Attacks on Critical Networks May Be Publicized Under EU Proposal

Hacking attacks on critical computer networks underpinning financial trading, transport systems and energy grids may be made public under draft European Union rules published today.

Technology companies operating cloud-computing services, search engines, application stores, social networks, e-commerce and internet payments would also be required to report security breaches to authorities who may choose to publicize the attacks, according to the European Commission proposal.

The EU is seeking to beef up its defenses in the wake of high-profile security breaches in the U.S. The Federal Reserve said this week that hackers gained access to a website listing emergency contact details for banks.

Government authorities “may inform the public or require the public administrations or market operators to do so where it determines that the disclosure of the incident is in the public interest,” according to the EU proposal.

The public interest should be balanced against “possible reputational and commercial damages” that disclosure might cause the companies involved, according to the draft plans. Details of product vulnerabilities shouldn’t be publicized before a security fix is available.

Under the EU proposals, the bloc’s 27 governments would prepare for network attacks and share information with each other. The plans need the backing of governments and the European Parliament to become law.

To contact the reporter on this story: Aoife White in Brussels at awhite62@bloomberg.net.

To contact the editor responsible for this story: Anthony Aarons at aaarons@bloomberg.net.

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.