What Does The EU Cybersecurity Vote Mean To You?

Uploaded on 2018-07-16 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

The European Parliament’s industry committee wants to give ENISA more power and create a rulebook for connected devices. European lawmakers have overwhelmingly voted in favour of giving more power and a higher budget to the European Network and Information Security Agency (ENISA).

The agency is one of the smallest in the EU and is currently based in Athens and Crete. As opposed to direct operational support, ENISA provides expertise.

EU Cyber-Security Boost
The new rules will supply ENISA with a larger budget, more staff (a possible Brussels team is being touted) and a permanent mandate. The body will also become the sole reference point for a new cybersecurity certification scheme in order to avoid certification scheme fragmentation within the EU. It will draft candidate certification schemes under the European Commission’s request and maintain a dedicated website containing information on all certification schemes, whether they are withdrawn, expired or accepted.

The aforementioned cybersecurity certification scheme will certify that an IT product, service or process has no known vulnerabilities at the time of the certification’s release and will also ensure it complies with international standards and technical specifications. 

This will give the average EU consumer more peace of mind when they are purchasing a connected device such as a fitness bracelet, a piece of antivirus software or any other IT product.

Potential buyers will be swayed by seal of approval
While the certification scheme is not mandatory, those that volunteer to abide by it with will prove their offerings are safe and data can only be accessed by authorised individuals or systems. It will also assure potential buyers that the products, processes or services are designed with security baked in and fitted with up-to-date software free from vulnerabilities. Certification will prove that risks to life and health from using certified devices or products have been minimised as much as possible.

Long-term outlook for EU cybersecurity
German rapporteur Angelika Niebler said: “Today’s vote is a very important step towards a long-term vision of cybersecurity in the EU for two reasons. Firstly, from the perspective of consumers, it is important that users have trust and confidence in IT solutions. 

“Secondly, I strongly believe that Europe can become a leading player in cybersecurity. We have a strong industrial base and it is vital to continue working on improving cybersecurity for consumer goods, industrial applications and critical infrastructure.”

The draft report was approved by 56 votes to five with a single abstention and will constitute the European Parliament’s negotiation position with the Council, if it is approved by the entire house during the plenary session coming up in September.

EMEA director at Trustwave SpiderLabs, Ed Williams commented “I have some reservations around the certification framework – depending on the type of product, certification may be voluntary or mandatory. Personally, I would like to see mandatory security for ‘all’ products.

“It also appears that assurance will be broken down into different categories: basic, substantial and high; where basic ‘provides a limited degree of confidence in the claimed or asserted cybersecurity qualities of an ICT product or service’. I’d prefer all my ICT products to have high levels of assurance, I don’t think that’s too much to ask for.

“It will be interesting to see how consumers take to this. My hope is that the certification framework is agile, simple and clear and that having high assurance doesn’t come with additional costs (whatever they may be).”

Silicon Republic

You Might Also Read: 

ENISA’s Threat Rankings: From Malware To Cyber Spies:

A Guide To Addressing Corporate IoT Security:

 

« Is Cyber The Perfect Weapon?
US Dark Web Raids Lead to Arrests And Seizures »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

Beta Systems Software

Beta Systems Software

Beta Systems automate IT-based business processes, control access rights, monitor processes, secure the network and optimize the infrastructure management of corporate IT.

Iceberg

Iceberg

Iceberg has been established to provide companies with cyber security experts who will protect businesses from the unseen threat of cyber crime.

RiskCentric

RiskCentric

RiskCentric is a consultancy specializing in risk management and compliance.

Neowave

Neowave

Neowave designs, manufactures and markets strong authentication solutions based on smart card components and digital certificates.

e-Crime Bureau

e-Crime Bureau

e-Crime Bureau is a specialized company offering cyber/computer forensics, cyber security consulting services, forensic audit and investigations services and training to clients across Africa.

Sikur

Sikur

Sikur have developed a communication platform that sets new boundaries for corporate privacy and security.

AdaptiveMobile Security

AdaptiveMobile Security

AdaptiveMobile Security, a world leader in mobile network security, protecting more than 2.2 billion subscribers worldwide.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

Elevate Security

Elevate Security

Elevate is the leading Security Behavior Platform, changing employee security habits while giving security teams unprecedented visibility.

InGuardians

InGuardians

InGuardians is an independent information security consulting firm specializing in penetration testing, threat hunting, and hardware hacking.

BATM Advanced Communications

BATM Advanced Communications

BATM Advanced Communications is a leading provider of real-time technologies for networking and cyber security solutions.

Deloitte

Deloitte

Deloitte is a multinational professional services firm providing audit, consulting, financial advisory, risk management, tax, and related services to clients.

SecurityStudio

SecurityStudio

SecurityStudio is a continuous cybersecurity risk management platform that allows decision-makers to quickly identify the most immediate threats and make confident risk informed decisions.

Conceal

Conceal

Conceal’s mission is to stop ransomware and credential theft for companies of all sizes by developing innovative solutions that provide social engineering protection in any browser.

IndoSec

IndoSec

IndoSec is an annual cybersecurity summit that powers an in-person gathering of cybersecurity leaders from Indonesia’s major corporations, leading businesses and key government entities.