cybersecurity Reserve should serve to support national authorities in providing assistance to affected entities operating in critical or highly critical sectors as a complement to their own actions at national level. When requesting support from the EU Cybersecurity Reserve, Member States should specify the support provided to the affected entity at the national level, which should be taken into account when assessing the Member State request. The services from the EU Cybersecurity Reserve may also serve to support Union institutions, bodies and agencies, under similar conditions. The Commission shall ensure that it will not duplicate similar initiatives within NATO.
Amendment 70 #
Proposal for a regulation
Recital 35 a (new)
Recital 35 a (new)
(35a) In light of the additional tasks provided for in this Regulation as well as in the [Proposal for horizontal cybersecurity requirements for products with digital elements], ENISA should be provided with the necessary human and financial resources under the Union budget.
Amendment 88 #
Proposal for a regulation
Article 2 – paragraph 1 – point 1
Article 2 – paragraph 1 – point 1
(1) ‘Cross-border Security Operations Centre’ (“Cross-border SOC”) means a multi-country platform, that brings together in a coordinated network structure national SOCs from at least three Member States who form a Hosting Consortium, and that is designed to preventdetect and analyze cyber threats and prevent incidents and to support the production of high-quality intelligence, notably through the exchange of data from various sources, public and private, as well as through the sharing of state-of-the-art tools and jointly developing cyber detection, analysis, and prevention and protection capabilities in a trusted environment;
Amendment 101 #
Proposal for a regulation
Article 3 – paragraph 1 – subparagraph 1
Article 3 – paragraph 1 – subparagraph 1
An interconnected pan-European infrastructure of Security Operations Centres (‘European Cyber Shield’) shall be established to develop advanced capabilities for the Union to detect, analyse and process data on cyber threats and prevent incidents in the Union. It shall consist of all National Security Operations Centres (‘National SOCs’) and Cross- border Security Operations Centres (‘Cross-border SOCs’).
Amendment 106 #
Proposal for a regulation
Article 3 – paragraph 2 – subparagraph 1 – point e
Article 3 – paragraph 2 – subparagraph 1 – point e
(e) provide services and activities for the cybersecurity community in the Union, including contributing to the development of advanced artificial intelligence and data analytics tools.
Amendment 110 #
Proposal for a regulation
Article 4 – paragraph 1 – subparagraph 2
Article 4 – paragraph 1 – subparagraph 2
It shall have the capacity to act as a reference point and gateway to other public and private organisations at national level for collecting and analysing information on cybersecurity threats and incidents and contributing to a Cross-border SOC. It shall be equipped with state-of-the-art technologies capable of detecting, aggregating, and analysing data relevant to cybersecurity threats and incidents. It or the national CSIRT may request telemetry, sensor or logging data that pertain to sectors of high criticality as defined in 2022/2555 from trusted providers or managed security service providers. This data may only be shared to support the tasks and responsibilities of the national SOC or CSIRT in detecting and preventing cybersecurity incidents.
Amendment 120 #
Proposal for a regulation
Article 5 – paragraph 2 a (new)
Article 5 – paragraph 2 a (new)
2a. Procurement from and participation of a private entity that is established in a like-minded third country should be allowed if it does not contravene the security and defence interests of the Union and the Member States as established in the framework of the common foreign and security policy pursuant to Title V of the TEU, or the objectives set out in this Regulation. Those private entities should not be controlled by a non-associated third country or they shall have been subject to screening within the meaning of Regulation (EU) 2019/452 of the European Parliament and of the Council.
Amendment 126 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
(a) aims to prevent, detect, respond to or recover from incidentsproves the exchange of cyber threat intelligence between SOCs and industry ISACs with the aim to prevent, detect, or to mitigate their impactincidents;
Amendment 129 #
Proposal for a regulation
Article 6 – paragraph 2 – point a
Article 6 – paragraph 2 – point a
(a) a commitment to share a significant amount of data referred to in paragraph 1, and the conditions under which that information is to be exchanged;
Amendment 131 #
Proposal for a regulation
Article 6 – paragraph 3
Article 6 – paragraph 3
3. To encourage exchange of information betweenamongst Cross-border SOCs and with industry ISACs, Cross-border SOCs shall ensure a high level of interoperability between themselves and, where possible with industry ISACs. To facilitate the interoperability between the Cross-border SOCs, the Commission may, by means of implementing acts, after consulting the ECCC, specify the conditions for this interoperability. Those implementing and with industry ISACs, information sharing standards and protocols should be harmonized with international standards and industry best practices. The ECCC may also request the Commission by means of delegated acts to propose the conditions for this interoperability in close coordination with the regional SOCs and on the basis of international standards and industry best practices. Those delegated acts shall be adopted in accordance with the examination procedure referred to in Article 21(2) of this Regulation.
Amendment 135 #
Proposal for a regulation
Article 6 – paragraph 4
Article 6 – paragraph 4
4. Cross-border SOCs shall conclude cooperation agreements with one another and with industry ISACs, specifying information sharing and interoperability principles among the cross-border platforms.
Amendment 136 #
Proposal for a regulation
Article 7 – title
Article 7 – title
Cooperation and information sharing with Union entitiesthe CSIRT network
Amendment 137 #
1. Where the Cross-border SOCs obtain information relating to a potential or ongoing large-scale cybersecurity incident, they for the purpose of shared situation awareness, the coordinating SOC shall provide the relevant information to its CSIRT or competent authority, which will report this to the EU=CyCLONe, the CSIRTs network and the Commission, in view of their respective crisis management roles and procedures in accordance with Directive (EU) 2022/2555 without undue delay.
Amendment 141 #
Proposal for a regulation
Article 7 – paragraph 2
Article 7 – paragraph 2
2. The Commission may, after consulting the cross-border platforms and the CSIRT network, by means of implementing acts, determine the procedural arrangements for the information sharing provided for in paragraphs 1. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 21(2) of this Regulation and in accordance with Directive (EU) 2022/2555.
Amendment 145 #
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
3. The Commission may adopt implementing acts laying down technical requirements for Member States to comply with their obligation under paragraph 1 and 2. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 21(2) of this Regulation and with Directive (EU) 2022/2555 and 2022/2557. In doing so, the Commission, supported by the High Representative, shall take into account relevant defence-level security standards, in order to facilitate cooperation with military actors.
Amendment 153 #
Proposal for a regulation
Article 11 – paragraph 2
Article 11 – paragraph 2
2. The NIS Cooperation Group in cooperation with the Commission, ENISA, and the High Representative, shall develop common risk scenarios and methodologies for the coordinated testing exercisespreparedness testing. This will inform the identification of sectors, or -subsectors concerned from which entities may be subject to the coordinated prepareness testing as described in paragraph 1.
Amendment 161 #
Proposal for a regulation
Article 12 – paragraph 5
Article 12 – paragraph 5
5. The Commission shall have overall responsibility for the implementation of the EU Cybersecurity Reserve. The Commission shall determine the priorities and evolution of the EU Cybersecurity Reserve, in coordination with the NIS2 Coordination Group and in line with the requirements of the users referred to in paragraph 3, and shall supervise its implementation, and ensure complementarity, consistency, synergies and links with other support actions under this Regulation as well as other Union actions and programmes.
Amendment 167 #
7. In order to support the Commission in establishing the EU Cybersecurity Reserve, ENISA shall prepare a mapping of the services needed, after consulting Member States and, the Commission, managed security services providers and industry representatives. ENISA shall prepare a similar mapping, after consulting the Commission, to identify the needs of third countries eligible for support from the EU Cybersecurity Reserve pursuant to Article 17. The Commission, where relevant, shall consult the High Representative.
Amendment 175 #
Proposal for a regulation
Article 14 – paragraph 2 – point d
Article 14 – paragraph 2 – point d
(d) the scale and potential cross-border nature of the incident and the risk of spill over to other Member States or users;
Amendment 177 #
Proposal for a regulation
Article 14 – paragraph 3
Article 14 – paragraph 3
3. The EU Cybersecurity Reserve services shall be provided upon approval of the user and in accordance with specific agreements between the service provider and the user to which the support under the EU Cybersecurity Reserve is provided. Those agreements shall include liability conditions.
Amendment 180 #
Proposal for a regulation
Article 14 – paragraph 5
Article 14 – paragraph 5
5. The Commission and ENISA shall bear no contractual liability for damages caused to third parties by the services provided in the framework of the implementation of the EU Cybersecurity Reserve, except in cases of negligence in the evaluation of the application of the service provider, or in cases where the Commission or ENISA are users and are found responsible for damages.
Amendment 182 #
Proposal for a regulation
Article 14 – paragraph 6
Article 14 – paragraph 6
6. Within one month from the end of the support action, the users shall provide Commission and ENISA with a summary report about the service provided, results achieved and the lessons learned. When the user is from a third country as set out in Article 17, such report shall be shared with the High Representative. The report shall respect Union or national law concerning the protection of sensitive or classified information.
Amendment 184 #
Proposal for a regulation
Article 14 – paragraph 7
Article 14 – paragraph 7
7. The Commission shall report to the NIS Cooperation Group about the use and the results of the support, on a regular basis. It shall protect confidential information, in accordance with Union or national law concerning the protection of sensitive or classified information.
Amendment 199 #
Proposal for a regulation
Article 16 – paragraph 2 – point j
Article 16 – paragraph 2 – point j
(j) once an EU certification scheme for managed security service Regulation (EU) 2019/881 is in place, the provider shall be certified in accordance with that scheme within two years.
Amendment 200 #
Proposal for a regulation
Article 16 – paragraph 2 – point j a (new)
Article 16 – paragraph 2 – point j a (new)
(ja) the provider shall be able to unbundle their services from the wider contract so the user can switch to another service provider;
Amendment 204 #
Proposal for a regulation
Article 18 – paragraph 3
Article 18 – paragraph 3
3. The report shall cover a review and analysis of the specific significant or large- scale cybersecurity incident, including the main causes, vulnerabilities and lessons learned. It shall protect confidential information, in accordance with Union or national law concerning the protection of sensitive or classified information. It shall not include any details about actively exploited vulnerabilities that remain unpatched.
Amendment 213 #
Proposal for a regulation
Article 20 – paragraph 1 a (new)
Article 20 – paragraph 1 a (new)
Every year when presenting the Draft Budget for the following year, the Commission shall submit a detailed assessment of ENISA's tasks under this Regulation as well as [the proposal for a Regulation on horizontal cybersecurity requirements for products with digital elements] and other Union legislation and shall detail the financial and human resources needed to fulfil those tasks.