Europe consolidates its digitization day by day. More than 80% of the population of the European Union (EU) is connected to the internet; By 2020, the vast majority of our digital interactions will be machine-to-machine through billions of Internet of Things (IoT) devices. The growth and generalization of digital platforms for social and economic interrelations have opened the way to new business models and have challenged established norms and working methods.
This transformative economy based on data generates wider social challenges, in addition to the need for reliable and robust digital infrastructures and services. Thus, cybersecurity – the realization of resilient and safe components, devices, data and processes that take into account the fragility of human behavior – is essential both for our prosperity and for our own society.
The file hijacking attack WannaCry In May 2017, it affected more than 230,000 computers in more than 150 countries and impacted railway operations, healthcare systems, telecommunications operators and companies across Europe. A month later there was another major cyber attack, NotPetya, and earlier this year, critical vulnerabilities were reported from hardware. In addition to these highly visible events, a host of threat actors constantly track our network for weaknesses in order to undermine the confidentiality, integrity and availability of our valuable digital assets.
The level of complexity and scale of these attacks continues to increase. Hybrid threats, which combine cyber attacks with online misinformation, have been used to interfere in decision-making in our liberal democracies. Cyber attacks nowadays have the harmful capacity to cause the loss of human lives as security-critical systems, such as aircraft or automobiles, become dependent on digital technologies.
- The reaction of the European Union
The first EU legislation on cybersecurity, the Network Security and Information Systems Directive (SRI Directive), became fully binding in May this year. This Directive requires minimum basic capacities in cybersecurity in all Member States. It establishes a framework for cooperation between the authorities responsible for operational cybersecurity and applies a risk-based approach to vital services in the fields of energy, finance, transport, health, water distribution and the digital sector. Some Member States are still in the process of transposing the SRI Directive into their national legislation, while others have completed this important process in time.
Lawmakers are now debating an ambitious proposal for a Cybersecurity Regulation that grants a permanent extended mandate to ENISA, the EU Cybersecurity Agency, and establishes a new certification framework. The main objective of the new mandate of the ENISA is to make the Agency stronger and more effective in addressing the challenges of cybersecurity, actively supporting the Member States, the EU institutions, businesses and citizens.
The proposed framework for cybersecurity certification aims to avoid market fragmentation and ensure that it is easier for users to know if ICT products and services are cybersecure. It is important that users trust ICT solutions. We are also facing an opportunity for Europe, with its solid industrial base, to become a key player in the market for cybersecurity products and services. We hope that in the coming months the European Parliament and the Council can make decisive progress and reach a political agreement on the Cybersecurity Regulation by the end of the year.
We have the opportunity for Europe to become a key player in the market for cybersecurity products and services
And very soon it will move on to the next stage: in order to boost investments in the EU cybersecurity market and strengthen resilience, the Commission proposes to create a European Center for Industrial, Technological and Research Competence in Cybersecurity with a network of national coordination centers. This initiative will help to develop and deploy the necessary tools and technologies to face an evolving threat landscape, ensure that our defense systems are state-of-the-art and contribute to the creation of a European industrial base in cybersecurity.
In the context of the next multiannual financial framework, this proposal will be supported by the research funding program Horizon Europa and the Digital Europe program, which has allocated € 2 billion to cybersecurity. However, these figures are still relatively modest when compared to spending on cybersecurity technology capabilities in other parts of the world, so this initiative will also try to share resources and make joint investments with all EU Member States and industry. .
Cybersecurity is a challenge that we can face better if we work together. Together, these action initiatives contribute to a more cyber-resilient society and protect the digital single market in favor of a more prosperous Union.
Mariya Gabriel She is the Commissioner of the Digital Economy and Society.
Angelika Niebler is a member of the European Parliament on cybersecurity.