Brussels, |
|
EU To Enhance Cyber Resilience Of Its Financial Sector
ESAs Establish Framework to Strengthen Coordination for Systemic Cyber Incidents
The European Supervisory Authorities (EBA, EIOPA, and ESMA) have launched the EU Systemic Cyber Incident Coordination Framework (EU-SCICF) under the Digital Operational Resilience Act (DORA) to enhance the financial sector’s response to cyber incidents, improving coordination among EU financial authorities and international actors.
BY eEuropa
Brussels, 22 July 2024 - 4 MINUTES READ
On 19 June 2024, the three European Supervisory Authorities (EBA, EIOPA, and ESMA – the ESAs) announce the establishment of the EU Systemic Cyber Incident Coordination Framework (EU-SCICF).
This initiative, guided by the Digital Operational Resilience Act (DORA), aims to bolster the financial sector’s ability to respond to cyber incidents that pose risks to financial stability by enhancing coordination among financial authorities in the European Union and with key international actors.
This initiative has nothing to do with the Microsoft error that occurred during a recent upgrade, which caused widespread disruptions due to a software flaw. The EU-SCICF is focused on systemic coordination and resilience in the financial sector, separate from individual corporate incidents.
Key Elements of the EU-SCICF
Implementation and Reporting
In the coming months, the ESAs will begin implementing these components. They will identify and report any legal and operational challenges to the European Commission. The development of the framework will proceed based on the availability of resources and further measures by the European Commission.
On 2 December 2021, the European Systemic Risk Board (ESRB) adopted Recommendation ESRB/2021/17 and approved the report “Mitigating systemic cyber risk,” which identified gaps in existing crisis management frameworks. These gaps could lead to inadequate financial sector coordination during significant cross-border ICT incidents with systemic implications.
The ESRB recommended that the ESAs build on their roles under DORA to develop the EU-SCICF gradually. In July 2023, the ESAs, the European Central Bank (ECB), and relevant national authorities from Member States designated primary points of contact for the EU-SCICF, facilitating its development and involvement in crisis processes.
Framework Goals
The EU-SCICF represents a critical step towards enhancing the EU's financial sector's cyber resilience. By fostering greater coordination and preparedness, the ESAs aim to ensure the financial system can effectively respond to and recover from cyber incidents, safeguarding financial stability across Europe.
This initiative, guided by the Digital Operational Resilience Act (DORA), aims to bolster the financial sector’s ability to respond to cyber incidents that pose risks to financial stability by enhancing coordination among financial authorities in the European Union and with key international actors.
This initiative has nothing to do with the Microsoft error that occurred during a recent upgrade, which caused widespread disruptions due to a software flaw. The EU-SCICF is focused on systemic coordination and resilience in the financial sector, separate from individual corporate incidents.
Key Elements of the EU-SCICF
- EU-SCICF Secretariat: This body will support the framework's operations, ensuring efficient communication and management.
- EU-SCICF Forum: This forum will focus on testing and refining the framework, ensuring it is robust and effective in various scenarios.
- EU-SCICF Crisis Coordination: This entity will facilitate coordinated actions among participating authorities during a cyber crisis, ensuring a swift and unified response.
Implementation and Reporting
In the coming months, the ESAs will begin implementing these components. They will identify and report any legal and operational challenges to the European Commission. The development of the framework will proceed based on the availability of resources and further measures by the European Commission.
On 2 December 2021, the European Systemic Risk Board (ESRB) adopted Recommendation ESRB/2021/17 and approved the report “Mitigating systemic cyber risk,” which identified gaps in existing crisis management frameworks. These gaps could lead to inadequate financial sector coordination during significant cross-border ICT incidents with systemic implications.
The ESRB recommended that the ESAs build on their roles under DORA to develop the EU-SCICF gradually. In July 2023, the ESAs, the European Central Bank (ECB), and relevant national authorities from Member States designated primary points of contact for the EU-SCICF, facilitating its development and involvement in crisis processes.
Framework Goals
- Strengthen Coordination: Improve collaboration between national and international financial authorities during cyber incidents.
- Enhance Preparedness: Regular testing and maturing of the framework’s functioning to ensure readiness.
- Efficient Crisis Management: Establish clear procedures and roles for crisis coordination to minimize the impact of cyber incidents on financial stability.
The EU-SCICF represents a critical step towards enhancing the EU's financial sector's cyber resilience. By fostering greater coordination and preparedness, the ESAs aim to ensure the financial system can effectively respond to and recover from cyber incidents, safeguarding financial stability across Europe.
© Copyright eEuropa Belgium 2020-2024
Source: © European Union, 1995-2024
Source: © European Union, 1995-2024