|
Exchange of view with the Executive director candidate of ENISA
On September 3, the ITRE Committee invited Mr Juhan Lepassaar, the candidate to take up the position of Executive Director of ENISA, former head of cabinet of Digital Vice President Andrus Ansip. Here are the key elements of the debate with ITRE MEPs.
Juhan Lepassaar, Executive Director candidate of ENISA, stated that cybersecurity is not only a technological challenge, but increasingly a political and societal one. The new Cybersecurity Act is the backbone of the Digital Single Market, driving the EU's economic growth. Protecting fundamental rights online keeps our economy running.
NIS Implementation
The agency should contribute to determining how best to implement the NIS Directive. It can help the Member States to build on best practices or assist in drawing up guidelines, providing independent analysis on how to best implement new technologies
Also, a regular assessment of cybersecurity and systematic forecast can be provided by the agency. The agency can also facilitate cooperation, enhance dialogue between different stakeholders with its biannual cybersecurity exercises.
Staff and Ressources
Lepassaar emphisised that ENISA’s resources and capacities are not infinite. It needs to work together with public and private stakeholders, and Member States. The agency should retain its good standard of financial management. He added ENISA “cannot be a lap dog of a particular member state, it needs to be independent.”
On Stakeholder’s involvement
ENISA has a number of structural platforms that it has to use, a new cybersecurity stakeholder platform for example. Those stakeholders who want to be included can apply. It involves all parts of the EU's society. The engagement should be broad and capture all different elements of society.
Work programme
Regarding the work programme, ENISA structured its work around six priorities. Operational goals and objectives are about creating studies and organising events, which can be used to create a pool of experts and a network across Europe.
Cybersecurity competence Centre
On the Cybersecurity Competence Centre, he said one of the jobs of ENISA is providing expertise and forward-looking analysis. This is done in collaboration with other agencies, using sectorial expertise. This cooperation can be used even better, he thought. The Cybersecurity Competence Centre network can be a valuable ally, an opportunity for ENISA to improve its work.
On the 2017 ID chip incident in Estonia, he said it is a good example why we need a European certification scheme. Creating trust, transparency and accountability among the different Member States is important, he underlined.
5G – ENISA to prepare a threat analysis landscape
The Commission published a recommendation in spring, asking the Member States for an internal risk assessment. On the basis of this, a European risk assessment will be done. ENISA is best placed to prepare a 5G threat analysis landscape. The input of Member States will be analysed by ENISA and it will present a study on 5G in due course.
EU Cybersecurity Certification to remain voluntary
Whether cybersecurity certification should be obligatory or voluntary, he thought it should be voluntary, referring to the Cybersecurity Act. ENISA should reach out to other agencies, such as the European Defence Agency and Europol.
|
