Creating a political standard for Cybersecurity in Europe
Our lives are increasingly reliant on connected devices, digital networks and infrastructure. From smartphones to smart banking, we have grown so accustomed to our digital devices that we could not imagine living without them.
They bring convenience, availability and opportunities, but they also come with challenges. One of these challenges is cybersecurity.
For example, the majority of EU companies have experienced at least one cybersecurity incident.
The economic impact of cybercrime is rising. They are estimated to cost the global economy €400 billion every year.
That is why we have been working hard to strengthen EU cybersecurity rules not only to tackle increasing cybersecurity threats but also to help people and businesses take full advantage of the opportunities of the digital age.
The key part of our work is our 2017 proposal for a reform of cybersecurity in the EU.
We proposed a number of measures, for example to build a stronger EU cybersecurity agency, to introduce an EU-wide cybersecurity certification scheme and we called for implementation of the Network and Information Security Directive.
The European Parliament and the Council already reached an agreement on our proposals in December 2018.
This is good news for citizens and businesses. Once in force, the EU-wide cybersecurity certification scheme for information and communications technology (ICT) products, services and processes will help reduce market fragmentation and reinforce trust in new connected products and services.
As a result, it will make it easier for consumers to make more informed choices and for businesses to trade their products across Europe.
Moreover, we have been working on cybersecurity issues linked to the EU product safety legislation, ICT standardisation and cyber defence.
Cybersecurity and product safety legislation
Product safety and cybersecurity are closely linked. That is why we are looking into our product safety legislation, in particular the Machinery Directive. This is the key EU legislation for robots.
Emerging digital technologies, such as artificial intelligence (AI) and Internet of Things (IoT), are increasingly being integrated into machinery.
This can have a significant impact on the safety of these products and on our security.
To make sure the Machinery Directive responds to these changes, we are currently planning to revise it.
And we will also analyse if such a revision should include cybersecurity requirements.
Another important aspect of cybersecurity is privacy. The number of connected devices is only expected to grow.
In 2020, there should be tens of billions of connected digital devices in the EU, ranging from smart fridges to smart kettles.
We need to make sure that all these smart machines respect our privacy and do not pose a threat to our security.
Under the Radio Equipment Directive, the Commission can adopt measures to require that all radio equipment is fitted with features protecting our privacy and fighting against fraud.
We are currently analysing whether such legal requirements would improve the security of connected products.
Cybersecurity and ICT standardisation
The connected devices we use every day should communicate safely and seamlessly, regardless of their manufacturer or country of origin.
For this they need a common language: ICT standards. ICT standards are key for the digitisation of European industry.
And cybersecurity is also one of the five priority areas we are focusing on when it comes to ICT standardisation.
By focusing on cybersecurity, we want to ensure that safety, security and privacy considerations are built-in to new standards from the outset.
The European standardisation organisations (CEN, CENELEC, and ETSI) are working on standards with specific focus on cybersecurity, in particular developing standards for data protection, information protection and security techniques.
In addition, the Network and Information Security Directive provides support for the development and uptake of ICT standards in this area.
Cyber defence
Last but not least, we are focusing on cyber defence. Cyber operations have become a new war domain, along with land, sea, air and space operations. They can pose a serious threat to our security.
Cooperation in cyber defence is therefore key to protect European citizens against those threats.
In June 2018, we proposed a €13 billion European Defence Fund (EDF) to encourage cooperation among Member States in producing state-of-the-art defence technology and equipment.
In February 2019, the European Parliament and the Council already reached a partial political agreement on this proposal.
The EDF will fund collaborative projects involving at least three eligible entities from at least three Member States or associated countries.
Cyber defence is definitely one of the areas where the European Defence Fund could make a difference in helping Member States develop the technologies, software and equipment that they need to defend themselves.
When it comes to cybersecurity challenges, no country can face them alone.
We need to continue working together so that we can tackle these challenges effectively.
If we get it right, we can not only protect our citizens but also open new and exciting opportunities for all.