Striving towards a more effective approach to cybersecurity in Europe: ENISA

The DSM (Digital Single market) which took place on the 12th December in Brussels provided an excellent forum for the seven presentations made during the plenary session on the hottest topics on the scene, among which cloud data, free movement of data and cybersecurity risk.

Today, sectors that are crucial to the economy such as energy, transportation, finance and health are massively reliant on network and information systems (NIS) to get business done. Yet, while today the Internet of Things and digital technologies have to be at the centre of any robust economic system, the other side of the coin is the vulnerability that these introduce in terms of cybercrime. Cyberattacks are proliferating, with their sophistication, frequency and impact only expected to increase, placing both essential services and democratic processes at danger.

During the meeting some weaknesses in the system that need to be addressed for a more efficient cybersecurity strategy were highlighted:

  • Fragmentation of dedicated policies across different member states.
  • Low awareness of the risk among citizens and businesses.
  • Lack of resources among EU Institutions and Agencies to fight cybercrime
  • Scarce knowledge and familiarity with the ICT products and services that the latter have purchased.

These issues hinder the overall cyber resilience of the EU and proper operation of the internal market. Hence, a brand-new strategy to tackle cybersecurity has been identified, specifically based on the following pillars:

  • A switch from a reactive to a proactive approach;
  • Improved resilience by boosting the technologies and skills necessary for safer, single-market EU cybersecurity;
  • More effective monitoring, detection and tracking of those responsible for cyber attacks;
  • Strengthening cyber defense weapons through a more integrated international co-operation on cybersecurity

The main objective is to fully engage all of the main players in the field to give cybersecurity due and critical priority: EU institutions, Member States, industry players, individual professionals and researchers.

The brand new role of ENISA

New threats dictate more powerful cooperation, coordination and the capacity to meet cyber challenges head on. As such, The European Union Agency for Network and Information Security (ENISA) will have the following agenda at heart:

  • Promote certification & contribute to the cybersecurity certification framework;
  • Increase cybersecurity capabilities at an EU level to complement MSs action
  • Foster co-operation & coordination at Union level
  • Support capacity building & preparedness
  • Promote high-level awareness among citizens & businesses
  • Assist EU Institutions and MSs in appropriate policy development & implementation
  • Become an independent centre of expertise

ICT Cybersecurity Certification

An extremely innovative proposal brought to the table during the DSM meeting was the adoption of a voluntary European cybersecurity certification framework. This novel approach should serve to enable the creation of tailored EU cybersecurity certification schemes for ICT products and services, valid across the entire EU. This new regulation will grant a more harmonized EU landscape, as once a European scheme is in place, member states will not be allowed to introduce new national schemes. Plus, existing national schemes covering the same product/service will cease to be applicable.

Conclusions

The stakeholders joining the forum thoroughly welcomed these objectives which will set to reinforce Enisa’s role and create an acknowledged, European ICT security certification framework. Finally, there is joint consensus to achieve a completely operational EU agency with a permanent mandate, fully equipped with the necessary tools and charged with clear goals in order to successfully meet present and future cybersecurity challenges.

 

News

A Holistic framework: Business Process Re-engineering and functional toolkit for GDPR compliance

BPR4GDPR is one of the GDPR cluster projects that will provide a holistic framework able to support end-to-end GDPR-compliant intra- and interorganisational ICT-enabled processes at various scales, while also being generic enough, fulfilling operational requirements covering diverse application domains. Read this to find out more.

Future Events

IAM Online Europe live webinar - AARC Extensions to the REFEDS Assurance Framework
27/06/2019
Image:

AARC is holding a live webinar on 27 June 2019 at 15:00 CEST, that will explain extensions to the REFEDS Assurance Framework and implementations that were devised in the AARC project.

Representation of the State of Hessen to the EU
04/07/2019 to 05/07/2019
Image:

Project CyberSec4Europe (Cyber Security for Europe) is holding it next event - "Representation of the State of Hessen to the EU" in Brussels, Belgium on 4-5 July 2019. 

Other three pilots are invited during CyberSec4Europe meetings.

 

Visit the OFFICIAL EVENT WEBSITE.