Is certification the answer to cyber risk mitigation in Europe?

PubAffairs Bruxelles

Over the last three years, EU institutions have incrementally increased their focus on the question of cybersecurity and cybersecurity requirements. This process culminated this year with the adoption of the Cybersecurity Act. This piece of legislation aimed at further empowering ENISA as the EU Cybersecurity Agency, and at starting the process of establishing a risk-based cybersecurity framework which would enable the creation of EU certification schemes. The event will consist of evening of discussion on the question of EU cybersecurity certification as a primary tool to mitigate cyber risks in Europe.

Activity website: https://www.pubaffairsbruxelles.eu/invitation-is-certification-the-answer-to-cyber-risk-mitigation-in-europe-november-19/

Add Event to Calendar: vCal | iCal

Time & Place

19 Nov 2019 from 19:00 to 22:00
Rue d'Arlon, 80, Brussels Belgium

Target Audience

We welcome attendees from public and regulatory bodies such as associations, federations, NGOs, as well as regional, national and European Institutions. We also welcome participants from the private sector, including consultancies, corporations and business. In addition, as one of PubAffairs Bruxelles fundamental principles is to represent as far as possible the range of individuals concerned with the European Union policy making, we believe that the participation of academics, think-tanks, researchers, the media and the wider civil society enriches the debate further.

Description

Over the last three years, EU institutions have incrementally increased their focus on the question of cybersecurity and cybersecurity requirements. This process culminated this year with the adoption of the Cybersecurity Act. This piece of legislation aimed at further empowering ENISA as the EU Cybersecurity Agency, and at starting the process of establishing a risk-based cybersecurity framework which would enable the creation of EU certification schemes. The Commission consequently adopted a Recommendation which identified a number of actions to ensure an EU-wide approach to 5G networks and resulted in a report released by the NIS Cooperation Group, composed by EU member states’ cybersecurity experts, in cooperation with the European Commission and ENISA. This report identifies the main cyber threats and actors, the most sensitive assets, as well as key vulnerabilities and strategic risks and it will be used as a basis to create an EU toolbox of possible measures for risk mitigation.

The reasons behind this regulatory and policy dash are multiple and encompass several overarching features of cybersecurity. First of all, the speed of innovation, as well as its scope and expected impacts at the European and international level have valuably increased, with special regard to the prospect of a mass use of 5G technologies. In addition, the very nature of information and communication technology is evolving swiftly, as 5G will not only increase the speed and responsiveness of wireless networks, but it will also mark a further shift from a hardware to a software-centred technology with multiple layers of possible patching and interaction. Moreover, European Institutions have been concerned with both the recent evolutions of the international arena and the European industry struggle to keep pace with the innovation of mobile network operators and their suppliers worldwide, as well as with manufacturers of connected devices and related service providers.

Against this background, the debate at a European level is increasingly focused on the question of cybersecurity certification as a primary tool of cyber-risk mitigation. Indeed, in accordance with the Cybersecurity Act, the related Commission’s recommendation indicates “third-party certification for hardware, software or services, formal hardware and software tests or conformity checks, processes to ensure access controls exist and are enforced, identifying products, services or suppliers that are considered potentially not secure” as primary measures to secure the EU cyberspace. Experts and commentators are divided about the very issue as while some have pointed at certification as an effective measure to bring about high-level common standards both across the EU and internationally, others have highlighted the risks of adopting a policy approach which would not allow to keep the pace of innovation. Furthermore, other concerns were raised regarding the continuation of fragmentation, as member states are, according to the current legal setting, ultimately responsible for national security and cybersecurity information exchange, as well as regarding the lack of diplomatic willingness to reach a global consensus on cybersecurity requirements.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information