Juhan Lepassaar, Executive Director of the European Union Agency for Cybersecurity, looks into the future of cybersecurity
As the European Union (EU) Agency for Cybersecurity moves into 2020, the Cybersecurity Act (1) (CSA) signed in 2019 paves the way to strategic opportunities for the Agency.
Acting so far as the centre of expertise and as a major advisory body on cybersecurity issues for the EU, we secured a permanent mandate. The Agency is now prepared to assist European cybersecurity actors in designing the highest standards needed to achieve the Digital Single Market.(2)
Certification Framework: A new task for ENISA
Reinforcing capacity-building, operational cooperation, and awareness-raising are but of a few of the tasks already granted to the EU Agency for Cybersecurity (ENISA). Additionally, the CSA now provides for the development of a cybersecurity certification framework. The purpose of this essential framework is to encourage the development of secure products, processes and services, promoting security by design and security by default approaches, thereby contributing to the security and resilience of the market. It is also a means to disseminate relevant cybersecurity information in order to develop trust in digital services across the Union.
Cross-border cyber incidents: What are the needs?
Another essential role of the EU Agency for Cybersecurity is to support the EU Member States and stakeholders in developing cybersecurity skills and expertise and to identify tools and strategies to tackle cross-border cyber incidents efficiently. Response capacities may not be similar from one Member State to the other. The EU can benefit from the different competencies by joining all assets available to ensure cohesion. Cyber threats being a cross-border issue, we are working on developing closer cooperation with the EU institutions and the Member States to improve cybersecurity standards and promote a common approach to dealing with large-scale incidents at all levels.
Awareness-raising campaigns: What is at stake?
The human factor in the cybersecurity equation is not just an essential factor but is essentially one of the most critical.
The lack of basic cybersecurity skills can have devastating effects. It may lead to the stealing of data and money when users are not aware of tricks meant to deceive them. For example, users can be easy targets when they are lured into performing inappropriate actions online, allowing cyber-attacks to be carried out. Citizens, but also organisations and administrations, are at risk when the level of understanding of cybersecurity is low. Cybersecurity is a Shared Responsibility.(3)
Every citizen is, therefore, concerned. This is why the EU Agency for Cybersecurity is seeking to develop cybersecurity awareness across the EU. We are actively engaged with the Member States to that end and supports the European Cybersecurity Month.(4) Promoting safer online behaviour, raising awareness of potential cyber threats and providing data protection advice are some of the main objectives of this yearly EU campaign.
It is in this context that we intend to develop the existing cybersecurity challenge programme into an international cybersecurity challenge to promote further cyber skills in young people. This could take place as early as 2021.
Policy and law Development
ENISA is an EU reference point in terms of cybersecurity policy orientation, providing advice and expertise related to cybersecurity so as to support policy and law initiatives in the Union.
This is possibly one of the most crucial tasks endowed to us. The Digital Single Market will not be achieved without a substantial legal framework. Law in this context needs to be innovative and flexible enough to adapt to the challenges of the extremely fast developing digital world.
For instance, the ICT consultation paper4 published last year was designed to open the debate on ICT industrial policy notably in relation to digital sovereignty. It analyses the strengths of the current ICT industrial policy as well as the shortcomings that are detrimental to the EU market and cybersecurity deployment. The result of the consultation will be analysed and possibly used to invite the development of strategic thinking. It will eventually help to redesign the ICT industrial policy to enhance competitiveness and boost economic growth.(5)
ENISA: Building Digital Solutions through Effective Collaboration
We are ready to initiate debates, even when sensitive or controversial, on any topic or area that may compromise the achievement of the Digital Single Market. We expect more of such topics will arise with the expanding digitalisation of society. We will always be eager to engage with all of the EU Member States and with all of our stakeholders to brainstorm and design solutions.
We are committed to acting in the best interest of the Union to deliver the Digital Single Market while applying the ethical concepts of freedom, democracy and human rights, and all such values, which give the EU its distinctive trademark on both the European and international stage.
References
- https://ec.europa.eu/digital-single-market/en/eu-cybersecurity-act
- https://ec.europa.eu/commission/priorities/digital-single-market_en
- https://www.enisa.europa.eu/news/enisa-news/cybersecurity-is-a-shared-responsibility-2018-european-cyber-security-month-kicks-off
- https://www.enisa.europa.eu/publications/enisa-position-papers-and-opinions/eu-ict-industry-consultation-paper/view
- https://www.enisa.europa.eu/publications/enisa-position-papers-and-opinions/eu-ict-industry-consultation-paper/view