At this year’s International Cybersecurity Forum in Lille, France, on 25th and 26th January, the ECIL members presented a report, bringing together key recommendations for building a more cybersecure Europe and encourage the emergence of European leadership in cybersecurity
The European Cybersecurity Industry Leaders (ECIL) is a working group of industry representatives, formed in 2015 to offer counsel to the EU Commission.
The ECIL working group comprises Thales, Atos, Airbus Group, Deutsche Telekom, Ericsson, Infineon, Cybernetica, F-Secure, BBVA and BMW.
This working group was created in order to draft a report providing to the European Commission recommendations towards European cybersecurity policy and the development of European cybersecurity leaders. The working group was convened by Thales and Atos.
At this year’s International Cybersecurity Forum in Lille, France, on 25th and 26th January, the ECIL members – represented by Marc Darmon, Executive Vice-President of Thales, Thomas Kremer, Board member for Data Privacy, Legal Affairs and Compliance at Deutsche Telekom and Philippe Vannier, Executive Vice President Big Data & Security for Atos – presented to M. Günther H. Oettinger, European Commissioner for Digital Economy and Society, a report, bringing together key recommendations for building a more cybersecure Europe and to encourage the emergence of European leadership in cybersecurity, a sector with an annual growth of approximately 10%.
Key recommendations made in the ECIL report include:
The establishment of voluntary certification processes at European level based on commonly agreed criteria between member states. Given the fragmentation of the European market, the ECIL believes a voluntary certification process is essential for the development of cybersecurity, in which legislation, standardisation and labeling represent the fundamental pillars of success. They would be designed specifically for manufacturers, solutions and service providers whose products and services would benefit from the seal of protection and security. Corporate bodies and consumers would therefore be able to better identify secure providers. Building on best practices and on other internationally recognised certifications, new security requirements or recommendations for labels would not be necessary.
The promotion of a “Secure-by-design” approach that envisions the development and production of more robust products, software and solutions. Cybersecurity should now be integrated as a mandatory requirement of critical information systems. This is already the case for the performance and resilience of systems, however, the architecture of critical information systems has to be designed with cybersecurity integrated from first principles rather than added at the end.
The creation of an international level playing field for cybersecurity and privacy: the ECIL welcomes the agreement reached by the EU-Institutions on the Network and Information Security directive which sets a framework for risk management requirements and standards across the EU for a fully operational and cybersecure European Digital Single Market. All players of the Information & Communication Technology (ICT) value chain should adhere to equal requirements concerning data confidentiality and cybersecurity regardless of where they operate. All operators share responsibility and interest in making these the guiding principles for member states. A European regulation allowing real-time sharing of data on cyber-attacks, including personal data such as IPs between private and public institutions, is also required.
The protection of data: encryption and security of data flows
Data confidentiality is a vital part of cybersecurity. Perimeter protection is no longer sufficient, it must be complemented by critical data encryption solutions, either on terminals, servers or in the cloud. With the explosion of Big Data analysis as a basis for company strategic decisions, data is now at the heart of the 21st Century business landscape. Sensitive data must not be corrupted or stolen, and it is essential to know how to protect it.
The creation of Europe-wide Information Sharing and Analysis Centres (ISACs) in different sectors:
The collaboration of the ISACs would encourage and facilitate security information exchanges between Member States and Industry critical sectors in order to create an EU cyberspace for businesses and citizens.
The establishment of European cybersecurity leaders and the reduction of market fragmentation to support deeper co-operation and foster a leading role in cybersecurity by EU companies. Market Consolidation should also be fostered where appropriate in order to allow for the most competitive companies within the EU to scale up faster and more efficiently, to keep ahead of competition, in particular from the U.S.
In addition to the report, an action plan has been proposed to M. Oettinger to ensure the execution of the selected recommendations.