The Council of the European Union (EU) has agreed to a general approach related to the EU Cybersecurity Act, including a proposal to set up a certification framework for information and communication technology (ICT) processes, products and services and upgrade the European Union Agency for Network and Information Security (ENISA).
Under the Cybersecurity Act, the Council would create a mechanism for setting up European cybersecurity certification programs for ICT processes, products and services, according to a prepared statement. In addition, the Cybersecurity Act would transform ENISA into a permanent EU agency for cybersecurity.
The Cybersecurity Act's ICT framework covers accidental or malicious data loss or alteration and other security incidents, the Council indicated. Certificates issued under the ICT framework would be valid in all EU countries, the Council said, and voluntary unless otherwise specified in EU law or member states' law.
Meanwhile, ENISA would be given new tasks to support EU member states, institutions and other stakeholders on cyber issues, the Council stated. It also would organize EU cybersecurity exercises and promote EU policy on cybersecurity certification.
The Cybersecurity Act is still under discussion, and both the Council and European Parliament must agree on the act before it takes effect.
EU Commission President: 'We Have Made Progress in Keeping Europeans Safe Online'
Europe "is still not well-equipped" to deal with cyberattacks, European Commission President Jean-Claude Juncker said in his September 2017 "State of the Union" address. However, Juncker pointed out that the Commission has "made progress in keeping Europeans safe online" over the past three years.
The Cybersecurity Act promotes the use of European cybersecurity certificates that ensure the trustworthiness of billions of devices, Juncker indicated. It also improves EU cyberattack preparedness and promotes threat intelligence collaboration via information sharing and analysis centers.
Furthermore, the European Commission has proposed the following initiatives to ramp up the EU's cyber resilience efforts:
- Creation of a European cybersecurity research and competence center to develop and roll out tools and technology to help EU member states and citizens keep pace with rapidly evolving cyber threats.
- Development of an EU cybersecurity crisis response framework for testing cybersecurity and other crisis management exercises.
- Development of a cybersecurity emergency response fund to help EU member states affected by cyberattacks.
The economic impact of cybercrime rose fivefold globally from 2013 to 2017, and it could increase by a factor of four by 2019, the Commission indicated. With the Cybersecurity Act, the EU may be better equipped than ever before to protect its member states and citizens against cyberattacks and reduce the economic impact of cybercrime both now and in the future.