What Does The EU Cybersecurity Vote Mean To You?

Uploaded on 2018-07-16 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Law

The European Parliament’s industry committee wants to give ENISA more power and create a rulebook for connected devices. European lawmakers have overwhelmingly voted in favour of giving more power and a higher budget to the European Network and Information Security Agency (ENISA).

The agency is one of the smallest in the EU and is currently based in Athens and Crete. As opposed to direct operational support, ENISA provides expertise.

EU Cyber-Security Boost
The new rules will supply ENISA with a larger budget, more staff (a possible Brussels team is being touted) and a permanent mandate. The body will also become the sole reference point for a new cybersecurity certification scheme in order to avoid certification scheme fragmentation within the EU. It will draft candidate certification schemes under the European Commission’s request and maintain a dedicated website containing information on all certification schemes, whether they are withdrawn, expired or accepted.

The aforementioned cybersecurity certification scheme will certify that an IT product, service or process has no known vulnerabilities at the time of the certification’s release and will also ensure it complies with international standards and technical specifications. 

This will give the average EU consumer more peace of mind when they are purchasing a connected device such as a fitness bracelet, a piece of antivirus software or any other IT product.

Potential buyers will be swayed by seal of approval
While the certification scheme is not mandatory, those that volunteer to abide by it with will prove their offerings are safe and data can only be accessed by authorised individuals or systems. It will also assure potential buyers that the products, processes or services are designed with security baked in and fitted with up-to-date software free from vulnerabilities. Certification will prove that risks to life and health from using certified devices or products have been minimised as much as possible.

Long-term outlook for EU cybersecurity
German rapporteur Angelika Niebler said: “Today’s vote is a very important step towards a long-term vision of cybersecurity in the EU for two reasons. Firstly, from the perspective of consumers, it is important that users have trust and confidence in IT solutions. 

“Secondly, I strongly believe that Europe can become a leading player in cybersecurity. We have a strong industrial base and it is vital to continue working on improving cybersecurity for consumer goods, industrial applications and critical infrastructure.”

The draft report was approved by 56 votes to five with a single abstention and will constitute the European Parliament’s negotiation position with the Council, if it is approved by the entire house during the plenary session coming up in September.

EMEA director at Trustwave SpiderLabs, Ed Williams commented “I have some reservations around the certification framework – depending on the type of product, certification may be voluntary or mandatory. Personally, I would like to see mandatory security for ‘all’ products.

“It also appears that assurance will be broken down into different categories: basic, substantial and high; where basic ‘provides a limited degree of confidence in the claimed or asserted cybersecurity qualities of an ICT product or service’. I’d prefer all my ICT products to have high levels of assurance, I don’t think that’s too much to ask for.

“It will be interesting to see how consumers take to this. My hope is that the certification framework is agile, simple and clear and that having high assurance doesn’t come with additional costs (whatever they may be).”

Silicon Republic

You Might Also Read: 

ENISA’s Threat Rankings: From Malware To Cyber Spies:

A Guide To Addressing Corporate IoT Security:

 

« Is Cyber The Perfect Weapon?
US Dark Web Raids Lead to Arrests And Seizures »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

OPSWAT

OPSWAT

OPSWAT is a software company that provides solutions to secure and manage IT infrastructure.

Fornetix

Fornetix

Fornetix is a cybersecurity platform enabling Zero Trust while delivering critical encryption automation, access controls, authorization services, machine identity, and ICAM solutions,

InnoSec

InnoSec

InnoSec is a software manufacturer of cyber risk management technology.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

Quadron Cybersecurity Services

Quadron Cybersecurity Services

Quadron Cybersecurity Services is a specialist in digital security, data and system protection.

DataViper

DataViper

Data viper is a threat intelligence platform designed for organizations, investigators, and law enforcement.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

Privacera

Privacera

Privacera enables consistent data governance, security, and compliance across all your data services - on-premises and in the cloud - so you can maximize the value of your data.

SnapAttack

SnapAttack

SnapAttack is a collaborative platform that empowers your security team to stay ahead of threats, create robust behavioral analytics for your existing tools, and prove your program's effectiveness.

Across Verticals

Across Verticals

Across Verticals is a boutique cyber security consulting firm that specializes in holistic, deeply technical and end to end cyber security advisory services based on industry best practices.

Airiam

Airiam

Airiam provides cybersecurity, managed IT, consulting, incident response, and digital transformation services so you can focus on what matters most.

IBM Security

IBM Security

IBM manufactures and markets computer hardware, middleware and software, and offers hosting and consulting services in areas ranging from mainframe computers to nanotechnology.

Judy Security

Judy Security

Judy provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.

Contextal

Contextal

Contextal develops cutting-edge open-source cybersecurity solutions, designed to connect the dots and detect complex threats, which slip through the existing protections.