Estonian entrepreneurship, IT minister: EU cyber security level must match threat picture

  • 2021-12-06
  • BNS/TBT Staff

TALLINN – Estonian Minister of Entrepreneurship and Information Technology Andres Sutt said at a meeting of the telecommunications ministers of the European Union in Brussels on Friday that the level of cyber security must be in line with the overall threat picture.

"Cyber security is at the heart of our digital lives. Nevertheless, cyber security is taken for granted and is given the most attention when problems are already present. However, prevention is always easier and cheaper," Sutt told his European colleagues.

During the debate on Friday, the Slovenian presidency of the EU Council asked member states to evaluate the NIS2 directive, which aims to ensure an even high level of security throughout the EU. The new directive seeks to address the bottlenecks in the existing directive and the cyber threats and challenges posed by the increasing implementation of digital solutions. Compared to the current directive, the proposal of the new directive covers more sectors, harmonizes requirements for both large and medium-sized enterprises, strengthens security requirements, clarifies incident reporting procedures and addresses supply chain security.

"NIS2 is the most important cyber security legislation in the EU, providing the basis for cyber security laws in all member states. Its focus is on enhancing the cyber security of critical infrastructure and cooperation between member states in the field of cyber security. The integrity and performance of our IT systems and services are highly dependent on the legislation in force. Although the existing NIS directive was also a global pioneer in the field of cyber security, the change in the cyber threat picture and the pandemic have highlighted the need to update it," Sutt said.

Estonia has transposed the current NIS directive with the Cyber Security Act, which needs to be supplemented when the updated directive enters into force.

Estonia supports the adoption of a general approach in the EU. The directive will help improve the continuity of critical infrastructure and other essential services and create more uniform conditions for security requirements and incident reporting in the EU. It will also improve cross-border cooperation -- through incident response, improved resilience and enhanced supervision between companies and competent authorities. Compared to the current directive, the draft covers a number of new sectors, the criticality or importance of which to society became apparent mainly in the context of a pandemic.