Shaping Cybersecurity Policy towards a trusted and secure Europe
European Union Agency for Cybersecurity (ENISA),the European Commission (DG CNECT) and the Belgian presidency of the Council of the European Union organised the 2nd EU Cybersecurity Policy Conference.
This year significant attention was dedicated to the ongoing implementation process of the latest EU cybersecurity policies, both from the national and EU perspective. Against the backdrop of evolving geopolitical developments and the ever-shifting cyber threat landscape, discussions also touched upon the complexities and hurdles within the cybersecurity world and how they will eventually shape the policy priorities.
The first panel covered the deployment of Active Cyber Protection (ACP) measures by Member States within the existing EU legislation and policy framework and the means to boost it by building smart regulatory mechanisms and collaborative implementation.
The second round of discussions addressed market and product challenges, and particularly the digital product and services certification requirements that have attracted the attention of the cybersecurity community.
The topic of certification was also approached in the light of the skills gap that we are facing and its link with building cyber resilience in the EU. On the occasion of the Cybersecurity Certification week and the current progress on the matter, the EU Agency for Cybersecurity is also holding the Annual Cybersecurity Certification Conference on in Brussels.
The Belgian State Secretary for Digitalisation, Mathieu Michel, highlighted that “Cybersecurity and its future policy is a topic of the utmost importance for Belgium, and for Europe, because it is a cornerstone for our future digital and economic growth. I don’t think it is a coincidence that our overall Presidency motto ‘Protect, Strengthen, and Prepare’, is so central to cybersecurity in general. In a world where technology is evolving at a rapid pace, where cyber threats are multiplying and becoming more complex, it is imperative that we adapt our cybersecurity approach to address unprecedented challenges. A flexible, adaptable, and proactive approach to cybersecurity is the guarantee to create vital trust in the ongoing digital transformation, and to make sure that new technologies are secure.”
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar, stated that “Implementing the cybersecurity legal framework of the last two years and ensuring the operational capabilities to deal with emerging cyber challenges will be our measure of success. These ongoing discussions will enable the Agency to propose recommendations in the first ever State of Cybersecurity in the Union report that will direct Europe's strategic mission for a high common level of cybersecurity.”
Among the themes of the conference was the implementation process of the NIS2 Directive provisions and its impact on critical infrastructure sectors, the necessity for more synergies between defence and civilian cybersecurity communities, as well as the emergence of global cybersecurity threats, combined with the rise of new technologies, such as AI, and how policy foresight in this domain might contribute towards better cybersecurity preparedness.
In 2023, ENISA developed the NIS 360 methodology to do an assessment of NIS sectors on an annual basis, to understand better their overall maturity, criticality and to identify areas for improvement. The first edition covered 10 NIS sub-sectors. The policy framework in the finance sector is the most mature, while the telecoms, digital infrastructure, trust and finance sectors are scoring the highest in risk management.