A new European Union cyber strategy will require private firms to report cyber attacks to authorities, but an official said recently the EU is still struggling with just what information needs to be reported.
While promoting the Cyber Security Strategy in Washington recently, EU Commissioner for Home Affairs Cecilia Malmstrom said many of the strategy’s details are yet to be worked out. The reporting requirement has riled businesses concerned with privacy and the adverse economic effects of divulging such information.
Malmstrom noted that the EU’s law enforcement mechanism does not have the same authority as its American equivalent.
“Europol is not the FBI–it can’t impose anything,” she said at a roundtable hosted by the George Washington University Cybersecurity Initiative.
Critical of the private sector’s individualistic approach to cyber security, she said industry’s attitude is often “as long as the others are worse, we don’t have to build up a strategy.”
Malmstrom said the EU has not decided how the strategy will apply to multinationals and American companies operating in Europe.
“In general, if it’s European law, it applies to everyone there,” she said.