,

🔐EU Cybersecurity Act adopted by European Parliament🆕

EU Cybersecurity act

EU Cybersecurity Act: text approved

As recently posted on the official EU website, on tuesday 12/03/2019, the EU Parliament adopted the EU Cybersecurity Act with 586 votes to 44 and 36 abstentions. It establishes the first EU-wide cybersecurity certification scheme to ensure that certified products, processes and services sold in EU countries meet cybersecurity standards.

Parliament also urge the Commission to mandate the EU Cybersecurity Agency, ENISA, to work on a certification scheme ensuring that the rollout of 5G in the EU meets the highest security standards.

What is this Act about?

The EU Cybersecurity Act, which is already informally agreed with member states, underlines the importance of certifying critical infrastructure, including energy grids, water, energy supplies and banking systems in addition to products, processes and services. By 2023, the Commission shall assess whether any of the new voluntary schemes should be made mandatory.

The Cybersecurity Act also provides for a permanent mandate and more resources for the EU Cybersecurity Agency, ENISA.

After the vote on the Cybersecurity Act, rapporteur Angelika Niebler (EPP, DE) said: “This significant success will enable the EU to keep up with security risks in the digital world for years to come. The legislation is a cornerstone for Europe to become a global player in cyber security. Consumers, as well as the industry, need to be able to trust in IT-solutions.”

How does the Certification Scheme work?

The European certification schemes envisaged by the Cybersecurity Act will be prepared, firstly, by ENISA and then formally adopted by the European Commission by means of implementing acts. Medical devices, industrial control systems and automated vehicles are just some examples of products for which it is likely that a European certification scheme will be made available.

Once a European certification scheme has been adopted by the Commission, companies may apply for certification of their products or services to specific accredited bodies, unless the certification scheme in question does not allow companies to proceed with a self-assessment of conformity (only for low-risk products and services). However, the use of the certification will remain voluntary, unless the certification is expressly requested for certain categories of products or services by specific industry standards.

Next steps

The Council now has to formally approve the Cybersecurity Act. The regulation will enter into force 20 days after it is published.

From the Member States’ perspective, the current objective would result in identifying their national supervisory authorities and appointing the conformity assessment bodies that will be entrusted to issue the certificates. ENISA’s next focus is expected to be the recruitment of relevant staff and the roll-out of the working methodology.

ENISA Cyber-Threats Report

On the occasion of the Data Protection Day on 28 January 2019, the ENISA released its Threat Landscape report 2018 analyzing the latest cyber threats across Europe.

According to the report, during the last year the cyber threat landscape changed significantly. The main trends relating to cyber threats in 2018 included the following:

  • Mail and phishing messages have become the primary malware infection vector;
  • Crypto-miners have become an important monetisation vector for cyber-criminals;
  • The emergence of IoT environments is a concern due to missing protection mechanisms in low-end IoT devices and services;

Advances in defence have also been assessed: the development of active defence practices such as threat agent profiling and the combination of cyber threat intelligence led to a more efficient identification of attack practices and malicious artefacts.

Conclusion

It is interesting to note that security issues are influencing the development of best practices among different businesses and sectors across the world aiming at giving to clients the best possible assurance that their data is protected, and sometime leveraging the implementation of top security measures to attract new clients, for example by adopting ISO standards.

The ETSI (the official EU body supporting European regulations and legislation through the creation of harmonised standards) Committee on Cybersecurity just released a standard for cybersecurity in the Internet of Things, to establish a security baseline for internet-connected consumer products and provide a basis for future IoT certification schemes.

The World Economic Forum considers Cybersecurity as the leading factor to be taken into account in order to fuel the fourth industrial revolution. Accordingly, companies shall adopt a comprehensive legal and technical cybersecurity action plan to maximize success opportunities offered by modern technologies while lowering cyber-risks.

For more info drop me a line via Twitter –  Fb or Telegram  

If you think this information is valuablerepay my effort and share it on your #SocialMedia, Be Influent! 

Also don’t miss my #Telegram channel @TechnoLawgy for the latest #Privacy and #TMT news!

0 commenti

Lascia un Commento

Vuoi partecipare alla discussione?
Fornisci il tuo contributo!

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.