About EU Cybersecurity Competence Centre: Eurosmart expresses its satisfaction with Julia Reda’s ITRE Draft Report

19 Dec 2018 About EU Cybersecurity Competence Centre: Eurosmart expresses its satisfaction with Julia Reda’s ITRE Draft Report

Eurosmart recommends a consistent EU cybersecurity policy and a fair and transparent functioning of the Competence Centre

Eurosmart is committed to proposing secure solutions during the Digital Age. On the 13rd of September, the proposal adopted by European Commission was warmly welcomed by the Eurosmart community. The EU competence center (ECCC) and its related European network, like the 660 cybersecurity lab’s should capitalize on existing initiatives such as the four Cybersecurity pilot projects within H2020, which aim at increasing the European Economic Area (EEA) resilience. Eurosmart wish co-legislators to provide an approach even more consistent with the other EU Cybersecurity activities i.e. NIS-directive, Cybersecurity Act, Digital Europe and Horizon Europe programmes, ePrivacy, GPDR etc.

In this sense, Eurosmart endorses the Reda’s draft report tabled in ITRE Committee last week. The association and its members paid a particular attention to the proposals made by the Rapporteur on the ECCC mission: some of its objectives shall be financed through dedicated programmes and cascading funding (i.e. Digital Europe and Horizon Europe). According to the Eurosmart vision, the Competence Center should not be only a mean of redistributing the European public funds: a more holistic setting must be supported. The ECCC should be therefore the place encouraging EU stakeholders to get involved in defining an efficient EU industrial cybersecurity policy. Eurosmart sponsors the following proposals:

Promoting the “State-of-the-Art” and “Security by default and by design” principles

The EU cybersecurity policy in Europe is unique: the respect of private life and security in the digital world are the most advanced principles in Europe than elsewhere. This is a real asset for the European citizens who can benefit from a reliable technology. Within the European industry and the research community, it represents also a golden opportunity to demonstrate and improve its know-how. Eurosmart is convinced that the ECCC and its community will help the Research Technologie Organisations (RTOs)[HD(DS1] , industry, public authorities, regions, citizens and all relevant actors to make the European Cybersecurity Single Market a great success. It could be the right way to finally develop Europe-based solutions rather than relying on non-EU technologies.

For these reasons, Eurosmart welcomes the proposal to push for the “State-of-the-Art” and “Security by default and by design” when developing the EU standardisation approach. Nevertheless, more attention should be given to the standardisation and certification aspects as envisaged in Arndt Kohn’s draft report, adopted in IMCO Committee. Members of Eurosmart urge co-legislators to consider the development of candidate certification Schemes in the framework of the Cybersecurity Act. The upcoming scheme must include such a level of quality and robustness to reduce the exposure of EU market’s products to potential attack.

ECCC and the collaboration with the 660 cybersecurity lab´s in the Member States

The future competence Center cannot be an additional layer to the European Cybersecurity policy, an integrated approach is expected from the stakeholders. Several initiatives already exist at the EU level, the European Competence Center can become the meeting point for stakeholders to better collaborate. For instance,Eurosmart expects a intenseive collaboration between the ECCC and the 660 cybersecurity lab´s in the European Economic Area, as well as a deep cooperation with other institutions, like EUCCG, ENISA, PSG, JRC, EU-CERT and others. In addition to that a better approach can be proposed in terms of defining the future of the European Standards. This work could be backed by the ECCC in close collaboration with CEN/CENELEC, ENISA and the MSP for standardisation.

A better inclusion of SMEs in Security Market: they represent a strong suit of the European cybersecurity ecosystem

Their mention since the beginning of the legislative text make the cybersecurity actors understand their importance. SMEs hold a big part of the industrial Cybersecurity know-how by gathering a large community of experts. The entire industrial cybersecurity value chain relies on this community that deserves to be fostered. Their inclusion among the direct beneficiaries of financial support by the Competence Centre will make the community benefit from their knowledge.

On the other side, we see innovative start-ups often lacking resources to correctly implement the cybersecurity “State-of-the-Art” requirements. The should have easy access to qualitative EU cybersecurity certificates and benefit from cascading funding. We strongly encourage co-legislators to include this dimension into the current regulatory process.

The presence of associations of SMEs and European Standardisation Organisations – as laid down in the IMCO Draft Report- represent an added value for the Centre.

Accountability and fair representativeness within ECCC bodies.

Eurosmart supports a fair representativeness of stakeholders in the Industrial and Advisory Board. In this regard, we particularly welcomed the proposal from the rapporteur Reda to achieve a balanced and a fair representation of stakeholders. Eurosmart commends to go beyond, and to put the emphasis on the transparency in the governing rules of the Competence Center. This future instrument will manage important EU findings and cannot suffer from any conflict of interest or privatization of the financial earmarking to the benefit of certain providers.

In this context, we recommend that “European entities” are clearly defined, including criteria for accreditation within the ECCC Community as well as those to join the Industrial advisory board. We call on the European Parliament to back the amendment describing what a “European entity” is, as introduced by MEP Arndt Kohn in his IMCO draft opinion. Eurosmart urges members of the Parliament to go further and establish clear thresholds regarding categories represented in the Scientific Advisory board. Amongst the 16 appointed members, a fair representation must be ensured for experts coming from RTOs, SMEs, Public authorities, Region and Industry. We recommend that governance of the Multi Stakeholder Platform on ICT standardization can be used as model. Its members are exclusively experts from NGOs and professional organizations to avoid any kind of ‘bargains’ or advantages for its members.

Lastly, when it comes to accountability, Eurosmart suggests appointing the Director of ECCC upon the European Parliament’s advisory opinion and organizing an annual public hearing in a joint ITRE-IMCO Committee where the director would present ECCC outputs and its annual roadmap.