Activities of Konstantinos ARVANITIS related to 2022/0085(COD)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union
Amendments (7)
Amendment 14 #
Proposal for a regulation
Recital 2
Recital 2
(2) The cyber threat landscape faced by Union institutions, bodies, offices and agencies is in constant evolution. The tactics, techniques and procedures employed by threat actors are constantly evolving, while the prominent motives for such attacks change little, from stealing valuable undisclosed information to making money, manipulating public opinion or undermining digital infrastructure. The pace at which they conduct their cyberattacks keeps increasing, while their campaigns are increasingly sophisticated and automated, targeting exposed attack surfaces that keep expanding and quickly exploiting vulnerabilities. (This amendment applies throughout the text, namely also under Recitals 3 (x2), 4 (x2), 5, 7 (x3), 8, 9, 10, 11 (x2), 12, 13 (x5), 14 (x2), 15, 16, 17 (x2), 18 (x3), 22, 24 (x2), and Articles 1(a), 1(b), 1(c), 2, 3(1) (x2), 7.1, 8.1 (x2), 9.2(a), 9.3, 10(a), 11, 12.1 (x2), 12.2, 12.2(e), 12.3(a), 12.5(a), 12.5(b), 12.5.(c) (x2), 12.6, 12.7, 13.1(a), 13.1(b), 13.1(c), 15.3, 15.4, 15.5, 16.1, 18.1, 18.2, 18.4, 19.1, 19.2, 20.1, 20.2, 20.4, 21.1(a), 21.2, 21.3, 22.1, 22.2, 22.3, 23, Annex II.)
Amendment 23 #
Proposal for a regulation
Recital 23
Recital 23
(23) The handling of information by CERT-EU and the Union institutions, bodies, offices and agencies should be in line with the rulesUnion rules on information security, in particular those laid down in Regulation [proposed Regulation on information security]. To ensure coordination on security matters, any contacts with CERT- EU initiated or sought by national security and intelligence services should be communicated to the Commission’s Security Directorate and the chair of the IICB without undue delay. (As per the insertion of the word "offices", please refer to proposed amendment on recital 2.)
Amendment 40 #
Proposal for a regulation
Article 18 – paragraph 4
Article 18 – paragraph 4
4. The handling of information by CERT-EU and its Union institutions, bodies, offices and agencies shall be in line with the rulesUnion rules on information security, in particular those laid down in [proposed Regulation on information security]. (As per the insertion of the word "offices", please refer to proposed amendment on recital 2.)
Amendment 43 #
Proposal for a regulation
Article 19 – paragraph 1
Article 19 – paragraph 1
1. To enable CERT-EU to carry out its tasks as set out in Article 12, and in particular to coordinate vulnerability management and incident response, it may request Union institutions, bodies, offices and agencies towill, upon CERT-EU request, provide it with information from their respective IT systemNIS inventories that is relevant for the CERT- EU support. The requested institution, body or agency shall transmit the requested information, and any subsequent updates thereto, without undue delay. (NIS (Network and Information Systems) is defined in Article 3 para. 2 and covers a broader field of relevant activities compared to IT. As per the insertion of the word "offices", please refer to proposed amendment on recital 2.)
Amendment 48 #
Proposal for a regulation
Article 19 – paragraph 3 – subparagraph 1 (new)
Article 19 – paragraph 3 – subparagraph 1 (new)
Amendment 53 #
Proposal for a regulation
Article 21 – paragraph 3 – subparagraph 1 (new)
Article 21 – paragraph 3 – subparagraph 1 (new)
Union institutions, bodies, offices and agencies shall provide CERT-EU with information on cyber threats, incidents, near misses and vulnerabilities affecting them. CERT-EU shall ensure that efficient means of communication are available for the purpose of facilitating information sharing with Union institutions, bodies, offices and agencies.
Amendment 55 #
Proposal for a regulation
Article 21 – paragraph 4
Article 21 – paragraph 4
4. The IICB shall issue guidance on incident response coordination and cooperation for significant incidents. Where the criminal nature of an incident is suspected, IICB or CERT-EU shall advise on how to report the incident to law enforcement authorities.