The legislation aims to bolster the Union’s cyber-resilience and enhance its capabilities to prepare for, detect and respond to incidents
The European Union (EU) is transforming itself into a digitally aware, secure, and productive collective, with the aim of entering the 2030s as a relevant player within the digital sector.
One of the base ideas of this transformation is the Digital Decade program, which has multiple targets and guidance for relevant objectives for the digital sphere. Among these are ideas to essentially transform the entire digital infrastructure of the EU, with business prospects, governmental security, effectiveness, individual data privacy, and other safeguards in mind.
Cybersecurity is one of the areas that the EU finds important. With the NIS2 Directive, it is already jumping ahead, as its aim is to strengthen cyber-resilience across the Union in response to the growing dependency of critical sectors on digitalization and their higher exposure to cyberthreats.
Perhaps the most important development within this is the proposed EU Cyber Solidarity Act, which aims to strengthen the Union by creating better detection, preparedness, and response to significant or large-scale cybersecurity incidents. This involves creating a European Cybersecurity Shield and a Cyber Emergency Mechanism, using national and cross-border state-of-the-art Security Operations Centers (SOCs) tasked with detecting and acting on cyberthreats.
EU’s take on cybersecurity: A case for the ‘Brussels effect’?
The result of any policy creation by the institutions of the EU is twofold – it impacts the framework of the Union by issuing standards that should fit all the relevant stakeholders and states, but these standards also often have a greater impact worldwide due to the ‘Brussels effect’, thus shaping rules and technical standards globally.
For companies, it would often be too costly to maintain several different approaches to their lineup; hence, adopting something that is shared by almost a whole continent makes more sense than creating a specific standard for a single state. By spreading regulations that shape the international business environment, elevating standards worldwide, and leading to a major Europeanization of many important aspects of global trade, the EU has managed to shape policy in areas such as data and digital privacy, consumer health and safety, environmental protection, antitrust, and online hate speech.
In essence, corporations end up complying with EU laws even outside the EU. The General Data Protection Regulation (GDPR), for example, has had a global effect, with large corporations adopting it, creating more data transparency and security.
Since the EU does not let sleeping dogs lie, the path to digital emancipation means a profound change will come to the cybersecurity sector, as evidenced by the previously mentioned NIS2 Directive and the Cyber Solidarity Act. For better or worse, nation-states will have to have a larger degree of oversight over their critical digital infrastructure and supply chains. And the EU will continue to invest in this area, enabling an environment that would help businesses focused on cybersecurity thrive, potentially serving as a new standard in the future – globally.
Multi-country projects: Security Operations Centers
As an example of how the EU aims to tackle cyberthreats within its block of members, it proposed the idea of creating a network of Security Operations Centers (SOC), powered by AI and advanced data analytics to anticipate, detect and respond to cyberattacks at the national and EU levels.
Incident detection and response is an area many cybersecurity providers have ample experience in, as they provide the necessary tools for Managed Security Service Providers (MSSPs) and enterprises to help them tackle those always-feared cyberthreats, be it through EDR, MDR (for those without in-house expertise) or XDR (for those with in-house experts).
The idea of a network of SOCs for the EU is interesting, though the method of implementation will be key in tackling any future threat. If we think of states as businesses, these SOCs can very well be served by MSSPs, as they usually provide such a service to businesses 24/7. The EU has already put out a call for an expression of interest to select the entities to host the necessary facilities and operations, providing funding and grants to SOC operators.
Collectively, in the case of a multi-country cyberattack, relying on a network of SOCs can make or break a state, and with countries worldwide pushing for more in-depth national cybersecurity strategies as responses to the use of cyberspace for warfare, one can see why it would be relevant. Interoperability between the various SOCs could, in effect, create a safety net of great proportions for national security, which might add to company security as well. How this would impact MSPs or MSSPs is still up in the air, but the tools required might be familiar to anyone within the cybersecurity sector.
The benefits of SOCs and their tools
Being an operation that provides security 24/7, SOCs use some very important tools to protect their clients. A SOC selects, operates, and maintains an organization’s cybersecurity technologies and continually analyzes threat data to improve security posture while unifying and coordinating a company’s security tools, practices, and response to incidents.
This results in improved prevention and policies, faster threat detection, and more effective response to security threats without incurring higher costs. A SOC can also improve customer confidence and strengthen businesses’ compliance with industry and relevant privacy regulations.
For a more technical perspective, SOCs manage a wide range of responsibilities, including maintaining relevant assets, doing incident response planning, regular vulnerability assessments, trying to keep their clients always up to date with the latest security solutions and technologies, and monitoring media channels to stay in the know.
Likewise, monitoring, detection and response are also very relevant here, as they have to be done continuously, scanning the entire IT infrastructure, applying security information and event management many times through modern XDR solutions like those contained within ESET PROTECT, which provide detailed telemetry and monitoring, plus the power to automate incident detection and response.
A SOC also does recovery after an attack, and ultimately, it may also try to understand whether the incident signifies a new cybersecurity trend requiring preparation and analysis. It is also the SOC’s job to ensure all apps, systems and security tools comply with data privacy regulations and policies such as GDPR, as after an incident, it has to makes sure that users, regulators and other parties are notified in accordance with prescribed regulations, and that the required incident data is retained for evidence and auditing.
A new meta for European cybersecurity – a new age for MSSPs?
Predictions are based on what one thinks will happen in the future, best based on continuous observations of current affairs. With how the EU is going on about its expansion into the area of digital sovereignty, cybersecurity will very likely play a key role in acting as a safeguard to protect the EU’s core digital priorities as we advance. Progress has ever been under scrutiny by forces trying to hamper it, as such protection is necessary to ensure that progress within the digital transition strategy remains uncontested and safe.
For MSSPs, this is a potential area of interest, one they could serve best thanks to their digital cybersecurity expertise, with the EU likely willing to accept help and points of view from those who know how to act against digital threats, with the national and cross-border SOCs being likely served by experienced security providers.
And as technology evolves and progresses, it is necessary to understand the implications of it, and the EU is doubly aware that it is not only arms and soldiers that win wars, and wars themselves do not necessarily need to be fought physically, as thanks to technology, cyberspace has become the de-facto war front of our age. For these purposes and others, the digital decade must culminate in a lasting perpetual Pax Europaea, for which the cybersecurity world will be the main hero.