Striving towards a more effective approach to cybersecurity in Europe: ENISA

The DSM (Digital Single market) which took place on the 12^th December in Brussels provided an excellent forum for the seven presentations made during the plenary session on the hottest topics on the scene, among which cloud data, free movement of data and cybersecurity risk.

Today, sectors that are crucial to the economy such as energy, transportation, finance and health are massively reliant on network and information systems (NIS) to get business done. Yet, while today the Internet of Things and digital technologies have to be at the centre of any robust economic system, the other side of the coin is the vulnerability that these introduce in terms of cybercrime. Cyberattacks are proliferating, with their sophistication, frequency and impact only expected to increase, placing both essential services and democratic processes at danger.

During the meeting some weaknesses in the system that need to be addressed for a more efficient cybersecurity strategy were highlighted:

• Fragmentation of dedicated policies across different member states.
• Low awareness of the risk among citizens and businesses.
• Lack of resources among EU Institutions and Agencies to fight cybercrime
• Scarce knowledge and familiarity with the ICT products and services that the latter have purchased.

These issues hinder the overall cyber resilience of the EU and proper operation of the internal market. Hence, a brand-new strategy to tackle cybersecurity has been identified, specifically based on the following pillars:

• A switch from a reactive to a proactive approach;
• Improved resilience by boosting the technologies and skills necessary for safer, single-market EU cybersecurity;
• More effective monitoring, detection and tracking of those responsible for cyber attacks;
• Strengthening cyber defense weapons through a more integrated international co-operation on cybersecurity

The main objective is to fully engage all of the main players in the field to give cybersecurity due and critical priority: EU institutions, Member States, industry players, individual professionals and researchers.

The brand new role of ENISA

New threats dictate more powerful cooperation, coordination and the capacity to meet cyber challenges head on. As such, The European Union Agency for Network and Information Security (ENISA) will have the following agenda at heart:

• Promote certification & contribute to the cybersecurity certification framework;
• Increase cybersecurity capabilities at an EU level to complement MSs action
• Foster co-operation & coordination at Union level
• Support capacity building & preparedness
• Promote high-level awareness among citizens & businesses
• Assist EU Institutions and MSs in appropriate policy development & implementation
• Become an independent centre of expertise

ICT Cybersecurity Certification

An extremely innovative proposal brought to the table during the DSM meeting was the adoption of a voluntary European cybersecurity certification framework. This novel approach should serve to enable the creation of tailored EU cybersecurity certification schemes for ICT products and services, valid across the entire EU. This new regulation will grant a more harmonized EU landscape, as once a European scheme is in place, member states will not be allowed to introduce new national schemes. Plus, existing national schemes covering the same product/service will cease to be applicable.

Conclusions

The stakeholders joining the forum thoroughly welcomed these objectives which will set to reinforce Enisa’s role and create an acknowledged, European ICT security certification framework. Finally, there is joint consensus to achieve a completely operational EU agency with a permanent mandate, fully equipped with the necessary tools and charged with clear goals in order to successfully meet present and future cybersecurity challenges.