The DSM (Digital Single market) which took place on the 12th December in Brussels provided an excellent forum for the seven presentations made during the plenary session on the hottest topics on the scene, among which cloud data, free movement of data and cybersecurity risk.
Today, sectors that are crucial to the economy such as energy, transportation, finance and health are massively reliant on network and information systems (NIS) to get business done. Yet, while today the Internet of Things and digital technologies have to be at the centre of any robust economic system, the other side of the coin is the vulnerability that these introduce in terms of cybercrime. Cyberattacks are proliferating, with their sophistication, frequency and impact only expected to increase, placing both essential services and democratic processes at danger.
During the meeting some weaknesses in the system that need to be addressed for a more efficient cybersecurity strategy were highlighted:
These issues hinder the overall cyber resilience of the EU and proper operation of the internal market. Hence, a brand-new strategy to tackle cybersecurity has been identified, specifically based on the following pillars:
The main objective is to fully engage all of the main players in the field to give cybersecurity due and critical priority: EU institutions, Member States, industry players, individual professionals and researchers.
The brand new role of ENISA
New threats dictate more powerful cooperation, coordination and the capacity to meet cyber challenges head on. As such, The European Union Agency for Network and Information Security (ENISA) will have the following agenda at heart:
ICT Cybersecurity Certification
An extremely innovative proposal brought to the table during the DSM meeting was the adoption of a voluntary European cybersecurity certification framework. This novel approach should serve to enable the creation of tailored EU cybersecurity certification schemes for ICT products and services, valid across the entire EU. This new regulation will grant a more harmonized EU landscape, as once a European scheme is in place, member states will not be allowed to introduce new national schemes. Plus, existing national schemes covering the same product/service will cease to be applicable.
The stakeholders joining the forum thoroughly welcomed these objectives which will set to reinforce Enisa’s role and create an acknowledged, European ICT security certification framework. Finally, there is joint consensus to achieve a completely operational EU agency with a permanent mandate, fully equipped with the necessary tools and charged with clear goals in order to successfully meet present and future cybersecurity challenges.