Cyberspace has become a critical domain, and countries, organisations and individuals rely on a secure and operational cyberspace to conduct business and social endeavours. As a result, cybersecurity has become very important in ensuring that the cyberspace domain is protected both from existing and newly emerging threats.
The European Union (EU) is at the forefront of ensuring that there are the necessary legislative and operational frameworks that support the implementation of measures that enhance cybersecurity within the bloc. The EU started legislating as early as 2013, and enacted directive 2013/40/EU, also known as the EU directive on attacks against information systems.
This directive was one of the first steps towards cybersecurity in the EU and the objectives included defining offences, establishing penalties for any offences carried out, and laying down measures for effective investigation and prosecution of cybercrimes related to attacks against information systems.
It also addressed jurisdictional issues which ensured that cybercriminals can be prosecuted regardless of where the attack originated from within the EU.
Furthermore, it facilitates extradition between member states for these offences and ensures that legal persons, such as companies and organisations, can be held liable for offences committed for their benefit. Directive 2013/40/EU sought to improve cooperation between law enforcement agencies and enhanced the overall cybersecurity of the European Union.
In its efforts to strengthen its cybersecurity capabilities and resilience against cyber threats, the EU developed the network and information security directive (Directive (EU) 2016/1148).
The purpose of this directive was to harmonise the approach to cybersecurity across member states and aimed to improve the overall cyber readiness and protection of critical infrastructure and essential services from cyber-attacks. The main objectives included enhancing cybersecurity of critical entities; identifying entities that were essential for the maintenance of critical societal and economic activities; establishing national network and information security (NIS) strategies; setting up incident notification and reporting requirements for identified essential service providers and digital service providers; and promote collaboration and information sharing.
The NIS2 directive (Directive (EU) 2022/2555) is a further improvement on the previous directive, widening the scope from entities that are essential for the operation of societal and economic activities to a wider range of entities such as the public service.
On March 27th of 2019, the EU Cybersecurity Act was adopted. The act was the next step by the EU towards achieving a more consistent and robust cybersecurity landscape across the EU. By establishing common standards and certifications, it sought to protect consumers, businesses, and critical infrastructures from cyber threats and enhance trust in digital products and services within the EU market.
The latest EU initiative to further enhance cybersecurity is the drafting of the Cyber Resilience Act. The purpose of this act is to regulate software and hardware products that are not yet covered by other EU legislation to ensure their security and resiliency. The products mainly being affected by this legislation are system software and embedded software usually operating at the hardware level, firmware level, and services level (such as operating systems etc.). The act has two main objectives to ensure the development of resilient and secure software, and proper functioning of the internal market:
With these acts and directives, the EU is sending a message that cybersecurity is a very important domain for the EU and that it will support actions towards improving the security posture of the EU cyberspace.
All these directives and acts need to be implemented and thus the EU has invited member states and the private sector to come up with initiatives that will support this legislation framework. Through the Digital Europe framework, funds have been made available to provide action grants in the field of cybersecurity.
One of the topics included in this funding is the DIGITAL-ECCC-2023-DEPLOY-CYBER-04-EULEGISLATION — Support for the implementation of EU legislation on cybersecurity and national cybersecurity strategies which has the objective of capacity building and improvement of cooperation on cybersecurity at a technical, operational and strategic level, in the context of existing and proposed EU legislation on cybersecurity such as the NIS2 directive (Directive (EU) 2022/2555), the Cybersecurity Act and the proposed Cyber Resilience Act, and the directive on attacks against information systems (Directive 2013/40). The outcomes expected from this call are:
The National Cybersecurity Coordination Centre for Malta (NCC), under the auspices of the Malta Information Technology Agency (MITA), aims to promote EU funding opportunities within Maltese territory and provide technical assistance to Maltese entities to apply for EU-funding calls. In this manner, the NCC encourages interested parties to participate in this funding initiative and apply for the funds to contribute towards the improvement of cyber security in the EU. More information on this call for proposals is available on the NCC-MT website – https://ncc-mita.gov.mt/funding-calls/.
This article is co-funded by the European Union.
Since its inception, the Family Business Office has been instrumental in highlighting the needs of family-run enterprises in Malta.
Seat Load Factor also stood strong during the period, with an increase of 6.8% when compared to 2019
During the last few months, Enemalta continued its efforts as part of its six-year plan