On 12 September 2018, the European Commission proposed a regulation establishing a European Cybersecurity Industrial, Technology and Research Competence Centre and a Network of National Coordination Centres. Its aim was to improve EU cybersecurity and resilience, enhance and strengthen the EU’s cybersecurity capacity, stimulating the European cybersecurity technological and industrial ecosystem, as well as to coordinate and pool relevant EU resources. Two years later, key aspects of the proposal continue to be discussed among the major European institutions supported by the four pilot projects, including CyberSec4Europe.

The evening online panel discussion aimed to explore how the proposed Competence Centre and Network regulation will progress during the current German EU Presidency – and beyond.

The distinguished group of panelists were:

• Tamara Tafra is the Permanent Representation of Croatia to the EU and Counsellor for Cyber Issues. She was Chair of the Horizontal Working Party on Cyber Issues during the recent Croatian Presidency.
• Rasmus Andresen is a Member of the European Parliament and Rapporteur for the Cybersecurity Competence Network Centre Regulation dossier.
• Miguel González-Sancho is Head of Cybersecurity Technology and Capacity Building, DG CNECT, European Commission.
• Andreas Könen is head of Cyber ​​and Information Security at the German Federal Ministry of the Interior, Building and Community.
• Juhan Lepassaar is Executive Director of ENISA.

The moderator was David Goodman from Trust in Digital Life Association.

The panel discussion opened with a high-level review on how the regulation proposal progressed at the Council during the Croatian Presidency which ended on 30 June. Despite the constraints restricting any face to face meetings from March to June, a mandate was agreed by Coreper on 3 June and negotiations with the Parliament started on 25 June, with only two open issues (the number of seats and voting rights). Through the incoming German Presidency, the ambition is to complete the trilogue and to have the regulation adopted by the end of 2020.

The Competence Centre

The Competence Centre is intended to be the main body managing EU financial resources dedicated to cybersecurity research under the two proposed programmes – Digital Europe and Horizon Europe – within the next multiannual financial framework (MFF) for 2021-2027.

• The primary role of the Competence Centre is to provide investment, identify priorities, both political and technical, pool resources and give support to Member States and the stakeholder community.
• The anticipated dynamic and engagement of the Member States with the Centre could be in taking joint proposals to the Centre which would approach the EC to match the contribution of the Member States.
• The Network the Centre will support includes the stakeholders participating through the pilots as well as the communities associated with ECSO and ENISA. The Commission’s Cybersecurity Atlas is already demonstrating how the broader community of cybersecurity experts will be built in practice.

The Advisory Board and the Stakeholder Community

• There are outstanding differences of opinion concerning the Advisory Board, whether to maintain the involvement of civil society, industry and science as an integral part of the structure of the Competence Centre; or to remove it, giving a bigger role to the European cybersecurity stakeholder community with more power to choose their own representatives.
• It is envisaged that ENISA will have an enhanced role, with several levels of cooperation with the Centre – structural, operational (including research area synergies, workshops etc) and a shared community.
• It was confirmed that the concept of CHECKs (Community Hubs of Expertise in Cybersecurity Knowledge), as proposed by CyberSec4Europe, is broadly supported.

Looking Beyond 2020

• The establishment of the Competence Centre will be a step in the direction of giving Europe a stronger and better coordinated role in cybersecurity on the world stage than it has at present, leading to greater European sovereignty.
• Throughout the pandemic, everyone has spent more time online and become more keenly aware of cybersecurity issues, at both a micro and macro level, than ever before, making now a great opportunity to headline cybersecurity
• One of the first things the Centre will do is to launch its first round of projects, the results of which we should be able to see next year.
• A concern was expressed as to whether the Centre will be pro-active, stimulating new products, proposing new legislation and driving standardisation – or ‘just’ a distributor of money to Member States, which are perceived as still prioritising the building of their own cybersecurity capacity, rather than encouraging more money to be invested in common European projects.

It was observed that however much we invest, it will always all come down to the actions of individuals, raising awareness and working on cyber hygiene, in order to protect us all.

Read more here.

 

David Goodman, TDL

 

CyberSec4Europe is funded by the European Union under the H2020 Programme Grant Agreement No. 830929