|
In the context of increasing connectivity and reliance on non-EU solutions and technologies, support of the European cybersecurity industry is critical to maintain a high level of trust in the Digital Single Market. This is a critical aspect for digital sovereignty with respect to both citizens and industry.
The European Cybersecurity Competence Centre is a tremendous opportunity to increase consistency between the different European initiatives and legislations within the cybersecurity field. The Centre will help European cybersecurity actors to better use and benefit from the already existing tools such as the European Certification Framework, GDPR guidelines or certification, vulnerability disclosure etc. whilst helping to support the development of security step-up and innovation.
In addition, Eurosmart calls on the European Cybersecurity Competence Centre to support the full European state of the art approach to key digital technologies (KDTs) as identified by the IPCEI Forum. The European Digital Security Industry recommends tackling below priorities in the framework of a digital autonomy strategy:
Cloud Security: Europe should pay attention to the way data of citizens and of companies are concretely protected when in the cloud. Isolation, segregation, should be properly implemented, in both private and public clouds, and in particular when operated by 3rd parties. Standards and certifications of proper architectures should be strongly encouraged. Also, the deployment of next generation EU framework for PKI infrastructure should bring access to open, trustworthy, affordable and well-recognized PKI infrastructure.
HW security, Root of Trust and supply chains: whatever the IT technology, the security chain most often starts with a first piece of HW that needs to be trusted: The Root of Trust. It is of great importance for its sovereignty that Europe ensures the deployment of Roots of Trust that are under control. The reliability of their supply chain as well the proper management of their credentials is the foundation of trustable solutions.
Strong Authentication: weak authentication factors (e.g. usernames/passwords) are still massively used in 2020 despite well-known threats and intrinsic weaknesses. Europe should boost the deployment of strong identification and authentication solutions relying on standards, in line with eIDAS provisions.
Advanced Cryptography: the research in advanced cryptography techniques with concrete and efficient deployments in mind should be boosted. Homomorphic encryption, multi-party computation, attribute-based encryption, white-box cryptography… are promising techniques that should be stimulated through innovative projects and concrete use cases.
Cyber Resilient Engineering: because infrastructures and solutions are becoming more and more complex, there is a strong need for AI to help analyzing threats and potential weaknesses of complex systems. Also, AI and automation will help in managing the growing volumes of threats and in deploying efficient solutions for detection, reaction, and reconfiguration.
All these topics should be strengthened by EU’s certification and standardisation efforts, which imply the full involvement of the European cybersecurity value chain. The mastery and the deployment of such technologies, backed by the European Cybersecurity Competence Centre, will significantly increase the EU market share in digital products and services. This will enable a secure, independent and trustworthy Digital Single Market with a strong reliance on the European centre of excellence.
|
