What Does The EU Cybersecurity Vote Mean To You?

The European Parliament’s industry committee wants to give ENISA more power and create a rulebook for connected devices. European lawmakers have overwhelmingly voted in favour of giving more power and a higher budget to the European Network and Information Security Agency (ENISA).

The agency is one of the smallest in the EU and is currently based in Athens and Crete. As opposed to direct operational support, ENISA provides expertise.

EU Cyber-Security Boost
The new rules will supply ENISA with a larger budget, more staff (a possible Brussels team is being touted) and a permanent mandate. The body will also become the sole reference point for a new cybersecurity certification scheme in order to avoid certification scheme fragmentation within the EU. It will draft candidate certification schemes under the European Commission’s request and maintain a dedicated website containing information on all certification schemes, whether they are withdrawn, expired or accepted.

The aforementioned cybersecurity certification scheme will certify that an IT product, service or process has no known vulnerabilities at the time of the certification’s release and will also ensure it complies with international standards and technical specifications. 

This will give the average EU consumer more peace of mind when they are purchasing a connected device such as a fitness bracelet, a piece of antivirus software or any other IT product.

Potential buyers will be swayed by seal of approval
While the certification scheme is not mandatory, those that volunteer to abide by it with will prove their offerings are safe and data can only be accessed by authorised individuals or systems. It will also assure potential buyers that the products, processes or services are designed with security baked in and fitted with up-to-date software free from vulnerabilities. Certification will prove that risks to life and health from using certified devices or products have been minimised as much as possible.

Long-term outlook for EU cybersecurity
German rapporteur Angelika Niebler said: “Today’s vote is a very important step towards a long-term vision of cybersecurity in the EU for two reasons. Firstly, from the perspective of consumers, it is important that users have trust and confidence in IT solutions. 

“Secondly, I strongly believe that Europe can become a leading player in cybersecurity. We have a strong industrial base and it is vital to continue working on improving cybersecurity for consumer goods, industrial applications and critical infrastructure.”

The draft report was approved by 56 votes to five with a single abstention and will constitute the European Parliament’s negotiation position with the Council, if it is approved by the entire house during the plenary session coming up in September.

EMEA director at Trustwave SpiderLabs, Ed Williams commented “I have some reservations around the certification framework – depending on the type of product, certification may be voluntary or mandatory. Personally, I would like to see mandatory security for ‘all’ products.

“It also appears that assurance will be broken down into different categories: basic, substantial and high; where basic ‘provides a limited degree of confidence in the claimed or asserted cybersecurity qualities of an ICT product or service’. I’d prefer all my ICT products to have high levels of assurance, I don’t think that’s too much to ask for.

“It will be interesting to see how consumers take to this. My hope is that the certification framework is agile, simple and clear and that having high assurance doesn’t come with additional costs (whatever they may be).”

Silicon Republic

You Might Also Read: 

ENISA’s Threat Rankings: From Malware To Cyber Spies:

A Guide To Addressing Corporate IoT Security:

 

« Is Cyber The Perfect Weapon?
US Dark Web Raids Lead to Arrests And Seizures »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Detectify

Detectify

Detectify is a web security service that simulates automated hacker attacks on your website, detecting critical security issues before real hackers do.

STMicroelectronics

STMicroelectronics

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

Industrial Cyber-Physical Systems Center (iCyPhy)

Industrial Cyber-Physical Systems Center (iCyPhy)

The goal of iCyPhy is to conduct pre-competitive research on architectures and design, modeling, and analysis techniques for cyber-physical systems.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

Tempered Networks

Tempered Networks

Tempered Networks delivers the first purpose-built platform for IIoT cybersecurity that allows customers to connect and secure devices in minutes without the need for specialized skills.

Norwest Venture Partners (NVP)

Norwest Venture Partners (NVP)

Norwest Venture Partners offer entrepreneurs a broad range of services to help them build their businesses at every stage of growth. Key sectors include AI, Infrastructure, SaaS and Security.

SOSA

SOSA

SOSA facilitates new growth opportunities by connecting the dots between industry verticals and innovation ecosystems around the world.

Wizard Cyber

Wizard Cyber

At Wizard Cyber, we simplify cyber security, delivering an advanced service that protects your high-risk assets from the complex threats that technology alone can miss, 24/7.

Communications & Information Technology Regulatory Authority (CITRA)

Communications & Information Technology Regulatory Authority (CITRA)

CITRA is responsible for overseeing the telecommunications sector, monitoring and protecting the interests of users and service providers, and regulating the services of telecomms networks in Kuwait.

GoPlus Security

GoPlus Security

GoPlus is working as the "security infrastructure" for web3, by providing open, permissionless, user-driven Security Services.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

SecureChain AI

SecureChain AI

SecureChain are combining blockchain and AI technology to create a smarter blockchain platform especially in terms of security.

Upwind Security

Upwind Security

Upwind delivers comprehensive cloud security, precisely when and where it’s most critical.

Xygeni

Xygeni

Xygeni is a leader in Application Security Posture Management (ASPM). Our advanced technology detects malicious code in real-time to prevent malware infections.

Decent Cybersecurity

Decent Cybersecurity

Decent Cybersecurity is a forerunner and proven partner in the field of cybersecurity, utilizing AI, post-quantum cryptography and quantum resistant blockchain for data protection enhancement.