Speech: Plenary debate on Network and Information Security Directive
European Commission - SPEECH/14/220 12/03/2014
Other available languages: none
[Check Against Delivery]
Vice-President of the European Commission responsible for the Digital Agenda
Plenary debate on Network and Information Security Directive
Strasbourg, 12 March 2014
To add your comment to this speech, see the social version of the speech here
I very much welcome this debate tonight on our proposal on network and information security.
The opportunities of new digital tools are increasing all the time. But so are cyber-attacks. Citizens become ever more aware of online risks, and ever more reluctant to trust online tools.
Snowden gave us a wake-up call: he focused our attention. And there is no privacy without security. Many are asking, "Why are people spying on us online?" Really, they should ask another, equally valid, question: "why are we so unprepared and uncoordinated that they manage to succeed"?
Today the Parliament can give us that answer.
I would like to thank the Rapporteur, Andreas Schwab, for his hard and efficient work. I would also like to thank the shadows and the many other committees involved.
As you know, our proposal is founded on three main pillars.
First, Member States need to be ready: both technically and organisationally. Today there are gaps in some countries - we need to fill them; we are only as strong as the weakest link.
Your amendments would offer Member States more flexibility to ensure national readiness. I take note: but of course, member states must still carry out the specific functions and tasks set out in the Directive.
The second pillar would ensure more cooperation among Member States.
Today, if one country is hit by a major cyber-attack, or has evidence of a major attack being prepared, they would not have to share that information. Even if the attack could have repercussions in other EU countries! That's not right: we are a Union; we have agreed to cooperate and share – we need to alert each other and, if necessary, to support each other. We should share information about such cyber incidents – just as we would for bio-terrorism or even flu outbreaks. This Directive would make this happen, and I thank the Parliament for supporting.
Better cooperation will raise capabilities in all Member States, including the less advanced. Let's not wait for a digital 9/11. Let's prepare ourselves.
Third: our proposal would mean better preparedness and better transparency in important sectors. Public and private.
Tomorrow you will vote to extend the scope to cover also water, food, and Internet Exchange Points. I welcome this.
Yet you also propose to exclude public administrations and "Internet enablers".
But remember: many public functions are also essential services. Like land registries and public tenders. If those services fail, they let down citizens, other parts of the network, maybe the whole economy. So they too should be required to minimise cyber risks: the public sector should be setting the example.
And, likewise, key Internet companies are also becoming essential these days – essential to interactions and transactions. Meanwhile, online services - and data from critical infrastructure - are now shifting to the cloud. So let's get the scope right.
Two more points. In a fast-moving world, we need the right balance of precision and flexibility. That is why we need proper delegation powers. In addition, the obligation to notify suspected serious criminal incidents to law enforcement should be part of the due diligence that public authorities apply.
I look forward to this debate. Information networks and systems are increasingly important to our lives. Weak links in the chain let down that whole system, and a weak NIS Directive will let down our whole economy. Let’s work together make Europe secure, ready, protected. Let's work together to show democracy can cope with technology. Let's work together to show that governments and lawmakers are part of the solution to online trust – not part of the problem.
Thank you once again for your support and commitment in moving this crucial legislation forward.
Now, we must all engage closely with the Council and make sure they realise the importance of this issue. Today online security is a pre-condition for digital business models, our society and European Competitiveness.
I would like to adopt by the end of this year. And I am happy you are in the same mood.
Reinforcing smart cooperation and effective coordination is key in making Europe the most secure and open internet space. This should be our goal. From what the honourable members have said, we have this in common.
Joining forces and expertise, not only between industry, research institutes and governments. Not only between Member States. But also between the services within the Commission (Enisa, EU-CERT, Europol, EDPS) and the several DG's who have their own responsibilities in the field of cyber security. Fragmentation should be replaced by smart synergy in the digital age.
People need to regain trust in technology, with the legal safeguards that protect their interests. Businesses can build on the competitive advantage of secure systems. Our industry needs to step up - and it us already stepping up - to provide those solutions.
My ambition is to make Europe the world's safest online space. I sincerely hope that we have that in common.