EESC puts forward proposals to make cybersecurity a reality

The EU should strengthen ENISA's mandate as the EU cybersecurity agency, create a certification framework at European level, and focus on the education and protection of internet users.

In an opinion adopted at the February plenary session and drafted by Alberto Mazzola and Antonio Longo, the EESC broadly supports the cybersecurity package submitted by the European Commission.

According to a special Eurobarometer survey on "Europeans' attitudes towards cybersecurity", 73% of internet users are concerned that their online personal information may not be kept secure by websites and 65% that it may not be kept secure by public authorities. Most respondents are concerned about being the victims of various forms of cybercrime, and especially about malicious software on their device (69%), identity theft (69%) and bank card and online banking fraud (66%).

In order to enhance the European cybersecurity framework, the Committee proposes a number of practical measures.

  • Strengthening ENISA as the EU cybersecurity agency

The EESC agrees with the Commission that the mandate of the European Union Agency for Network and Information Security (ENISA) should be made permanent. However, the EESC is also of the view that ENISA should be given more financial resources and focus its action on supporting e-government and digital identity for persons and organisations.

  • A European cybersecurity certification

The Committee believes that an EU cybersecurity certification framework should be put in place, with different requirements according to the different sectors. Certification schemes would help to increase security according to present needs and threat knowledge and should be based on commonly defined European cybersecurity and ICT standards at international level.

  • The human factor: education and protection

The EESC thinks that the Commission's proposal should focus on improving cyber skills among individuals and businesses and recommends three lines of action: lifelong learning and training programmes, awareness campaigns, and the creation of an EU‑certified curriculum for high schools and professionals. (mp)

In the photo: Alberto Mazzola, EESC rapporteur and Antonio Longo, EESC co-rapporteur of the opinion on the Cybersecurity Act.