Cybersecurity: “work in progress”

By Pilar DEL CASTILLO, MEP (EPP Group), Member of the ITRE Committee, Chair of the European Internet Forum

As we arrive to the end of the European Parliament’s term, a multitude of events are taking place, and articles are written, with the objective of spurring the debate on what should the priorities be for the next legislature.

My belief is that if there is to be one common denominator of the EUs “must do” list in all of these events and articles, that would be without discussion, security in general, and cybersecurity in particular.

This, however, must not be interpreted to be caused by the inaction of the EU institutions during the current legislative term; quite on the contrary, a great deal of important initiatives have been adopted, such as the security provisions of the Electronic Communications Code or the very recent Cybersecurity Act.

Nevertheless, if we are truly to be efficient in cybersecurity matters, we must avoid being self-indulgent.

Cybersecurity must always be understood as “work in progress”.

Indeed while our daily lives and economies become increasingly dependent on “digital”, we also become increasingly exposed to cyber threats, making cybersecurity vital to both our prosperity and our economy.

However, the cyber threats are just as dynamic as the digital transformation.

Clearly, the “Cybersecurity Package” by building upon existing instruments and presenting new initiatives, will further improve Europe’s cyber resilience and response to security threats.

Indeed, ENISA, Europe’s cybersecurity agency could no longer function properly without a permanent mandate and we must strengthening operational cooperation and crisis management across the EU.

In addition, we have created a European digital security framework, which will help develop measures on cyber security standards, certification and labelling to make ICT-based systems, including of course Internet of things, without undermining the principles of transparency and openness that already today govern standardisation processes.

Nevertheless, particular attention must be paid to the fast evolving cyber threat landscape that accompanies the digital transformation of Europe’s economy as the Internet of Things, smart infrastructures, connected cars, digital health and eGovernment applications are massively deployed.

One very recent example is the attention that has been given to a specific international tech vendor, and the ban that the United States, Australia, New Zealand and Japan have issued to this particular company from taking part in the building of in 5G mobile network infrastructure.

In my view, and without pre-empting the result of the debates that are taking place in Parliament and the possible resolution that will follow, our actions in this field must be balanced and extremely rational.

Clearly, we must deal with the technological security risks posed by increasingly high market penetration of external vendors at EU level by means of a common approach based on the effective and efficient use of expertise from within the Member States and industry.

However, we must do so with all the facts and the best professional expertise possible.

As I write these lines the UK, Germany and France have not yet published any definite conclusions.

From this perspective, and while we instruct security experts from the European Commission and the Member States to undergo a thorough analysis of the situation, we must not forget that a competitive, dynamic market for telecom vendors is in the strategic interest of Europe.

Having a broad choice of suppliers is essential to ensure they compete on quality, reliability, and of course also in the security of the equipment.

In the meantime, the Union needs to continue to drive the cybersecurity agenda by supporting cybersecurity across the entire value chain, from research to the deployment and uptake of key technologies.

In this regard, proposals such as the Digital Europe Programme, which, if Council agrees, will earmark 2 billion euros for financing state-of-the-art cybersecurity equipment and infrastructure, will undoubtedly play an important role.

In addition, the EU must continue to support public private partnerships that are able to stimulate the competitiveness and innovation capacities of the industry to ensure that there will be a sustained supply of cyberse- curity products and services.

Let us not forget that industry standardization bodies, such as the 3GPP, have already approved security standards for 5G and are further working on future standards.

Lastly, and here there is a great deal of room for improvement, as the latest development with regards third country vendors has shown, cybersecurity requires essential policies, and global cooperation.

Europe cannot go about it alone, it is very important to work together with international partners and create initiatives by building a mutual and international consensual regarding an open, interoperable, secure and reliable cyberspace.

In this regard, international cooperation must strive to: Develop international norms of behaviour in cyberspace; Promote compatible policies with our international partners; Promote collaboration in cybercrime investigations; Create International cybersecurity capacity building; Secure infrastructure and devices; And secure online safe, trustworthy transactions not hacked or impersonated.

Indeed, “work in progress”.