The EU Cybersecurity Act (CSA) came into force yesterday (27th of June, 2019), as the European Network and Information Security Agency (ENISA) rebranded as the EU Agency for Cybersecurity (EUAC) with a new permanent mandate.
The Cybersecurity Act will give EUAC a reinforced role in cybersecurity with new tasks, and it has been given additional financial and human resources.
EUAC executive director Udo Helmbrecht said: “I welcome the Cybersecurity Act and thank the Council, European Parliament and Commission for their support in the drafting and passing of this important piece of cybersecurity legislation. I also welcome the reinforced role of EUAC in the European cybersecurity ecosystem and the opportunity for EUAC to support the Digital Single Market.
“I believe the European Cybersecurity Certification Framework detailed in the Act will play a leading role for the advancement and harmonisation of cybersecurity certification in Europe and beyond. EUAC will have market related tasks, notably by preparing ‘European cybersecurity certification schemes’ that will serve as the basis for certification of ICT products, processes and services.”
- RBS trials software to eliminate recruitment bias
- Glasgow scientists use people’s memories to create 3D likeness
- Bruce Schneier on the challenges of a connected world
Commissioner Mariya Gabriel, EU Commissioner in charge of Digital Economy and Society, said: “The EU Cybersecurity Act has demonstrated the urgency to opt for an EU approach in this sensitive area. It is crucial for citizens, businesses and Member States to feel more secure, including in cases of large-scale cross-border cyber-attacks.
“The Cybersecurity Act also enables EU-wide cybersecurity certification for the very first time, thus boosting the Single Market for cybersecurity. Through the Cybersecurity Act, the Directive on the security of networks and information systems and the proposed European Cybersecurity Competence Centre, we have put forward a strong EU pattern, based on values and open for strengthening cooperation with international partners.”
EUAC is henceforth mandated to perform the following new tasks:
EUAC will play a key role in the development of the EU Cybersecurity certification framework by preparing candidate certification schemes. Cybersecurity certification is a new policy area at EU level. In delivering this task the Agency aims to provide high quality technical and policy support to stakeholders.
The EUAC will support capacity-building and preparedness across the EU by assisting the Union institutions, bodies, offices and agencies, as well as Member States and public and private stakeholders, to increase the protection of their network and information systems, to develop and improve cyber resilience and response capacities, and to develop skills and competencies in the field of cybersecurity.
At the EU level, EUAC will continue to support the coordination of responses to large-scale cyber-attacks and crises, in cases where two or more EU Member States are affected. This includes the possibility for the Agency to carry out post-incident analysis, when requested by the Member States.
EUAC will actively support the European Commission and Member States in developing and implementing upcoming European cybersecurity policies.
The Act will provide an opportunity for the Agency to apply its knowledge and experience towards the future vision of EU cybersecurity.
EUAC will assist Member States and EU institutions, bodies, offices and agencies in establishing and implementing vulnerability disclosure policies on a voluntary basis.
- ENISA was set up in 2004 to work on a wide range of topics on network and information security. The Agency has been supporting the EU Commission and the Member States by giving guidance on the technicalities of network and information security, thus contributing to the proper functioning of the internal market.