Towards a European Cybersecurity framework?

President Jean-Claude Juncker said on the 13th of September 2017 in his annual State of the Union Address:

  In the past three years, we have made progress in keeping Europeans safe online. But Europe is still not well equipped when it comes to cyber-attacks. This is why, today, the Commission is proposing new tools, including a European Cybersecurity Agency, to help defend us against such attacks. ».

With an acceleration of the digital, the possibilities for a cyberattack to occur increased tremendously. The European Union has become aware of this threat and the necessity to create an adequate legislation like Mr. Junker said. 

The European Union places new technologies in the heart of these strategies. The Digital Single Market illustrates the fact that European citizens have trust in digital technologies. This strategy opens new opportunities for European citizens to buy online, to be informed or to develop business. This aperture is not without risks because not without dangers since threats as fraud, hacking, destabilizing governments or personal data breaches are legion. Cyber-attacks could impact the economy and also European and national security. In 2016, the European Commission estimated that « 4,000 ransomware attacks per day and 80% of European companies experienced at least one cybersecurity incident ».  86% of European citizens believe that the risk of becoming a victim of a cybercrime is increasing. 50% of all crimes committed are cybercrimes » Nowadays and more than ever, the imposition of measures to build a strong European cybersecurity framework. In order for these measures to be efficient, they should be harmonised in all Member States and should be supervised by a European Agency.

  We need to work together to build our resilience, to drive technological innovation, to boost deterrence, reinforcing traceability and accountability, and harness international cooperation, to promote our collective cybersecurity. » Julian King, Commissioner for the Security Union

  We need to build on the trust of our citizens and businesses in the digital world, especially at a time when large-scale cyber-attacks are becoming more and more common. I want high cybersecurity standards to become the new competitive advantage of our companies. » : Mariya Gabriel, Commissioner for the Digital Economy and Society.

The European Union is aware of dramatic results of cyberattacks: Destabilizing the economy, creating geopolitical crisis or manipulating personal data. The EU should establish cybersecurity and also cyber-resilience common in all Member States to protect European citizens, Member States, the economy, democracies, enhancing the overall security.

These objectives, the European Union had established in 2004 the European Cybersecurity Agency: European Agency for Network and Information Security (ENISA).

  The Agency will be given a permanent mandate to assist Member States in effectively preventing and responding to cyber-attacks. It will improve the EU’s preparedness to react by organizing yearly pan-European cybersecurity exercises and by ensuring better sharing of threat intelligence and knowledge through the setting up of Information Sharing and Analyses Centers. It will help implement the Directive on the Security of Network and Information Systems which contains reporting obligations to national authorities in case of serious incidents. »

ENISA owns strong mandate with permanent status, its own resources. It was granted independence from the rest of the institutions. This agency raises awareness among citizens and businesses. Its missions are based on three principles linked to cybersecurity:

  • Coordination
  • Harmonisation
  • Cooperation

This Agency should assist Member States and European institutions with cyber-attacks and cybersecurity. It also informs to cyber-attacks. The Agency should handle the organization and supervision of cybersecurity exercises European-wide. It ensures the coordination, sharing and analysis of information relating to cyber threats and knowledge’s in this field. It helps with the implementation the Directive on the Security of Network and Information Systems.

On 13 September 2017, the Commission adopted a proposal Issued by the European parliament and Council on ENISA, the « EU Cybersecurity Agency », and which repealed Regulation (EU) 526/2013, on Information and Communication Technology cybersecurity certification (« Cybersecurity Act »). The Commission transmitted the regulation to the Council and to the European Parliament the above. This text pursues which goal is to create a framework for the establishment of European cybersecurity certification schemes for the purpose of ensuring an adequate level of cybersecurity of ICT products and services in the Union.

The European Security Certification Framework (EU-SEC) will ensure the security of digital products and services. This Cyber-certification is similar to EU food labels but with criterion of cybersecurity, this single certifications recognised across each Member States in respect of the reciprocity principle. The European certification should to reinforce citizens’ trust who can compare between products and services, especially like Internet of things devices: so it promotes the transparency of digital products and the security of these products.

In the same way, the Commission and the High Representative are proposing some cybersecurity measures the creation of a European Cybersecurity Research and Competence Center. This authority should work along with Members States, « it will help develop and roll out the tools and technology needed to keep up with an ever-changing threat and make sure our defences are as state-of-the-art as the weapons that cyber-criminals use. »

These authorities have proposed the creation of a blueprint which should respond to cyberattacks and coordinate the actions. The Commission and the High Representatives encourage Cyberdefense within the Framework of Permanent Structured Cooperation (PESCO) and the European Defense Fund to support cyber defense projects. The UE wants to cooperate with other international institutions like NATO to coordinate exercises and participate together to cybersecurity.

Recently, some cybersecurity measures were enacted by the European Parliament, the Council and the European Commission have reached a political agreement upon Cybersecurity in Brussels, on December 10th of 2018. EU negotiators’ agreed upon the need to strengthen Europe’s cybersecurity: the Cybersecurity Act is born.

This Act reinforces the mandate of the European Union Agency for Network and Information and Security, with a permanent mandate. The Cybersecurity Act provides more resources to ENISA. The Act also establishes an EU cybersecurity certification which will allow for a more important role in the cooperation and coordination at Union level. These news rules will beneficial to citizens and businesses.

Nevertheless, protecting the UE, Members States, businesses and citizens, go through a reinforcement of EU cyber resilience: an effective criminal law response of cyberattacks and same pass by an efficient prevention, detection of cybercriminal and cyberattack.



Manon DANSAC
Master 2 Cyberjustice – promotion 2018-2019



Sources:
State of the Union 2017 – Cybersecurity: Commission scales up EU’s response to cyber-attacks’ by European Commission, 19 September 2017 on Europa website (http://europa.eu/rapid/press-release_IP-17-3193_en.htm)

Laisser un commentaire