European Standardization Organizations discuss role of
standards in support of EU Cybersecurity Strategy
with Commission Vice-President Neelie Kroes
A high-level delegation from the European Standardization Organizations (ESOs) – CEN, CENELEC and ETSI – met with Neelie Kroes, the Vice-President of the European Commission responsible for the Digital Agenda, in Brussels yesterday (2 April 2014). During this meeting, the representatives from the three ESOs presented their latest proposals regarding how to maximize the positive contribution that standards can make to enhancing internet security and protecting personal data, in order to support the successful implementation of the EU Cybersecurity Strategy.
The meeting with European Commission Vice-President Neelie Kroes was attended by representatives of the European Standardization Organizations (ESOs):
Friedrich Smaxwil – CEN President
Elena Santiago Cid – Director General of CEN and CENELEC
Dirk Weiler – Chairman of the ETSI General Assembly
Christian Ehler – Member of the European Parliament and Chair of the CEN-CENELEC-ETSI Cybersecurity Coordination Group (CSCG)
Torsten Bahke – Chairman of the Executive Board of DIN (German Institute for Standardization), which is a CEN Member and provides the secretariat of the CSCG
Also participating in the discussion was Stephan Lechner – Director of the Institute for the Protection and Security of the Citizen (IPSC), which is part of the European Commission’s Joint Research Centre (JRC), as well as senior officials from ENISA – the EU Agency for Network and Information Security, and the European Commission (DG Connect).
The main purpose of the meeting was to discuss how the three ESOs can contribute towards the successful implementation of the EU Cybersecurity Strategy, which was published by the European Commission last year. The ESO representatives presented a series of recommendations prepared by the CEN-CENELEC-ETSI Cybersecurity Coordination Group (CSCG), which was set up by the ESOs to provide advice on strategic matters related to IT security, Network and Information Security (NIS) and cybersecurity.
The CSCG’s recommendations underline the importance of cybersecurity standardization for the protection of personal data and other important information, as well as the benefits of harmonized cybersecurity standards in terms of completing the European Single Market and unlocking business potential. In order to address these objectives, the ESOs are calling for a coherent framework for the governance of cybersecurity standardization, within the context of EU Regulation 1025/2012 on European standardization.
According to the ESOs, there is a need to establish a clear and common understanding of the scope of cybersecurity, and to clarify and define the terminology used to describe various aspects and concepts related to cybersecurity. There is also a need to develop standards that will ensure the protection of personal data and inspire public confidence by creating a trustworthy digital environment for European citizens and consumers.
During their meeting, Vice-President Kroes agreed with the ESO representatives that Europe should continue to play a leading role in the development of standards related to cybersecurity. Vice-President Kroes was supportive of the ESOs’ ongoing efforts to work with the ICT industry and take the interests of citizens and consumers into account. She emphasized the importance of effective coordination among the ESOs, and also with business associations and other actors through the European Multi-Stakeholders Platform on ICT Standardization, which includes representatives of the ESOs alongside other relevant stakeholders.
Following the meeting, Dr Christian Ehler MEP (Chair of the CSCG), stated:
“With these recommendations, the CSCG encourages the European institutions to establish a global lead in cybersecurity standardization. The protection of personal data is one of the core values of the European Union. We urge that the necessary steps be taken to make the European online environment the safest in the world, as demanded by the EU’s Cybersecurity Strategy.”
Friedrich Smaxwil (CEN President) emphasized the role of the ESOs:
“In CEN and CENELEC we are ready to play our part in supporting the successful implementation of the EU Cybersecurity Strategy. This includes finding out what businesses and consumers need and expect from standards, and reinforcing the links between research and standardization. We will continue to collaborate with the EU institutions, including ENISA and the JRC, as well as with ETSI and the international standardization organizations.”
Dirk Weiler (Chairman of the ETSI General Assembly) added:
“ETSI has just launched a Technical Committee for Cybersecurity to support the EU strategy, meet industry needs for more security standardization and address citizens’ privacy concerns. Today most businesses in Europe rely heavily on internet and online communications, whether internally or with their customers, suppliers or partners. Cybersecurity and data protection have become strategic issues for companies with an impact on their competitiveness, performance and reputation. ETSI continues its very successful security standardization work in various Technical Committees, including the Security Algorithms Group of Experts (SAGE) and the 3rd Generation Partnership Project’s security group, as well as cooperation with relevant other standards development organizations like IETF.”