The last years and in particular the last months have been frenetic with regards to the number of cyber events affecting companies, customers and citizens.
Let’s be clear, we have a serious problem with cybersecurity and this is not localized to specific countries, but an acute global issue.
With most of the big corporations, financial institutions and governmental organizations, involved in a digital transformation journey to reduce cost to serve and provide a better and personalized experience to their customers or citizens, it is absolutely crucial that we find a solution to address the cybersecurity challenges and this time we need to assure that we get it right.
Initiatives at the EU level
We are seeing initiatives at the European Union level with the Digital Single Market initiative, to create an EU Cybersecurity Agency and a certification framework.
The main goals pursued by this initiative are:
- To scale the EU’s response to cyber attacks
- Increase cyber resilience
- Improve trust in the Digital Single Market
The referred agency will be built on the European Agency for Network and Information Security (ENISA), by providing more resources in terms of staff and budget.
ENISA will be instrumental in addressing one of the Achilles heels in cybersecurity that is basically the coordination and information sharing between Member States leveraging the network of Computer Security Incident Response Teams (CSIRTs).
ENISA will also organise annual pan-European cybersecurity exercises in order to raise cybersecurity fitness and improve preparation for a cyber crisis.
Moreover, a certification framework will be created to increase trustworthiness in product and services that are instrumental for the Digital Single Market. There is special focus on the IoT devices considering their exponential growth and key role played in the digital transformation across all industries but also new consumer devices coming into the market.
The certification process will be put in place by ENISA, will not be mandatory, at least for now and the resulting certificate will be recognized by all Member States.
Considering the existing patchwork of cybersecurity schemes, including the Commercial Product Assurance (CPA) in the UK, the “Certification Sécuritaire de Premier Niveau” (CSPN) in France, the Dutch Baseline Security Product Assessment (DBSP) and the SOG-IS MRA which includes 12 Member States plus Norway, this EU certification process will make life easier for cybersecurity companies, manufacturers, service providers to do business across borders and for purchasers to understand the security features of the product or service.
We believe this is a great initiative and as always, the devil might be in the details as well as in the timeline to have such important EU initiative up and running.
The ENISA full fact-sheet is available on:
Discussions in the US for a National Cybersecurity Agency
Although there are numerous cybersecurity governance and advisory bodies, laws, processes and task forces, there is a need for harmonisation and the ability to respond and evolve quickly to address a very dynamic threat landscape at the government level.
Companies like Microsoft with tremendous experience both in cybersecurity as well as working with governments globally, are advocating for the creation of a National Cybersecurity Agency.
Based on Microsoft’s views, five key recommendations for a successful National Cybersecurity Agency would be:
- Appoint a single national cybersecurity agency
- Provide the national cybersecurity agency with a clear mandate
- Ensure the national cybersecurity agency has appropriate statutory powers
- Implement a five-part organizational structure including Policy and Planning, Outreach and Partnership, Communications, Operations and regulatory Units
- Expect to evolve and adapt
These recommendations are covered more in detail in the Microsoft’s policy paper available on:
We believe that these initiatives are very important to address the global cybersecurity challenges we are facing and the more coordination within and among governments the better to increase efficiency and effectiveness.
New technologies like Artificial Intelligence (AI), Machine Learning (ML), automation as well cyber awareness training and education to the whole Society are urgently needed but that alone is not going to work without governmental coordination at the regional and global level.