European Parliament Adopts Draft Cybersecurity Directive

Hunton Andrews Kurth blog reports:

On October 28, 2021, the European Parliament’s Committee on Industry, Research and Energy adopted a draft directive on cybersecurity (“NIS2 Directive”). The NIS2 Directive will broaden the scope of the existing NIS Directive to apply to “important sectors,” such as waste management, postal services, chemicals, food, medical device manufacturers, digital providers and producers of electronics, in addition to “essential sectors.” The NIS2 Directive imposes specific cybersecurity requirements relating to incident response, supply chain security, encryption and vulnerability disclosure obligations. The NIS2 Directive also aims to establish better cooperation and information sharing between EU Member States, and create a common European vulnerability database.

Some lower-tier ransomware gangs have formed a new RaaS alliance -- or have they?
Uncovering Qilin attack methods exposed through multiple cases
Predatory Sparrow Strikes: Coordinated Cyberattacks Seek to Cripple Iran's Critical Infrastructure
Ex-CISA head thinks AI might fix code so fast we won't need security teams
ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Confidence in ransomware recovery is high but actual success rates remain low

Related: