Representatives from the European Commission, Council and Parliament on Monday (10 December) evening banded together to strengthen the bloc’s Cybersecurity efforts, reaching agreement on the EU’s cybersecurity act.
The measures approved will see more resources and greater responsibility afforded to the EU’s cybersecurity agency, ENISA, as well as establishing a certification framework that will set cybersecurity standards for products during the design and development stage.
The Commission is set to draft the scope of products that require obligatory certification, with a list to be finalized by 2023.
“Trust and security are fundamental for our Digital Single Market to work properly,” Vice-President Andrus Ansip, in charge of the Digital Single Market, said in a statement.
“This evening’s (Monday’s) agreement on comprehensive certification for cybersecurity products and a stronger EU Cybersecurity Agency is another step on the path to its completion.”
BREAKING: Einigung m. @EUCouncil zu #CyberSecurity : mehr Infos f. User, EU-weite Koordinierung & Stärkung v. EU-Agentur @enisa_eu. Computerviren & Erpressersoftware kennen keine Landesgrenzen – #Cybersicherheit in #EU geht nur gemeinsam. Gutes Ergebnis, @EU2018AT ! #digitalEU pic.twitter.com/cBljja6J0F
— Angelika Niebler (@ANiebler) December 10, 2018
The measures will offer businesses a one-stop portal to certify that their products meet certain cybersecurity standards, a vital element for consumers using the Internet of Things devices.
Before, certifications would have had to be approved in several member states. EU policymakers hope that companies will be incentivised to invest in the cybersecurity of their products, to their competitive advantage.
Cybersecurity has been highlighted as one of the main concerns of EU citizens of late, particularly in the context of the 2019 European elections.
Recent Eurobarometer figures show that that 61% of Europeans worry that elections can be manipulated through cyberattacks, while 59% are concerned about foreign actors and criminal groups influencing elections, prompting Commission Vice-President Frans Timmermans to say that EU citizens are “well aware of the dark forces that would like to manipulate what they read, think and ultimately vote for.”
Meanwhile, critical national infrastructures have been hit across the continent, with the 2017 WannaCry ransom-wear attack being one of the most severe.
The attack is said to have been one of the principal determinants in cyber attacks being identified as the most pressing threat for the bloc in the World Economic Forum’s Regional Risks to Doing Business report that was published earlier this year.
The study asked more than 12,500 executives around the world to select the global risks that pose the most significant concern for doing business within the next 10 years.
“2017 was a tipping point in the prevalence of cyberattacks in the EU,” the lead author of the report, Aengus Collins, told EURACTIV. “The most significant of which was, of course, the WannaCry ransomware attack.”
“What was concerning about WannaCry was the fact that it employed fairly straightforward methods to create broad disruption across many systems.”
Europol described the 2017 WannaCry cyberattack as “unprecedented” in scale, after it had struck 200,000 computers across 150 countries.
The hit had seen global systems infected with a ransomware which targeted Microsoft Windows operating systems.
The report highlights the fact that the WannaCry attack disrupted systems such as the UK’s National Health Service and German rail infrastructure, and that such targets contribute to the reasons why cyberattacks have been voted as the most pressing issue to EU business.
“This is no surprise,” the report says. “A number of massive cyberattacks took place in 2017 – causing extensive operational disruption and financial losses for organisations around the world.”
On Monday evening, Commissioner for the Digital Economy and Society, Mariya Gabriel, referred to attacks such as WannaCry as being “wake-up calls” that show the full extent of “potential consequences of large-scale cyber-attacks.”
“Enhancing Europe’s cybersecurity, and increasing the trust of citizens and businesses in the digital society is a top priority for the European Union,” she said. “I strongly believe that tonight’s deal both improves our Union’s overall security and supports business competitiveness.”