At this year’s International Cybersecurity Forum, held on 25th and 26th January, the European Cybersecurity Industry Leaders (Cybernetica, Thales, Atos, Airbus Group, Deutsche Telekom, Ericsson, Infineon, F-secure, BBVA, BMW) presented to M. Günther H. Oettinger, European Commissioner for Digital Economy and Society, a report, compiling several months’ worth of work by the ECIL. This report brings together key recommendations to build a Europe that is more cybersecure and encourage the emergence of European leaders in cybersecurity, a sector with an annual growth of approximately 10%.
The work group highlights the following recommendations:
Establish voluntary certification processes at European level based on commonly agreed criteria between member states. Given the fragmentation of the European market, the ECIL believes a voluntary certification process is essential for the development of cybersecurity, in which legislation, standardisation and labeling are the fundamental pillars for success. They would be designed specifically for manufacturers, solutions and service providers whose products and services would benefit from the seal of guarantee of security. Corporate bodies and consumers would be able to better identify secure providers. Building on best practices and on other internationally recognised certifications, new security requirement or recommandations for labels would not be necessary.
Promote a “Secure-by-design” approach that entails the development and production of secure products, software and solutions free from vulnerabilities, provided by technology vendors, service providers and online vendors. Cyber security now has to be integrated as a mandatory requirement of critical information systems, which is already the case for the performance and resilience of systems. The architecture of critical information systems have to be designed with cyber security integrated from first principles rather than added at the end.
Create an international level playing field in regards to cybersecurity and Privacy: the ECIL welcomes the agreement of the EU-Institutions on the Network and Information Security directive which sets a framework for risk management requirements and standards across the EU for a fully operational and cybersecure European Digital Single Market. All players of the Information & Communication Technology (ICT) value chain should adhere to equal requirements concerning data confidentiality and cybersecurity, whether or not they operate within the EU as all the operators of the digital sphere have a shared responsibility and interest regarding this aim. It is now of importance that these principles guide member states during the implementation process of the Network & Information Security. We also need a European regulation that allows real-time sharing of data coming from cyber-attacks including personal data such as IPs between private and public institutions.
Protect data: encryption and security of data flows.
Data confidentiality is a vital part of cybersecurity: Perimeter protection is no longer sufficient; it must be complemented by critical data encryption solutions, either on terminals, servers or on the cloud. With the explosion of Big Data analysis as a basis for company strategic decisions, data is now at the heart of 21st Century business construction. Sensitive data must not be corrupted or stolen, and it is essential to know how to protect it with security solutions.
Create Europe-wide Information Sharing and Analysis Centres (ISACs) in different sectors:The collaboration of the ISACs would encourage and facilitate security information exchanges between Member States and Industry critical sectors in order to create an EU cyberspace for businesses and citizens.
Strive for european cybersecurity leaders and the reduction of market fragmentation: to support for deeper co-operation and to get globally leading cybersecurity companies from EU, also mergers and acquisitions should be viewed positively in the field of cybersecurity in order to allow for the most competitive European companies to scale up faster and more efficiently, thus enabling them to keep ahead of competition, in particular the dominant U.S. players in the field.
In addition to the report, an action plan has been proposed to M. Oettinger to ensure the execution of the selected recommendations.
The report will be available on the European Commission website.