miércoles, 14 de septiembre de 2016

The year that Europe takes #cybersecurity seriously

It is nothing new saying that the lack of security perception is hindering the adoption of online services. Repeatedly, surveys has shown that the issues related with cybersecurity are the main concern that Internet users have about using the Internet for things like online banking or buying things online. According with the 2015 Eurobarometer on cybersecurity, when citizens buy online they are overwhelmingly more worried about the misuse of personal data (mentioned by 43%) or the security of online payments (42%) than  about not receiving goods or services that they buy online (22%). 

In spite of this background, Europe has repeatedly failed until now in the efforts to build a common cybersecurity strategy. The European Commission has put forward several EU security strategies 
  • In 2001, the Commission adopted a Communication on "Network and Information Security: Proposal for A European Policy Approach" (COM(2001)298)
  • In 2006, it adopted a Strategy for a Secure Information Society (COM(2006)251)
  • In 2013, it was adopted Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace  (JOIN(2013) 1)

However, as the Eurobarometer mentioned above shows, the concerns on cibersecurity issues grows as times goes by. Fortunately, it looks that the last of these strategies is giving its fruits in 2016. Last july was finally approved the first shared EU security legal framework, the NIS directive.

The approval of the NIS Directive is an event that radically changed the European cybersecurity environment. The long period of three years of negotiation has been valuable and the new regulation really has the seeds to achieve high level of cybersecurity in Europe. The Directive will provide Europe with:
  • A higher Member States preparedness level, by requiring them to establish Computer Security Incident Response Team (CSIRT) and a competent national NIS authority
  • A framework for cooperation among all the Member States, both at the strategic as for the operational level of cyber security (although the later is voluntary)
  • A set of obligations for operators of essential services for the society (energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure), which will be obliged to take appropriate security measures and to notify serious incidents to the relevant national authority

The NIS Directive is a changing-game event that paves the way to new ambitions. Taking advantage of the new scenario is the main objective of the new EU cybersecurity strategy.

The new cyber security plan for Europe has a two-fold objective. On one side, it aims to increase Europe cyber resilience. On the other hand, it aims to boost European sovereignty in cyber security area through the promotion of its cyber security industry. The first goal will be reached by using the cooperation instruments laid in the NIS Directive and through the renewal of ENISA. The second goal will have a contractual public-private partnership (PPP) between the EC and the industry under the umbrella of H2020 as its main tool.

It looks that Europe has taken seriously cyber security in 2016. The completion of the Digital Single Market heavily depends on creating a secure online environment. It would be better if it works this new approach.


No hay comentarios:

Publicar un comentario

palyginti kainas