On 13 September 2017 the Commission adopted a cybersecurity package with new initiatives to further improve EU cyber resilience, deterrence and defence. As part of the resilience measures the Commission has tabled a legislative proposal to strengthen the European Union Agency for Network Information Security (ENISA). Following the adoption of the Network Information Security Directive in 2016, ENISA is expected to play a broader role in the EU’s cybersecurity landscape but is constrained by its current mandate and resources. The Commission has presented an ambitious reform proposal, including a permanent mandate for the agency to ensure that ENISA can not only provide expert advice, as has been the case until now, but can also perform operational tasks. The proposal also envisages the creation of the first voluntary EU cybersecurity certification framework for ICT products, where ENISA will also play an important role. Within the European Parliament the file has been assigned to the Industry, Research and Energy Committee.
This study attempts to identify and assess policy options for the EU to achieve cyber-resilience, and to develop capabilities, and industrial and technological resources for a trustworthy EU cyberspace, with a view also to promoting core values, such as online privacy protection. The findings could form the basis for an assessment of alternative measures to improve the resilience of the European ICT industry and the EU’s strategic decision-making capacity, and enhance the resilience of critical information technology networks. The study further reviews the current state of reciprocity between search engine services and individual customers. The ultimate aim of this study is to develop concrete policy options to be considered by EU institutions and Member States – and potentially to be used as background by EP committees for their legislative and own-initiative reports.
On 20 December 2017 EU institutions took an important step in strengthening their cooperation in the fight against cyber-attacks. An inter-institutional arrangement which enters into force today establishes a permanent Computer Emergency Response Team (CERT-EU) covering all the EU’s institutions, bodies and agencies. It consolidates the existing task force into a permanent and effective team responsible for ensuring a coordinated EU response to cyber-attacks against its institutions.
An inter-institutional arrangement signed today establishes a permanent Computer Emergency Response Team (CERT-EU) to reinforce the protection against the cyber attacks, which are often targeted against the EU institutions, agencies and bodies. This decision follows the successful operation of CERT-EU as a task-force over the last six years.
During the last week, Romanian authorities have arrested three individuals who are suspected of infecting computer systems by spreading the CTB-Locker (Curve-Tor-Bitcoin Locker) malware – a form of file-encrypting ransomware. Two other suspects from the same criminal group were arrested in Bucharest in a parallel ransomware investigation linked to the US.
uring 8-9 November 2017, the Krakow Conference on Cybersecurity in Civil Aviation took place with the attendance of 260 participants. The event was organised by, the Polish Civil Aviation Authority and EASA, sponsored by the Polish Prime Minister and the Polish Ministry of Transport and Infrastructure. A Memorandum of Cooperation was signed between EASA and the Polish CAA for the pilot phase of the European Centre for Cybersecurity in aviation on 8 November 2017.
ENISA has developed a concise set of six technical guidelines on trust services with the purpose of providing technical guidance and promoting the uptake of qualified trust services (QTS).
This note seeks to provide an initial analysis of the strengths and weaknesses of the European Commission’s impact assessment (IA) accompanying the above proposal, which is the main part of the ‘Cybersecurity package’, submitted on 13 September 2017 and referred to Parliament’s Committee on Industry, Research and Energy (ITRE). As announced in the State of the Union Address 2017 and the Commission’s communication on Europe’s Cyber Resilience System and Cybersecurity Industry, the initiative aims to reform the European Union Agency for Network and Information Security (ENISA or ‘Agency’) in order to enhance its supporting functions for Member States in achieving cybersecurity resilience and to acknowledge the Agency’s responsibilities under the new directive on security of network and information systems (NIS Directive). In addition, the proposal establishes a voluntary European cybersecurity certification framework to promote such certification schemes for specific information and communication technology (ICT) products and services, and to allow for mutual recognition of certificates so as to avoid further market fragmentation.
Since 1995, information and communication technologies (ICTs) have driven productivity gains and growth in the EU. The concept of ICTs covers a broad spectrum of technologies, ranging from information technology (IT) through telecommunications, broadcast media, and all types of audio and video processing and transmission to network-based control and monitoring functions. Over the past three decades, technological ‘convergence’ has been blurring the boundaries between telecommunications, broadcasting and IT. Although linear broadcasting continues to be the principal medium of information distribution and entertainment in Europe, more and more audiovisual content is available on demand, while exponential growth in 4G and 5G internet connectivity and the ‘internet of things’ (IoT) gives the internet an increasingly ubiquitous dimension. With a view to addressing the different challenges, the Commission launched the digital single market in 2015 to deliver the main legislative proposals set as priority, such as boosting e-commerce, copyright, audiovisuals, the telecoms review, ePrivacy, harmonisation of digital rights, affordable parcel delivery, harmonised VAT rules and cybersecurity.
The EIB and Clavister have signed a EUR 20 million financing agreement which will help the company to develop advanced cybersecurity software and hire new computer experts.
More needs to be done to provide victims of online crimes with adequate support and the right information.
Update: Activity reports have been published.