On the evening of 18 November 2021, CyberSec4Europe, with the friendly support of the Representation of the State of Hessen to the EU, hosted a roundtable, at which national cybersecurity community representatives from across Europe shared their experiences, challenges and their aspirations for the future of cybersecurity in Europe.

Each Member State has its own set of cybersecurity-related priorities or agenda relevant to the specific strengths of its key sectors, many of which have a common set of challenges. Of particular interest is the degree of connectedness of the communities with each other, both at national and supranational levels, which plays into expectations relating to the governance and decision-making processes of the national coordination centres and their relationship with the new European Cybersecurity Competence Centre in Bucharest.

During his welcome address, Mark Weinmeister, Secretary of State for European Affairs of the State of Hessen, observed how Europe was facing a diversity of issues, challenges and opportunities in cybersecurity, and that every Member State, region and municipality has its own approach and priorities. There are incredible opportunities in this diversity and for it to succeed we need a common framework, working together to fulfil the initiatives coming from the EU and the EC.

Following him, we were privileged to have as keynote speaker Miguel González-Sancho, Head of Unit, Cybersecurity Technology and Capacity Building, DG CONNECT, European Commission who is also acting executive director of the Bucharest Centre. Miguel picked up on the two themes of diversity and a common framework, and added a third – priority, all of which added up to what the regulation on the Cybersecurity Competence Centre and Network are about – a governance proposition. Miguel highlighted the three-layer model – the Centre, the national coordination centres and the community – and reflected how the regulation was inspired by the wider community and their expertise and will continue to interact as an information feed for strategic and funding decisions from the top.

The roundtable moderator, David Goodman, Senior Consultant at Trust in Digital Life, invited each of the participants to introduce themselves and briefly share their challenges and expectations in the light of what they’d heard from the keynote speaker.

• CyberSec4Europe – Natalia Kadenko is a postdoctoral researcher in Cybersecurity Governance and Disinformation at TU Delft and is leading the project work that is looking at the Governance model for the cybersecurity community network.
• Italy – Matteo Lucchetti is director of CYBER 4.0, a private-public partnership and one of eight competence centres set up by the Italian ministry, each with their own objectives and mission.
• The Netherlands – Eddy Boot is director at dcypher, a collaboration platform for cybersecurity innovation, which is an independent public-private partnership, set up by the Ministry for Economic Affairs and Climate as will be the forthcoming NCCC.
• Germany – Christian Mrugalla is Head of Division, International Cybersecurity and Cybersecurity Research at the Federal Ministry of the Interior. In Germany, the NCCC is going to be set up in the public sector (in the BFI) with the collaboration of several stakeholder ministries.
• Spain – Juan Díez González, Head of support to research and innovation at INCIBE, the Spanish National Cybersecurity Institute which is already doing many of the things a NCCC is expected to do.
• Greece – Ioannis Alexakis is Head of the Directorate for Cybersecurity Strategic Planning in the General Secretariat of Telecommunications and Posts at the Ministry of Digital Governance.
• Norway – Silje Johansen is an advisor at the Norwegian Digitalisation Agency, responsible for following cybersecurity under DIGITAL Europe. Norway is not yet fully associated with the Competence Centre regulation but hopefully it is just a matter of time.
• Ireland – James Caffrey is a staff engineer in the Cyber Security & Internet Policy Division in the Department of Environment, Climate & Communication. He pointed out that for many reasons Ireland is Anglo-centric and is at home working with third countries, which can be a key challenge in terms of cohesion in a European context.

Having completed the tour de table, the participants addressed a question from the audience on the type of entities that constituted a community.

As the discussion drew to a close, David invited Miguel to sum up his reaction to the points raised by the roundtable participants. Miguel emphasised the structure embodied in the regulation and the way in which this framework could accommodate the wide diversity of experience and expertise across the wider European cybersecurity community.

A longer report and the video recording of the roundtable can be found on the project website.