EDSO amendments to the Proposal for a Regulation on ENISA and on Information and Communication Technology cybersecurity certification
In September 2017, the European Commission proposed a Regulation aiming at reinforcing the role of the EU Cybersecurity Agency ENISA and setting up European cybersecurity certification schemes. EDSO welcomes this piece of legislation that could bring potential to foster network and information security throughout the EU.
EDSO members have continuously dedicated attention and efforts to increase security levels on their networks and in their activities. Therefore, EDSO considers this proposal as a positive step in EU cybersecurity policy. However, some further attention should be paid to specific points of the proposed certification schemes:
- National agencies – cybersecurity agencies and certification supervisory authorities – are the key actors that can bring technical expertise in these schemes. Certification schemes should therefore take into account this reality and allow for a larger role for these entities.
- The European energy industry, and particularly network operators, have already taken actions to mitigate cybersecurity risks and should provide guidance to the requirements of the certification schemes.
- Certification schemes should specify thorough technical elements to ensure their efficiency.
- National certification schemes should remain in force if not covered by European schemes.
- The European Cybersecurity Certification Group should be empowered to provide technical support and assessment of certification bodies.