The European Parliament, the Council and the European Commission have reached a political agreement on the Cyber Security Act
EU strengthens its cyber security against cybercrime and state-sponsored hackers. The European Parliament, the Council and the European Commission have reached a political agreement on the Cyber Security Act. It will reinforce the mandate of the European Union Agency for Network and Information and Security (ENISA), so as to better support Member States with tackling cyber threats and attacks. The Act also establishes an European framework for certification, boosting the security of online services and consumer devices. Following the agreement, the new regulation will have to be formally approved by the European Parliament and the Council of the EU. It will then be published in the EU Official Journal and will officially enter into force immediately. Thus paving the way for European certification schemes to be produced and for ENISA to start working on the basis of this focused and permanent mandate.
The new European regulation include a permanent mandate and new tasks for ENISA, that will receive more resources, and a new cyber security certification framework
Proposed in 2017 as part of a wide-ranging set of measures to deal with cyber-attacks and to build strong cybersecurity in the EU, the Cybersecurity Act includes: A permanent mandate for ENISA, to replace its limited mandate that would have expired in 2020. As well as more resources allocated to the agency to enable it to fulfill its goals, and a stronger basis for the Agency in the new digital security certification framework to assist Member States in effectively responding to cyber-attacks with a greater role in cooperation and coordination at Union level. In addition, ENISA will help increase cyber security capabilities at EU level and support capacity building and preparedness. Finally, the Agency will be an independent centre of expertise that will help promote high level of awareness of citizens and businesses but also assist European Institutions and Member States in policy development and implementation.
The EU Act creates a framework for European Cyber Security Certificates for products, processes and services
The Cyber security Act also creates a framework for European Cybersecurity Certificates for products, processes and services that will be valid throughout the EU. This is a ground breaking development as it is the first internal market law that takes up the challenge of enhancing the security of connected products, Internet of Things devices as well as critical infrastructure through such certificates. The creation of such a cybersecurity certification framework incorporates security features in the early stages of their technical design and development (security by design). It also enables their users to ascertain the level of security assurance, and ensures that these security features are independently verified.
Which have been the steps of the European Cybersecurity Act
The Cybersecurity Act was proposed as part of the Cybersecurity package adopted on 13 September 2017, and as one of the priorities of the Digital Single Market strategy. To keep up with the ever-evolving cyber threats, the Commission also proposed, one year later in September 2018, to create a European Cybersecurity Industrial, Technology and Research Centre and a network of Cybersecurity Competence Centres to better target and coordinate available funding for cybersecurity cooperation, research and innovation. The proposed European Cybersecurity Competence Centre will manage cybersecurity-related financial support from the EU’s budget and facilitate joint investment by the Union, Member States and industry to boost the EU’s cybersecurity industry and make sure our defense systems are state-of-the-art.