Hacking attacks on critical computer networks underpinning financial trading, transport systems and energy grids may be made public under draft European Union rules published today.
Technology companies operating cloud-computing services, search engines, application stores, social networks, e-commerce and internet payments would also be required to report security breaches to authorities who may choose to publicize the attacks, according to the European Commission proposal.
The EU is seeking to beef up its defenses in the wake of high-profile security breaches in the U.S. The Federal Reserve said this week that hackers gained access to a website listing emergency contact details for banks.
Government authorities “may inform the public or require the public administrations or market operators to do so where it determines that the disclosure of the incident is in the public interest,” according to the EU proposal.
The public interest should be balanced against “possible reputational and commercial damages” that disclosure might cause the companies involved, according to the draft plans. Details of product vulnerabilities shouldn’t be publicized before a security fix is available.
Under the EU proposals, the bloc’s 27 governments would prepare for network attacks and share information with each other. The plans need the backing of governments and the European Parliament to become law.