The EESC urges the EU and its Member States to adopt a European-level cybersecurity model, to strengthen the mandate of the European cybersecurity agency and, lastly, to establish an effective European certification scheme for online services and products.
These are the key conclusions of the public hearing on the Cybersecurity Act held in Brussels on 9 January 2018 which will feed into the EESC opinion being drafted by Alberto Mazzola and Antonio Longo of the Section for Transport, Energy, Infrastructure and the Information Society (TEN).
The EESC broadly supports the cybersecurity package set out in the European Commission proposal submitted to the Council in September 2017 and flags up the following measures.
- A European cybersecurity model
The concept of cybersecurity has emerged worldwide. It is a global challenge as attacks may take place anywhere and target individuals, civil society organisations, social systems and economic sectors across any Member State. This is why the EESC is encouraging the EU to take the necessary steps and agree on a model of resilience against such attacks at European level.
- A stronger EU cybersecurity agency
The European Union Agency for Network and Information Security (ENISA) is a centre of expertise for cybersecurity in Europe and is currently based in Greece. The EESC believes it should be developed, made permanent and endowed with more resources. It should focus on e‑government and universal services (e-health) as well as preventing and combating ID theft and online fraud.
- A European cybersecurity certification
In order to guarantee a high level of security, the EESC recommends establishing an EU cybersecurity certification framework, based on commonly defined cybersecurity and ICT standards at European level. Online services and products could then be certified with a proper labelling system, with a view to improving consumer confidence. (mp)