Cybersecurity Act: New Momentum for Europe
Acouple of days before Christmas, the European Parliament and the Member States reached an agreement on the Cybersecurity Act.
At the end of the year, when people all over the world celebrate Christmas, the birth of Jesus Christ, when families come together, kids are very excited, looking for their Christmas gifts.
They often find the latest electronic devices underneath the Christmas tree.
Kids love them, start playing with them, but are all these smart devices cyber secured? Do they guarantee the user safety and privacy?
Actually, as the responsible rapporteur for the Cybersecurity Act in the European Parliament, this reflection was my starting point.
My mission was to make sure that all users of internet of things-devices could place trust in the safety and security of their products.
With more and more devices and services connected to the internet, users are increasingly put at risk of cyber-attacks.
Europe is becoming more digital with every passing day. Over 80% of the EU’s population have internet connections and by 2020 the vast majority of our digital interactions will be machine to machine with tens of billions of internet of things-devices.
At the same time, Europe is facing an increasing amount of cyber-attacks like “WannaCry” or “NotPetya” threatening Europe’s prosperity and society.
But, the EU is reacting to this threat! By establishing an EU framework for cybersecurity certification, we want to ensure a harmonized approach within the EU to handle these attacks in the most efficient way.
As we all know, humans are often the biggest security risk.
We do not change our passwords regularly, we do not efficiently protect our home routers, we are often not smart in handling our smart home applications and most importantly, we are not patching often enough.
But it is not only the user who is in charge of increasing the security of smarts devices, we, the European legislators, have to provide a framework which creates more trust in the security of these devices.
Therefore, the Cybersecurity Act aims at increasing the acceptance of digital technologies in our daily lives.
The European Parliament insisted that product information for users for smart devices must be provided, so that users are given guidance and are provided with recommendations on secure configurations and maintenance of their devices, availability and duration of updates and known vulnerabilities.
Following the recommendations, will provide for more cyber security for smart devices.
The Cybersecurity Act however not only increases users’ trust in internet of things-devices, but also strengthens the stakeholder involvement in the certification process.
Neither governments nor the industry can face the challenge of ensuring a higher level of cybersecurity in the EU alone.
By allowing stakeholders to contribute to the development of cybersecurity certification schemes, we allow for the maximum use of the available expertise in Europe.
A transparent work programme outlining all upcoming cybersecurity certification schemes will also contribute to an inclusive process.
By showing what certification schemes are planned by the European Commission and drafted by ENISA, the European Cybersecurity Agency, the industry can prepare and better plan.
The voluntary certification schemes will later be assessed by the European Commission who can then decide whether a certain scheme shall be made mandatory.
This is an important step towards more security, especially for our critical infrastructures.
The agreed Cybersecurity Act furthermore strengthens the role of ENISA by increasing its budget, staff, providing it with a permanent mandate and expanding its tasks.
These new provisions are urgently needed as studies have shown that last year, 80% of European companies fell victim to at least one cybersecurity incident.
In some Member States, half of all crimes committed are cyber-crimes! This development is very worrisome and has made the issue of cybersecurity one of the top priorities of the EU.
The EU needs to react and it does! It is not too late but if Europe wants to be one of the leaders worldwide in this area we have to be quick and develop a comprehensive European strategy to ensure that there is an environment for start-ups and innovative ideas to grow, for research in this area to increase and for companies to be competitive on the global level.
Cybersecurity not only is a top risk for European companies but also a top business case.
The existing expertise in cybersecurity needs to be used more effectively to create a competitive advantage for the European Union.
The Cybersecurity Act also needs to be seen in the context of the wider strategy of the Digital Single Market.
Next to the NIS Directive, the Directive on Security of Network and Information System, whose objective is to improve national cyber-readiness and capabilities, the two other policy initiatives are the Cybersecurity Act and the proposal on the Cybersecurity Competence Centres.
By implementing this proposal, a cybersecurity competence network with a European Cybersecurity Research and Competence Centre at its heart shall be created.
We need to keep up with technology developments and increase cyber-readiness and resilience. With this holistic strategy, progress is made. After all, Europe needs a cyberspace that is safe and secure in order for the European Union to compete internationally.
Let us fight for a safer Europe together!