EC to force critical infrastructure operators to disclose cyber attacks

The European Commission (EC) is contemplating implementing measures to force organisations operating in critical infrastructure areas such as utilities to disclose information on online attacks and security breaches.

Reuters reported seeing the measures in an unnamed draft EC report on Monday. 

"Minimum security requirements should also apply to public administrations and operators of critical information infrastructure to promote a culture of risk management and ensure that the most serious incidents are reported," the proposals state according to Reuters.

At the time of publishing the EC could not confirm Reuters' report, though head of the digital agenda Neelie Kroes did reaffirm the department's ongoing intention to boost cyber security within the EU.

"We are continuing our consultation on a European Cybersecurity Strategy which we will be ready to launch in the new year," said Kroes.

"It's going to be a comprehensive strategy. The details are still under discussion, but what is clear is that we want the EU to offer the safest online environment in the world, to drastically reduce cybercrime and to stimulate a European industry and market for secure ICT."

The report follows on from previous rumblings that the EC was planning to amend its disclosure laws.

At the start of November, reports emerged suggesting the EC is considering forcing private sector firms hit by security attacks to report these incidents.

The plans are reportedly designed to strengthen the region's cyber security information sharing culture.

Despite the positive intention behind the legislation, the notion of forced disclosure has proven unpopular with numerous security vendors including Trend Micro, F-Secure and Kaspersky Labs.

The vendors all questioned whether such a policy would be enforceable, claiming implementing such draconian laws would cause more harm than good.

Prior to the fresh reports numerous companies and government agencies had issued warnings claiming the number and complexity of attacks targeting critical infrastructure industries is increasing.

The warnings have seen the UK government implement several new strategies designed to combat the increase threat.

These include the creation of a new Cyber Reserves force and UK Cyber Emergency Response Team (CERT).