ENISA wants to play a bigger role in responding to cybersecurity breaches

22 August 2017
According to Euractiv, ENISA addressed a 20-page document to the European Commission asking for more “centralised EU cybersecurity rules”, and advocating for the introduction of a certification system that would guarantee that connected devices are cyber secure.
In the agency’s views, the Commission should be more proactive in setting technology standards, Europe should be “driving the marketplace rather than being pushed by vested interests”. This is why the European Union needs a “cybersecurity standards coordination body” adds ENISA in the document.
For instance, the Commission should set up a programme in order to rank the cybersecurity level of products, such as Internet of Things (IoT) devices. The certification of IoT devices should be a lightweight process, whereas, high security applications, such as those used for electronic banking identity, should involve a complex certification process. ENISA’s director, Udo Helmbrecht, deems, this certification system should be legally binding and covers all EU countries. EU certification law should be pan-European and should concern services and skills, in addition to products.
The agency also argues that it should be in charge of this certification programme in order to avoid fragmentation and duplication of resources. More generally, ENISA believes, it should have a bigger role in responding to cybersecurity breaches by becoming a “cybersecurity coordination hub”. ENISA would then provide support services such as threat analysis, trusted information exchange and advice on standards and certification practices. This would also mean increasing ENISA’s current budget.