The European Commission has launched measures to strengthen cyber security across Europe.
It proposes to extend the powers of ENISA, Europe’s current cyber agency. In particular, the proposals aim to ensure ENISA is better placed to support member states in implementing the NIS Directive. And the agency will become a centre of expertise on cybersecurity certification, if the proposals are approved.
“ECIIA welcomes the strengthening of cross-border efforts to tackle the growing threat of cybercrime,” Henrik Stein, ECIIA President, says. “A more standardised certification system for ICT products across Europe could help improve assurance and transparency in the market.”
Implementing the NIS Directive is seen by the Commission as vital plank in its cyber strategy.
“The NIS Directive is a first essential step with a view to promoting a culture of risk management, by introducing security requirements as legal obligations for the key economic actors,” says the paper.
Internal auditors will play an important role in ensuring organisations comply with the new security requirements and have systems in place to better combat cybercrime.
The cyber security package was issued by the Directorate-General for Communications Networks, Content and Technology.
It builds on the Commissions objectives to:
- Increase capabilities and preparedness of member states and businesses
- Improve cooperation and coordination across Member States and EU
- institutions, agencies and bodies
- Increase EU level capabilities to complement the action of Member States, in particular in the case of cross-border cyber crises
- Boost awareness of citizens and businesses on cybersecurity issues
- Increase the overall transparency of cybersecurity assurance of ICT products and services to strengthen trust in the digital single market and in digital innovation; and
- Avoid fragmentation of certification schemes in the EU and related security
- requirements and evaluation criteria across Member States and sectors.