The European Commission, Council of the EU, and the European Parliament have reached a political agreement on the EU’s cybersecurity act. According to an announcement that was made on 10th December 2018, the fast pace which has been used to adopt this Act confirms that one of the top political agendas of this union is cybersecurity.
The Main Goal of EU’s Cybersecurity Act
The main purpose of this Act was to advance and upgrade the cybersecurity of consumer devices and online services within the European Union. This was after the union established that resilience and security were not being effectively developed into processes, services, or products. The Act which was first proposed in 2017 was part of various measures that were designed to deal with the increasing wave of cyber attacks. Its main aim was to ensure that the cybersecurity of the EU, as well as that of the NIS’ Directive, were enhanced.
This Act will be used to set various certification schemes for EU’s cybersecurity products which include software, hardware, and network as well as information systems. One of the best Network Support Companies that you can check online for better and affordable solutions is TNSC ICT support. The scheme will be used for services that involve storing, transferring, processing and or retrieving of information through information systems and networks. Besides that, the certification scheme will be used for processes that involve designing, developing, delivering, and maintaining of ICT-related services and products. Candidate schemes for various services, products, and process that will be used by the European Commission will be prepared by Information Security and the ENISA.
Each certification scheme will only be valid in member states only. However, the level of assurance and risks may involve self-assessment of the certification by the provider or manufacturer of the services or products. Note that this may also involve the conformity-assessment group or a certification authority.
According to the union, each scheme is expected to have its own unique scope. This may include certain conditions for identification with 3rd countries. The certification scheme can specify three levels of assurance i.e. high, substantial, or basic. The level helps to determine the evaluations and requirements which the processes, services, or products will be subjected to. Note that these schemes will heavily rely on a detailed set of rules, procedures, standards, and technical requirements. The complete life cycle of the services, products or the processes will also be covered.
ENISA will have a permanent responsibility as well as new tasks when it comes to supporting various EU institutions and the member states. This agency will be required to provide the member states with the necessary resources in order to effectively respond to cyber attacks. Furthermore, they will be required to facilitate coordination and cooperation in the EU.
So what’s next after this? Well, the cybersecurity act was the goal of the Austrian presidency. Its adoption, which needs to be approved formally by the EU’s Council and the European Parliament, will happen in March 2019. Once the Act gets published in the EU’s Official Journal, it will become official.