The EU should set up a cybersecurity competence center in industry, technology and research, as well as an associated network of national coordinating bodies. A corresponding draft regulation was adopted by the European Parliament on Wednesday with 480 to 70 votes. The initiative aims to contribute “to the overall resilience in the Union with regard to threats” in the area of network security and related awareness raising, taking full account of “social side effects”.
For a “maximum cybersecurity”
Another objective is to strengthen cybersecurity competitiveness and capacity in the EU, while reducing “digital dependency” through increased use of relevant “made in Europe” products, processes and services. All Member States must have “maximum cybersecurity”. The aim is to close the vulnerabilities that exist in some EU countries, creating “security-related vulnerabilities” across the Union.
Under “cybersecurity” MEPs “take all necessary action to protect cyber threats from network and information systems, their users and data subjects”. The outlined center is to urge that the principle of “Security by Design” be respected in the “development, maintenance, operation and updating of infrastructures, products and services”.
The parliament has written to the institution in the studbook to advance modern and safe development procedures, appropriate security tests and safety checks and certifications. Attention should also be paid to the commitment of manufacturers and suppliers to “provide updates promptly and beyond the estimated lifetime of the product to address new vulnerabilities or threats”. Otherwise, third parties should be given the opportunity to develop and offer updates.
Recourse to the existing
The Center of Excellence and its bodies should benefit from the experience and contributions of past and present initiatives. These include representatives of the public, such as the Public-Private Partnership for Security on the Internet, the European Cybersecurity Organization or the Pilot Project for Open and Open Source Software Audit ( FOSSA ). Open source applications, which are used in common infrastructures, products and processes, should be able to be better-checked thanks to appropriate financial resources.
Strategies for increasing the use of free software by public authorities should be supported, the decision goes on. Above all projects in the interest of society and the common good would have to use “open standards, open data and free and open source software”. This contributes, for example, to defense capability and “raising awareness of cybersecurity issues”.
As there is already a dedicated body with the European Network and Information Security Agency (ENISA), the center of excellence seeks to “maximize synergies” with it. An assignment for both institutions is to jointly focus on “research results in the field of self-learning algorithms, which are used for malicious cyber activities”.
No fixed budget and no seat
The Competence Center will coordinate relevant components and resources from the Digital Europe programs, the new Horizon Europe research framework, and European Defense Fund actions. Even the institution has no fixed budget, which could turn out to be a weak point: the Member States wishing to contribute can “voluntarily contribute financially to the administrative and operating costs”. The seat of the center is yet to be determined in a “democratically comprehensible procedure”. The European Commission wanted to locate it in Brussels.