The EU Parliament recently passed into law its new Information and Communication Technology cybersecurity certification, also known as the Cybersecurity Act, which will enable EU nations to monitor the cyber resilience of Network and information systems and telecommunications networks and services sold and operated within their jurisdictions.
The new Cybersecurity Act was drafted in response to the ever-growing increase in the number of internet-connected devices across the EU which support everyday societal activities, keep economies running in key sectors such as health, energy, finance and transport, yet do not feature sufficient security or resilience built in by design.
"This ambition is at the heart of the European Commission’s reform agenda to achieve a digital single market as ICT networks provide the backbone for digital products and services which have the potential to support all aspects of our lives and drive Europe’s economic growth.
"To ensure that the objectives of the digital single market are fully achieved the essential technology building blocks on which important areas such as eHealth, IoT, Artificial Intelligence, Quantum technology as well as intelligent transport system and advanced manufacturing rely must be in place," the draft document reads.
Cybersecurity Act to ensure cyber resilience of critical infrastructure sectors
According to the European Parliament, the EU Cybersecurity Act "underlines the importance of certifying critical infrastructure, including energy grids, water, energy supplies and banking systems in addition to products, processes and services", thereby allowing EU member countries to regularly monitor and manage cyber security risks in critical infrastructure sectors in the days to come.
The new Cybersecurity Act will help EU in establishing a common cybersecurity certification framework across Europe and will also enable the European Agency for Network and Information Security (ENISA), with is EU's official cyber security watchdog, to respond effectively to an increasing number of cyber threats. The agency will be provided with more staff and funding to achieve its mandate under the new law.
"The first issue relates to the increasing number of attacks on our critical infrastructure, which means on all aspects of our daily lives - electricity, communication, water etc. The second issue relates to the increasing number of internet of things devices and the user’s mistrust in the safety and privacy of their devices," said Angelika Niebler MEP when talking about the issues the new Cybersecurity Act will address.
Once the Cybersecurity Act is formally accepted, cyber security certification for IT equipment deployed across Europe will be standardised even though initial certification will be voluntary. By 2023 the European Commission will evaluate to what extent the scheme should become mandatory.
"The 2017 WannaCry cyberattack, which paralysed more than 200,000 IT systems across the EU at the same time, has shown that we need European initiatives to increase cybersecurity. With the cybersecurity act, we have now laid the foundation for this. Europe could soon become the leading force in cybersecurity," Niebler added.