The EU’s cybersecurity strategy is under the scrutiny of global actors, the EU’s Digital Commissioner Mariya Gabriel said on Tuesday (19 March). Her comments came as the European Court of Auditors criticised the ‘fragmented’ nature of cybersecurity policy across the continent.
“We are doing no less than creating a new cybersecurity marketplace and the world is watching us,” Gabriel said on Tuesday, speaking at an anniversary event celebrating 15 years of the EU’s cybersecurity agency (ENISA).
The EU’s digital chief also applauded the recent parliamentary adoption of the Cybersecurity Act, which extends ENISA’s mandate as well as establishes a cybersecurity certification scheme.
“It is essential that the certification scheme gets off to a good and fast start,” Gabriel said. In the context of a diverse range of cybersecurity threats, including concerns over the security of future 5G network infrastructures, Gabriel said that the EU has the opportunity to prove that the cybersecurity act is the “right tool at the right time.”
However, the European Court of Auditors released a report on Tuesday, criticising the fragmented nature of the bloc’s cybersecurity policy. With regards to spending, auditors had some strong words.
“Spending in the EU on cybersecurity has been low and fragmented,” the paper writes. “The EU and its Member States need to know how much is being invested collectively to know which gaps to close, but forming a clear picture of this is difficult.”
“There is no dedicated EU budget to fund the cybersecurity strategy or a clear picture of what money goes where.”
The ECA Member responsible for the review, Spaniard Baudilio Tomé Muguruza, told EURACTIV on Tuesday that bettering coordination between member states is the key to the EU’s future cybersecurity policy.
“The issue is the fact that security issues are member state competencies, but it’s clear that coordination is needed if we are to ensure that the EU protects itself efficiently,” he said.
“Cyber attacks are cross-border in nature.”
Moreover, when pressed by EURACTIV, auditors also acknowledged other shortfalls of the cybersecurity act – one particular element being that the framework itself is voluntary, raising the question of why market players would be interested in signing up to the scheme in the first place.
EURACTIV addressed the issue with ENISA Executive Director Udo Helmbrecht on Tuesday.
“How would a mandatory scheme have looked like to the wider marketplace?” he responded. “We are starting an ambitious scheme with the cybersecurity act and if we do it right, it can work.”
Cybersecurity Act scope
Another ongoing issue surrounding the cybersecurity act is the scope of the framework – the subject of which products will be covered. Following the adoption of the measures in the European Council, which is at this stage a formality, the text will be published into the official EU Journal and translated into 23 other EU languages.
Following on from that procedure, the Commission will communicate with other stakeholders as a means to conceive of scope for the plans. Helmbrecht told EURACTIV that the scope is likely to be published about between late June and early July.
The lead MEP for the cybersecurity file in the European Parliament, Angelika Niebler (EPP), said on Tuesday that now is a particularly pertinent time for the EU to be taking up measures to bolster its cybersecurity due to the oncoming roll-out of 5G infrastructure.
She specifically referred to the bidding for radio frequencies to be used in 5G networks, that began in Germany yesterday.
Concerns have been raised on the other side of the Atlantic, with regards to German network operators using equipment from Chinese producers in the roll out of 5G infrastructure, which, the Americans believe, has severe cybersecurity vulnerabilities.
US General Curtis Scaparrotti, NATO’s Supreme Allied Commander in Europe, last week that the Alliance may cut communications with its German counterparts should the latter decide to collaborate with Chinese telecoms manufacturer Huawei in the development of 5G.
EURACTIV asked NATO Secretary General Jens Stoltenberg for clarification following Scaparrotti’s comments. He revealed that NATO is “assessing” the potential security risks in 5G networks, with specific reference to Huawei.
The Chinese company came out on the defensive following Stoltenberg’s comments.
“We are part of the solution, not the problem,” a Huawei spokesperson told EURACTIV. “Huawei is open for dialogue with anyone who has a legitimate concern for cybersecurity.”
The process of bidding for radio frequencies as part of the German roll-out of 5G is expected to take several weeks. Four telecoms operators are taking part in the auction – Deutsche Telekom, Vodafone Germany, Telefonica Deutschland and 1&1 Drillisch.
EURACTIV has learnt that both Telefonica Deutschland and Deutsche Telekom are currently supplied with equipment by Huawei.
Meanwhile, Vodafone Germany is against kicking out the Chinese firm from involvement in 5G, suggesting they may have an agreement in place with the company, as they do in the UK.
Edited by Alexandra Brzozowski