EU Policymakers Must Act Now to Boost Europe鈥檚 Cyber Resilience

TechWonk Blog

TechWonk Blog - EU Policymakers Must Act Now to Boost Europe鈥檚 Cyber Resilience

October 31, 2024 by View all posts by Laura Wiesenfeld

Europe is enduring an increasingly complex security landscape. Russia’s war of aggression against Ukraine and the Middle East have not only heightened geopolitical tensions but have also escalated the severity of cyber threats and the frequency of cyberattacks. Amidst these evolving challenges, it is essential for Europe to ensure that security and resiliency challenges are adequately addressed while enabling an environment for innovation and boosting Europe’s global competitiveness.

At the same time, the European Union is driving cybersecurity policy trends worldwide. Leading with comprehensive legislative frameworks tackling cybersecurity such as the Cybersecurity Act, the NIS 2 Directive, the Cyber Resilience Act (CRA), and the Cyber Solidarity Act, EU policymakers have demonstrated their commitment to addressing the globe’s most pressing policy questions and opportunities when it comes to security.

As the European Union enters a new mandate, 91pro视频 offers strategic recommendations to enhance Europe’s cybersecurity capabilities while sustaining its economic competitiveness:

Support the establishment of cybersecurity frameworks to unleash the full potential of new cybersecurity legislations. Legislations such as NIS 2 and the CRA foresees various cooperation mechanisms and bodies such as the Cooperation Group, competent national networks or information systems authorities. It is essential that those bodies are established in a timely fashion and that their roles are clearly defined so that the potential of these legislations is fully unleashed. The EU should prioritize supporting the implementation of these frameworks by providing Member States and agencies with the necessary space and time to fulfill their obligations.

Enhance the development of EU-wide cybersecurity certification schemes and strengthen ENISA’s mandate. The upcoming review of the Cybersecurity Act presents a key opportunity to streamline the certification development process, ensuring their timely adoption while allowing for thorough technical discussions and involvement of all relevant stakeholders. Certification schemes are essential for establishing robust cybersecurity standards, and a more collaborative development process will enhance its effectiveness. Additionally, ENISA’s role should be bolstered to maintain its independence and technical focus, enabling it to coordinate and support cybersecurity efforts across the EU effectively. As ENISA takes on increased responsibilities with new regulations like the CRA, Cyber Solidarity Act, and NIS 2 Directive, it must be provided with sufficient resources to fulfill its expanded mandate without compromising other essential activities, such as the development of certification schemes.

Harmonize and coordinate cybersecurity efforts. To enhance the coherence and effectiveness of the EU's cybersecurity efforts the EU should centralize the coordination of cybersecurity efforts. This can be achieved by entrusting an existing body or individual as the central coordinator for these efforts and establishing a platform for discussion—comprising ENISA, CERT-EU, the European Commission, national security agencies and critical infrastructure operators. This mechanism would ensure a strategic and unified approach across all relevant initiatives.

Strengthen cybersecurity skills in the EU’s workforce. To bolster the EU's long-term resilience and competitiveness in technology, it is vital to enhance the cybersecurity skills of both the current and future workforce. This includes increased investment in STEM and computer education, targeted training programs for underrepresented groups, and immigration policies that attract global talent. With a critical shortage of cybersecurity professionals, the EU should prioritize initiatives like the Cyber Skills Academy to address this gap.

Ensure the effective, uniform, and practical implementation of legislative initiatives across the Single Market. Given the increasing number of cybersecurity legislative initiatives, Europe needs to pay particular attention in ensuring coherence and avoidance of conflicting requirements, particularly in areas like vulnerability and incident reporting and management. Conflicting and overlapping requirements between frameworks such as NIS 2, DORA, and CRA can increase complexity and operational costs for businesses without necessarily improving cybersecurity outcomes. Therefore, Europe must prioritize coherence and consistency across its legislative framework, providing clear guidance to businesses on compliance and streamlining reporting requirements to avoid duplication. Additionally, systematic and in-depth impact assessments of these regulations should be conducted to evaluate their real-life effects on enhancing cyber resilience, on innovation and competitiveness. This will ensure that new laws do not inadvertently hinder Europe's cybersecurity goals or burden its economic landscape.

Foster global approaches to cybersecurity. To strengthen Europe's cybersecurity resilience, the EU must prioritize fostering global collaboration and aligning its strategies with like-minded international countries and partners through international platforms such as the G7, NATO and the OECD. This involves deepening transatlantic cooperation with the U.S., through initiatives like the EU-U.S. Cyber Dialogue. Additionally, the EU should strategically engage in developing global, transparent, and consensus-based international cybersecurity standards and ensure their recognition under EU law. This includes reviewing policies that exclude non-European stakeholders from standardization processes, reducing trade barriers, and avoiding interoperability challenges that could negatively impact companies operating across the Single Market. The EU should also move away from sovereignty-based approaches, such as data localization and foreign ownership requirements, which can hinder competition, increase costs, and reduce access to cutting-edge cybersecurity and cloud solutions. Instead, focus should be on open, collaborative, and technically-driven standards that enhance security while maintaining global competitiveness. Lastly, ensuring legal certainty for international data flows is also crucial, as it supports robust cybersecurity solutions.

It’s now more important than ever to boost the EU’s cybersecurity resilience. Check out 91pro视频’s Vision 2030 policy guide on cybersecurity to learn more about our advocacy.

Tags: Cybersecurity

The CMMC Journey: The Next Milestone in Strengthening National Security
October 30, 2024

The journey of the Cybersecurity Maturity Model Certification (CMMC) program has been one of dedication, public-private collaboration, and relentless effort to secure the Defense Industrial Base (DIB). [...]
#DownloadonTech: Aura鈥檚 Chief Scientist Zully Ramzan Explores AI-Driven Cybersecurity Innovations
August 1, 2024

In this episode, Download on Tech host and 91pro视频 President and CEO Jason Oxman sits down with Zully Ramzan, Chief Scientist at Aura and head of AuraX for an in-depth look into how AuraX is advancing online [...]
The UK鈥檚 Chance to Lead on Global Tech Policy
July 9, 2024

The United Kingdom鈥檚 general election has delivered a resounding victory for Kier Starmer鈥檚 Labour Party after 14 years in opposition. In scenes reminiscent of Tony Blair鈥檚 sweep to power in 1997, Labour [...]
Expansion of FISA Electronic Communications Service Provider Definition Must Be Removed
April 16, 2024

There is no greater responsibility of the U.S. government than to provide for the security of the country, and as the Privacy and Civil Liberties Oversight Board (PCLOB) reaffirmed in 2023, Section 702 [...]
Four Recommendations to Improve the Cyber Resilience Act
November 6, 2023

EU legislators are preparing for the next round of trilogue negotiations on the EU Cyber Resilience Act (CRA), which has the important goal of improving cybersecurity across the European single market. [...]
Four Recommendations for State and Tribal Governments Formulating Their Cybersecurity Plans
October 3, 2023

In 2021, the U.S. Congress passed a landmark piece of legislation, the Infrastructure Investment and Jobs Act (IIJA), which took a critical step towards modernizing state, local, tribal, and territorial [...]
Five Recommendations to Unlock the Benefits of Streamlining Federal Cybersecurity Schemes
October 31, 2022

The U.S. government marks October as Cybersecurity Awareness Month to celebrate the year-round work of countless dedicated civil servants to strengthen the security of the United States. Many of 91pro视频鈥檚 [...]
What Tech Wants to See in the Upcoming U.S. National Cyber Strategy
July 22, 2022

As the Biden Administration develops its National Security Strategy (NSS), the Office of the National Cyber Director (ONCD) is also undertaking an effort to develop a National Cybersecurity Strategy (NCS) [...]
Cyber Incident Reporting Demands an Interoperable, Global Approach
March 18, 2022

On March 15, U.S. President Joe Biden signed a $1.5 trillion omnibus spending bill into law, which included innovative provisions that introduce new cyber incident reporting obligations for critical infrastructure [...]
Five Policy Initiatives That Will Shape U.S. IT Procurement in 2022
February 17, 2022

The Biden Administration continues to advance a multitude of technology and cybersecurity initiatives that will reset the way the U.S. government and professionals approach procurement in federal information [...]