What Does The EU Cybersecurity Vote Mean To You?

The European Parliament’s industry committee wants to give ENISA more power and create a rulebook for connected devices. European lawmakers have overwhelmingly voted in favour of giving more power and a higher budget to the European Network and Information Security Agency (ENISA).

The agency is one of the smallest in the EU and is currently based in Athens and Crete. As opposed to direct operational support, ENISA provides expertise.

EU Cyber-Security Boost
The new rules will supply ENISA with a larger budget, more staff (a possible Brussels team is being touted) and a permanent mandate. The body will also become the sole reference point for a new cybersecurity certification scheme in order to avoid certification scheme fragmentation within the EU. It will draft candidate certification schemes under the European Commission’s request and maintain a dedicated website containing information on all certification schemes, whether they are withdrawn, expired or accepted.

The aforementioned cybersecurity certification scheme will certify that an IT product, service or process has no known vulnerabilities at the time of the certification’s release and will also ensure it complies with international standards and technical specifications. 

This will give the average EU consumer more peace of mind when they are purchasing a connected device such as a fitness bracelet, a piece of antivirus software or any other IT product.

Potential buyers will be swayed by seal of approval
While the certification scheme is not mandatory, those that volunteer to abide by it with will prove their offerings are safe and data can only be accessed by authorised individuals or systems. It will also assure potential buyers that the products, processes or services are designed with security baked in and fitted with up-to-date software free from vulnerabilities. Certification will prove that risks to life and health from using certified devices or products have been minimised as much as possible.

Long-term outlook for EU cybersecurity
German rapporteur Angelika Niebler said: “Today’s vote is a very important step towards a long-term vision of cybersecurity in the EU for two reasons. Firstly, from the perspective of consumers, it is important that users have trust and confidence in IT solutions. 

“Secondly, I strongly believe that Europe can become a leading player in cybersecurity. We have a strong industrial base and it is vital to continue working on improving cybersecurity for consumer goods, industrial applications and critical infrastructure.”

The draft report was approved by 56 votes to five with a single abstention and will constitute the European Parliament’s negotiation position with the Council, if it is approved by the entire house during the plenary session coming up in September.

EMEA director at Trustwave SpiderLabs, Ed Williams commented “I have some reservations around the certification framework – depending on the type of product, certification may be voluntary or mandatory. Personally, I would like to see mandatory security for ‘all’ products.

“It also appears that assurance will be broken down into different categories: basic, substantial and high; where basic ‘provides a limited degree of confidence in the claimed or asserted cybersecurity qualities of an ICT product or service’. I’d prefer all my ICT products to have high levels of assurance, I don’t think that’s too much to ask for.

“It will be interesting to see how consumers take to this. My hope is that the certification framework is agile, simple and clear and that having high assurance doesn’t come with additional costs (whatever they may be).”

Silicon Republic

You Might Also Read: 

ENISA’s Threat Rankings: From Malware To Cyber Spies:

A Guide To Addressing Corporate IoT Security:

 

« Is Cyber The Perfect Weapon?
US Dark Web Raids Lead to Arrests And Seizures »

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MD5

MD5

MD5 is a leading UK provider of Digital Forensic & eDiscovery services to large multi-national corporate businesses, Law Enforcement & Government Agencies, high profile legal firms.

Array Networks

Array Networks

Array Networks, the network functions platform company, develops purpose-built systems for hosting virtual networking and security functions with guaranteed performance.

KLC Consulting

KLC Consulting

KLC Consulting offers information assurance / Security, IT Audit, and Information Technology products and services to government and Fortune 1000 companies.

Hypori

Hypori

Hypori by Intelligent Waves represents a new and comprehensive approach to Enterprise Mobility Management and Mobile Device Management.

SSP Europe IT

SSP Europe IT

SSP Europe IT is a market leader in providing innovative cloud and IT security services.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

National Cybersecurity Society (NCSS)

National Cybersecurity Society (NCSS)

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses.

Macomb-OU Incubator

Macomb-OU Incubator

Macomb-Oakland University Incubator supports startup and emerging companies in the niche industries of defense, homeland security, advanced manufacturing and technology.

ARCON

ARCON

ARCON offers a proprietary unified governance framework, which addresses risk across various technology platforms.