What Does The EU Cybersecurity Vote Mean To You?

Uploaded on 2018-07-16 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

The European Parliament’s industry committee wants to give ENISA more power and create a rulebook for connected devices. European lawmakers have overwhelmingly voted in favour of giving more power and a higher budget to the European Network and Information Security Agency (ENISA).

The agency is one of the smallest in the EU and is currently based in Athens and Crete. As opposed to direct operational support, ENISA provides expertise.

EU Cyber-Security Boost
The new rules will supply ENISA with a larger budget, more staff (a possible Brussels team is being touted) and a permanent mandate. The body will also become the sole reference point for a new cybersecurity certification scheme in order to avoid certification scheme fragmentation within the EU. It will draft candidate certification schemes under the European Commission’s request and maintain a dedicated website containing information on all certification schemes, whether they are withdrawn, expired or accepted.

The aforementioned cybersecurity certification scheme will certify that an IT product, service or process has no known vulnerabilities at the time of the certification’s release and will also ensure it complies with international standards and technical specifications. 

This will give the average EU consumer more peace of mind when they are purchasing a connected device such as a fitness bracelet, a piece of antivirus software or any other IT product.

Potential buyers will be swayed by seal of approval
While the certification scheme is not mandatory, those that volunteer to abide by it with will prove their offerings are safe and data can only be accessed by authorised individuals or systems. It will also assure potential buyers that the products, processes or services are designed with security baked in and fitted with up-to-date software free from vulnerabilities. Certification will prove that risks to life and health from using certified devices or products have been minimised as much as possible.

Long-term outlook for EU cybersecurity
German rapporteur Angelika Niebler said: “Today’s vote is a very important step towards a long-term vision of cybersecurity in the EU for two reasons. Firstly, from the perspective of consumers, it is important that users have trust and confidence in IT solutions. 

“Secondly, I strongly believe that Europe can become a leading player in cybersecurity. We have a strong industrial base and it is vital to continue working on improving cybersecurity for consumer goods, industrial applications and critical infrastructure.”

The draft report was approved by 56 votes to five with a single abstention and will constitute the European Parliament’s negotiation position with the Council, if it is approved by the entire house during the plenary session coming up in September.

EMEA director at Trustwave SpiderLabs, Ed Williams commented “I have some reservations around the certification framework – depending on the type of product, certification may be voluntary or mandatory. Personally, I would like to see mandatory security for ‘all’ products.

“It also appears that assurance will be broken down into different categories: basic, substantial and high; where basic ‘provides a limited degree of confidence in the claimed or asserted cybersecurity qualities of an ICT product or service’. I’d prefer all my ICT products to have high levels of assurance, I don’t think that’s too much to ask for.

“It will be interesting to see how consumers take to this. My hope is that the certification framework is agile, simple and clear and that having high assurance doesn’t come with additional costs (whatever they may be).”

Silicon Republic

You Might Also Read: 

ENISA’s Threat Rankings: From Malware To Cyber Spies:

A Guide To Addressing Corporate IoT Security:

 

« Is Cyber The Perfect Weapon?
US Dark Web Raids Lead to Arrests And Seizures »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Expo

Cyber Security Expo

Cyber Security EXPO is a unique one day recruitment event for the cyber security industry.

The Media Trust

The Media Trust

The Media Trust continuously scans websites, ad tags and mobile apps and alerts on anomalies affecting websites and visitors.

BankVault

BankVault

BankVault is a new type of cyber technology (called remote isolation) which sidesteps your local machine and any possible malware.

Uppsala Security

Uppsala Security

Uppsala Security built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology.

NESECO

NESECO

NESECO is an IT security integration and consulting firm providing security products, solutions, support, consulting, and training services.

Utility Cyber Security Forum

Utility Cyber Security Forum

The Utility Cyber Security Forum offers a focused venue in which utility executives can network one-on-one with colleagues facing issues in protecting against cyber attacks.

Global Incubator Network Austria (GIN Austria)

Global Incubator Network Austria (GIN Austria)

GIN Austria is the connecting link between Austrian and international startups, investors, incubators and accelerators with a focus on selected hotspots in Asia.

Randstad

Randstad

Randstad provide outsourcing, staffing, consulting and workforce solutions in the USA across a wide range of job sectors including IT and cybersecurity.

AmWINS Group

AmWINS Group

AmWINS are a global specialty insurance distributor with expertise in property, casualty and professional lines including cyber liability.

SecureThings

SecureThings

SecureThings focus is to provide guidance and technology to secure connected vehicles in order to build end-to-end security for the automotive industry.

Risk Ledger

Risk Ledger

Risk Ledger is improving the security of the global supply chain ecosystem, reducing the number of data breaches experienced through supply chain attacks by companies and consumers alike.

SystemExperts

SystemExperts

SystemExperts is a premier provider of IT compliance and cyber security consulting services.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

Mage Data

Mage Data

Mage (formerly Mentis Software) is a leading solutions provider for data security and data privacy software for global enterprises.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Secolve

Secolve

Secolve is Australia’s next generation OT specialist cyber security firm, working with key industries to protect the nation’s critical infrastructure.