Gone are the days when cybersecurity was solely the responsibility of IT professionals. Nowadays, technology has become all-encompassing, making cybersecurity a crucial aspect for all organisations. Cyber resilience is no longer limited to individual organisations, but instead requires a collaborative approach across borders.
If your company were to fall victim to a sophisticated cyber-attack tomorrow, would you have the necessary measures in place to respond effectively? Do you have concerns about whether the European Union has sufficient tools to combat cybercrime and protect your business from hackers?
In this blog post, Publyon’s Consultant Brecht Osselaer provides some key insights about the EU cyber package, published in response to recent cyber threats. The article will briefly explore in what way the two differing initiatives in the package will augment the cybersecurity of your organisation’s operations and what business opportunities open up for your company.
The Cyber Solidarity Act: taking actions against cyber threats
The European Commission published two initiatives on 18 April which will boost the cybersecurity sector in the EU: a Cyber Solidarity Act and an initiative on a Cybersecurity Skills Academy.
Why is the Act important?
Cybersecurity is of concern for many types of organisations. Cyber resilient infrastructure and the protection of data are particularly important challenges within the EU context.
The Cyber Solidarity Act is an initiative which is part of the larger EU policy on cyber defence. With this Act, the Commission aims to establish a European network of cyber resilient infrastructure consisting of regional security operation centres (SOCs).
These centres are using the latest technology to detect cyber threats and warn authorities quickly, thereby reducing the havoc a sophisticated cyberattack can wreak. Support for incident response will be provided through the EU Cybersecurity Reserve (see below) with services from trusted private providers.
By sharing regional threat intelligence through a common EU detection system, a cyber shield will be set up. Moreover, the Act involves testing services and systems for weaknesses and being ready to response accurately when a cyberattack occurs.
The EU Cybersecurity Reserve: what can we expect?
The Act will set up a new legal framework for a co-funding mechanism between Member States and the private sector. A pool of private cyber companies will form a ‘cyber reserve’ on standby – officially named the EU Cybersecurity Reserve – and which will be ready to intervene in any cyber solidarity request from Member States when facing an attack.
The Reserve will consist of services from a selected pool of trusted private companies providing managed security services, such as incident analysis or incident response coordination. The providers of these services will be selected in a procurement procedure.
Becoming a guardian of cybersecurity: how to earn the cyber reserve status?
These trusted companies need to get the approval of a national Conformity Assessment Body (CAB) first before they can apply for the ‘cyber reserve’ status. This approval will be based on the criteria which will also be used to obtain a cybersecurity certification scheme.
For more information on this certification, you can view the Q&A with cybersecurity expert Stefano in our Data Policy Update.
Cybersecurity Skills Academy: promoting digital skills
An important non-legislative initiative in the toolbox of the European Commission to bolster digital skills is the Cybersecurity Skills Academy.
The online cyber campus: what does it entail?
In short, the idea is to create a single point of contact through the Digital Skills and Jobs Platform for all the existing work streams. Rather than creating a new program or organisation from scratch, the platform serves as a comprehensive hub for existing initiatives aimed at promoting cybersecurity skills. Later on, the Commission proposes that the Academy takes the shape of a European digital infrastructure consortium (EDIC), a new legal framework to implement multi-country projects.
The initiative is also tied strongly to the preparation for 2023 as the European Year of Skills and the recently published European Cybersecurity Skills Framework.
“[The European Cybersecurity Skills Framework] can become an enabler of a common European language on cybersecurity skills across the whole European cyber ecosystem and a building block for the Commission’s work on a genuine Cybersecurity Skills Academy.” – Despina Spanou, head of Cabinet for European Commissioner for Promoting our European Way of Life, Margaritis Schinas.
How does the European Cybersecurity Skills Framework help bridge the cybersecurity skills gap?
The European Cybersecurity Skills Framework (ECSF) – created by the European Union Agency for Cybersecurity (ENISA) – is a practical tool that helps you identify and articulate the tasks, competences, skills and knowledge associated with the various roles of European cybersecurity professionals. The final version of the ECSF is complemented with a user manual, which constitutes a practical guide to the utilisation of the ECSF.
The ECSF summarises all cybersecurity-related roles into twelve profiles, which are used as case studies to promote a common understanding between individuals, employers and providers of learning programmes across EU Member States. This is what makes the ECSF a valuable tool to bridge the gap between the cybersecurity professional workplace and learning environments.
The user manual includes three examples for private organisations that need to hire, upskill and/or reskill their personnel in cybersecurity, along with use cases, which reflect the experience of seven organisations using the ECSF in different contexts.
How can cybersecurity skills propel your business forward?
With regard to digital skills, 55% of enterprises reported difficulties in recruiting ICT specialists in 2020. This contributes in turn towards the slower digital transformation of businesses in many Member States. It is expected that the rollout of the Cybersecurity Skills Academy initiative will help to bridge the digital cybersecurity skills gap in the EU, estimated in 2022 at more than 291.000 specialists needed.
To stay ahead of the curve, organisations will have to invest in targeted training and education programs. Furthermore, they should give incentives to attract and retain talent in the cybersecurity field, while building a diverse and inclusive workforce and investing in technologies that automate certain tasks.
Additionally, organisations can open the door to entry-level candidates by creating and promoting internship, apprenticeship, and entry-level positions, which provide opportunities for individuals to gain the necessary skills and experience to advance in the cybersecurity field.
Learn more about our EU cyber-related services
Publyon offers tailor-made solutions to navigate the evolving policy environment at EU level and anticipate the impact of the EU cyber-related legislation on your organisation.
If you’re intrigued by the EU’s latest efforts to enhance cyber resilience, you can contact our cybersecurity expert Stefano Mauro (s.mauro@publyon.com) about our Cyber Fitness Scan. This digital service will help all kinds of businesses identify the cybersecurity requirements for digital products in the EU. It also provides strategic advice and solutions to ensure organisations are fully aware of and equipped with the tools to enhance their cyber resilience.
For more information on Publyon’s full range of services, don’t hesitate to contact us.