Connect with us

Digital economy

New EU Cybersecurity Strategy and new rules to make physical and digital critical entities more resilient

Published

on

Today (16 December) the Commission and the High Representative of the Union for Foreign Affairs and Security Policy are presenting a new EU Cybersecurity Strategy. As a key component of Shaping Europe's Digital Future, the Recovery Plan for Europe and the EU Security Union Strategy, the Strategy will bolster Europe's collective resilience against cyber threats and help to ensure that all citizens and businesses can fully benefit from trustworthy and reliable services and digital tools. Whether it is the connected devices, the electricity grid, or the banks, planes, public administrations and hospitals Europeans use or frequent, they deserve to do so with the assurance that they will be shielded from cyber threats.

The new Cybersecurity Strategy also allows the EU to step up leadership on international norms and standards in cyberspace, and to strengthen cooperation with partners around the world to promote a global, open, stable and secure cyberspace, grounded in the rule of law, human rights, fundamental freedoms and democratic values. Furthermore, the Commission is making proposals to address both cyber and physical resilience of critical entities and networks: a Directive on measures for high common level of cybersecurity across the Union (revised NIS Directive or ‘NIS 2'), and a new Directive on the resilience of critical entities.

They cover a wide range of sectors and aim to address current and future online and offline risks, from cyberattacks to crime or natural disasters, in a coherent and complementary way. Trust and security at the heart of the EU Digital Decade The new Cybersecurity Strategy aims to safeguard a global and open Internet, while at the same time offering safeguards, not only to ensure security but also to protect European values and the fundamental rights of everyone.

Building upon the achievements of the past months and years, it contains concrete proposals for regulatory, investment and policy initiatives, in three areas of EU action: 1. Resilience, technological sovereignty and leadership
Under this strand of action the Commission proposes to reform the rules on the security of network and information systems, under a Directive on measures for high common level of cybersecurity across the Union (revised NIS Directive or ‘NIS 2'), in order to increase the level of cyber resilience of critical public and private sectors: hospitals, energy grids, railways, but also data centres, public administrations, research labs and manufacturing of critical medical devices and medicines, as well as other critical infrastructure and services, must remain impermeable, in an increasingly fastmoving and complex threat environment. The Commission also proposes to launch a network of Security Operations Centres across the EU, powered by artificial intelligence (AI), which will constitute a real ‘cybersecurity shield' for the EU, able to detect signs of a cyberattack early enough and to enable proactive action, before damage occurs. Additional measures will include dedicated support to small and medium-sized businesses (SMEs), under the Digital Innovation Hubs, as well as increased efforts to upskill the workforce, attract and retain the best cybersecurity talent and invest in research and innovation that is open, competitive and based on excellence.
2. Building operational capacity to prevent, deter and respond
The Commission is preparing, through a progressive and inclusive process with the member states, a new Joint Cyber Unit, to strengthen cooperation between EU bodies and member state authorities responsible for preventing, deterring and responding to cyber-attacks, including civilian, law enforcement, diplomatic and cyber defence communities. The High Representative puts forward proposals to strengthen the EU Cyber Diplomacy Toolbox to prevent, discourage, deter and respond effectively against malicious cyber activities, notably those affecting our critical infrastructure, supply chains, democratic institutions and processes. The EU will also aim to further enhance cyber defence cooperation and develop state-of-the-art cyber defence capabilities, building on the work of the European Defence Agency and encouraging Mmmber states to make full use of the Permanent Structured Cooperation and the European Defence Fund.
3. Advancing a global and open cyberspace through increased co-operation
The EU will step up work with international partners to strengthen the rules-based global order, promote international security and stability in cyberspace, and protect human rights and fundamental freedoms online. It will advance international norms and standards that reflect these EU core values, by working with its international partners in the United Nations and other relevant fora. The EU will further strengthen its EU Cyber Diplomacy Toolbox, and increase cyber capacity-building efforts to third countries by developing an EU External Cyber Capacity Building Agenda. Cyber dialogues with third countries, regional and international organizations as well as the multistakeholder community will be intensified.

The EU will also form an EU Cyber Diplomacy Network around the world to promote its vision of cyberspace. The EU is committed to supporting the new Cybersecurity Strategy with an unprecedented level of investment in the EU's digital transition over the next seven years, through the next long-term EU budget, notably the Digital Europe Programme and Horizon Europe, as well as the Recovery Plan for Europe. Member States are thus encouraged to make full use of the EU Recovery and Resilience Facility to boost cybersecurity and match EU-level investment.

The objective is to reach up to €4.5 billion of combined investment from the EU, the member states and the industry, notably under the Cybersecurity Competence Centre and Network of Coordination Centres, and to ensure that a major portion gets to SMEs. The Commission also aims at reinforcing the EU's industrial and technological capacities in cybersecurity, including through projects supported jointly by EU and national budgets. The EU has the unique opportunity to pool its assets to enhance its strategic autonomy and propel its leadership in cybersecurity across the digital supply chain (including data and cloud, next generation processor technologies, ultra-secure connectivity and 6G networks), in line with its values and priorities.

Cyber and physical resilience of network, information systems and critical entities Existing EU-level measures aimed at protecting key services and infrastructures from both cyber and physical risks need to be updated. Cybersecurity risks continue to evolve with growing digitalisation and interconnectedness. Physical risks have also become more complex since the adoption of the 2008 EU rules on critical infrastructure, which currently only cover the energy and transport sectors. The revisions aim at updating the rules following the logic of the EU's Security Union strategy, overcoming the false dichotomy between online and offline and breaking down the silo approach.

To respond to the growing threats due to digitalisation and interconnectedness, the proposed Directive on measures for high common level of cybersecurity across the Union (revised NIS Directive or ‘NIS 2') will cover medium and large entities from more sectors based on their criticality for the economy and society. NIS 2 strengthens security requirements imposed on the companies, addresses security of supply chains and supplier relationships, streamlines reporting obligations, introduces more stringent supervisory measures for national authorities, stricter enforcement requirements and aims at harmonising sanctions regimes across Member States. The NIS 2 proposal will help increase information sharing and cooperation on cyber crisis management at national and EU level. The proposed Critical Entities Resilience (CER) Directive expands both the scope and depth of the 2008 European Critical Infrastructure directive. Ten sectors are now covered: energy, transport, banking, financial market infrastructures, health, drinking water, waste water, digital infrastructure, public administration and space. Under the proposed directive, member states would each adopt a national strategy for ensuring the resilience of critical entities and carry out regular risk assessments. These assessments would also help identify a smaller subset of critical entities that would be subject to obligations intended to enhance their resilience in the face of non-cyber risks, including entitylevel risk assessments, taking technical and organisational measures, and incident notification.

The Commission, in turn, would provide complementary support to member states and critical entities, for instance by developing a Union-level overview of cross-border and cross-sectoral risks, best practice, methodologies, cross-border training activities and exercises to test the resilience of critical entities. Securing the next generation of networks: 5G and beyond Under the new Cybersecurity Strategy, member states, with the support of the Commission and ENISA - the European Cybersecurity Agency, are encouraged to complete the implementation of the EU 5G Toolbox, a comprehensive and objective risk-based approach for the security of 5G and future generations of networks.

According to a report published today, on the impact of the Commission Recommendation on the Cybersecurity of 5G networks and the progress in implementing the EU toolbox of mitigating measures, since the progress report of July 2020, most Member States are already well on track of implementing the recommended measures. They should now aim to complete their implementation by the second quarter of 2021 and ensure that identified risks are adequately mitigated, in a coordinated way, particularly with a view to minimising the exposure to high-risk suppliers and avoiding dependency on these suppliers. The Commission also sets out today key objectives and actions aimed at continuing the coordinated work at EU-level.

A Europe Fit for the Digital Age Executive Vice President Margrethe Vestager said: "Europe is committed to the digital transformation of our society and economy. So we need to support it with unprecedented levels of investment. The digital transformation is accelerating, but can only succeed if people and businesses can trust that the connected products and services - on which they rely – are secure."

High Representative Josep Borrell said: "International security and stability depends more than ever on a global, open, stable and secure cyberspace where the rule of law, human rights, freedoms and democracy are respected. With today's strategy the EU is stepping up to protect its governments, citizens and businesses from global cyber threats, and to provide leadership in cyberspace, making sure everybody can reap the benefits of the Internet and the use of technologies."

Promoting our European Way of Life Vice President Margaritis Schinas said: "Cybersecurity is a central part of the Security Union. There is no longer a distinction between online and offline threats. Digital and physical are now inextricably intertwined. Today's set of measures show that the EU is ready to use all of its resources and expertise to prepare for and respond to physical and cyber threats with the same level of determination."

Internal Market Commissioner Thierry Breton said: "Cyber threats evolve fast, they are increasingly complex and adaptable. To make sure our citizens and infrastructures are protected, we need to think several steps ahead, Europe's resilient and autonomous Cybersecurity Shield will mean we can utilise our expertise and knowledge to detect and react faster, limit potential damages and increase our resilience. Investing in cybersecurity means investing in the healthy future of our online environments and in our strategic autonomy."

Home Affairs Commissioner Ylva Johansson said: "Our hospitals, waste water systems or transport infrastructure are only as strong as their weakest links; disruptions in one part of the Union risk affecting the provision of essential services elsewhere. To ensure the smooth functioning of the internal market and the livelihoods of those living in Europe, our key infrastructure must be resilient against risks such as natural disasters, terrorist attacks, accidents and pandemics like the one we are experiencing today. My proposal on critical infrastructure does just that."

Next steps

The European Commission and the High Representative are committed to implementing the new Cybersecurity Strategy in the coming months. They will regularly report on the progress made and keep the European Parliament, the Council of the European Union, and stakeholders fully informed and engaged in all relevant actions. It is now for the European Parliament and the Council to examine and adopt the proposed NIS 2 Directive and the Critical Entities Resilience Directive. Once the proposals are agreed and consequently adopted, member states would then have to transpose them within 18 months of their entry into force.

The Commission will periodically review the NIS 2 Directive and the Critical Entities Resilience Directive and report on their functioning. Background Cybersecurity is one of the Commission's top priorities and a cornerstone of the digital and connected Europe. An increase of cyber-attacks during the coronavirus crisis have shown how important it is to protect hospitals, research centres and other infrastructure. Strong action in the area is needed to future-proof the EU's economy and society. The new Cybersecurity Strategy proposes to integrate cybersecurity into every element of the supply chain and bring further together EU's activities and resources across the four communities of cybersecurity – internal market, law enforcement, diplomacy and defence.

It builds on the EU' Shaping Europe's Digital Future and the EU Security Union Strategy, and leans on a number of legislative acts, actions and initiatives the EU has implemented to strengthen cybersecurity capacities and ensure a more cyber-resilient Europe. This includes the Cybersecurity strategy of 2013, reviewed in 2017, and the Commission's European Agenda on Security 2015-2020. It also recognises the increasing inter-connection between internal and external security, in particular through the Common Foreign and Security Policy. The first EU-wide law on cybersecurity, the NIS Directive, that came into force in 2016 helped to achieve a common high level of security of network and information systems across the EU. As part of its key policy objective to make Europe fit for the digital age, the Commission announced the revision of the NIS Directive in February this year.

The EU Cybersecurity Act that is in force since 2019 equipped Europe with a framework of cybersecurity certification of products, services and processes and reinforced the mandate of the EU Agency for Cybersecurity (ENISA). As regards Cybersecurity of 5G networks, Member States, with the support of the Commission and ENISA have established, with the EU 5G Toolbox adopted in January 2020, a comprehensive and objective risk-based approach. The Commission review of its Recommendation of March 2019 on the cybersecurity of 5G networks found that most member states have made progress in implementing the Toolbox. Starting from the 2013 EU Cybersecurity strategy, the EU has developed a coherent and holistic international cyber policy.

Working with its partners at bilateral, regional and international level, the EU has promoted a global, open, stable and secure cyberspace guided by EU's core values and grounded in the rule of law. The EU has supported third countries in increasing their cyber resilience and ability to tackle cybercrime, and has used its 2017 EU cyber diplomacy toolbox to further contribute to international security and stability in cyberspace, including by applying for the first time its 2019 cyber sanctions regime and listing 8 individuals and 4 entities and bodies. The EU has made significant progress also on cyber defence cooperation, including as regards cyber defence capabilities, notably in the framework of its Cyber Defence Policy Framework (CDPF), as well as in the context of the Permanent Structured Cooperation (PESCO) and the work of the European Defence Agency. Cybersecurity is a priority also reflected in the EU's next long-term budget (2021-2027).

Under the Digital Europe Programme the EU will support cybersecurity research, innovation and infrastructure, cyber defence, and the EU's cybersecurity industry. In addition, in its response to the Coronavirus crisis, which saw increased cyberattacks during the lockdown, additional investments in cybersecurity are ensured under the Recovery Plan for Europe. The EU has long recognized the need to ensure the resilience of critical infrastructures providing services which are essential for the smooth running of the internal market and the lives and livelihoods of European citizens. For this reason, the EU established the European Programme for Critical Infrastructure Protection (EPCIP) in 2006 and adopted the European Critical Infrastructure (ECI) Directive in 2008, which applies to the energy and transport sectors. These measures were complemented in later years by various sectoral and cross-sectoral measures on specific aspects such as climate proofing, civil protection, or foreign direct investment.

Digital economy

Digital euro: Commission welcomes the launch of the digital euro project by the ECB

Published

on

The Commission welcomes the decision taken by the Governing Council of the European Central Bank (ECB) to launch the digital euro project and start its investigation phase. This phase will look at various design options, user requirements and at how financial intermediaries could provide services building on a digital euro. The digital euro, a digital form of central bank money, would offer greater choice to consumers and businesses in situations where physical cash cannot be used. It would support a well-integrated payments sector to respond to new payment needs in Europe.

Taking into account digitalisation, rapid changes in the payments landscape and the emergence of crypto-assets, the digital euro would be a complement to cash, which should remain widely available and useable. It would support a number of policy objectives set out in the Commission's wider digital finance and retail payments strategies including the digitalisation of the European economy, increase the international role of the euro and support the EU's open strategic autonomy. Based on the technical co-operation with the ECB initiated in January, the Commission will continue to work closely with the ECB and the EU institutions throughout the investigation phase in analysing and testing the various design options in view of policy objectives.

Continue Reading

Digital economy

New digital resource launched to support health, social care and industry innovation

Published

on

Achieving Innovation is a new resource developed by Life Sciences Hub Wales to inform and guide those working across industry, health and social care innovation. It summarises key research, provides critical insights and delivers fresh perspectives from cross-sector thought leaders.

This new digital resource reviews the wealth of knowledge available about innovation in health and social care to equip those who need it with the most relevant and important information. Life Sciences Hub Wales has worked closely with contributors spanning health, industry, academia and social care providing input.

Innovation is perceived by many stakeholders as essential for catalysing system-wide change and making a difference to patients and people. A recent survey commissioned by Life Sciences Hub Wales for Beaufort Research found that 97% of health and social care regarded innovation as being very important, alongside 91% of industry.

However, barriers can make innovation more difficult, including a lack of common language, resources, and cross-sector engagement. Life Sciences Hub Wales has created the Achieving Innovation resource to help address these challenges, identifying evidence-based solutions and answers to help navigate the innovation ecosystem and futureproof our health and social care systems.

The resource is set to be regularly updated with new material, and launches with a:

Cari-Anne Quinn, CEO of Life Sciences Hub Wales, said: “This new resource can play a key role in helping stakeholders of all backgrounds navigate the health and social care ecosystems in Wales and beyond. Innovators hold the key to large-scale transformation of health, care and wellbeing in Wales and this resource will support them in achieving this.”

Minister for Health and Social Services, Eluned Morgan, said: “Innovation plays a critical role in supporting our health and social care sectors in Wales to deliver new ideas and technologies in partnership with industry. I welcome Life Sciences Hub Wales new ‘Achieving Innovation’ resource as a key tool for innovators who are working to overcome real challenges and grasp exciting new opportunities. When we established and funded Life Science Hub Wales, innovation was at the heart of its ethos - this ethos has played a key role in our recovery and response to the impact of COVID-19.”

Dr. Chris Subbe, Acute, Respiratory and Critical Care Medicine Consultant at Betsi Cadwaladr University Health Board and Senior Clinical Lecturer at Bangor University, said: “I was delighted to contribute to the Achieving Innovation resource by exploring the importance of making innovation an everyday habit.

In this time of exceptional pressures on our ability to provide quality care we need to find ways to develop talent and ideas from wherever they come. This new resource should empower multidisciplinary innovators from industry and healthcare backgrounds with the information, context and language required.”

Darren Hughes, Director of Welsh NHS Confederation, said: “We welcome the new Achieving Innovation resource from Life Sciences Hub Wales, as we have seen the impact of innovation and service transformation in response to the Covid-19 pandemic. The resource supports a deeper understanding of innovation and complements our multi-agency report prepared by Swansea University, The NHS Wales COVID-19 Innovation and Transformation Study Report, which draws from a vast evidence-base of staff experiences from across NHS Wales, examining why and how they innovated and looking at practical recommendations to further this agenda.

“As we embark on recovery, it’s imperative that we capitalize on opportunity to improve service delivery, efficiency, patient outcomes, staff wellbeing, and encourage a culture of learning and sharing best practice across organisational boundaries.”

The resource comes at an exciting time for innovation in Wales, with the launch of the Intensive Learning Academies earlier in 2021. The first of their kind in the world, these world-leading academies are delivering innovation-focussed taught courses, research and bespoke consultancy services, with Life Sciences Hub Wales supporting relevant partners.

If you would like to explore the Achieving Innovation resource, click here

About Life Sciences Hub Wales

Life Sciences Hub Wales aims to make Wales the place of choice for health, care and wellbeing innovation. We help to advance innovation and create meaningful collaboration between industry, health, social care, government, and research organisations.

We want to help transform both the health and economic wellbeing of the nation:

  • Accelerating the development and adoption of innovative solutions that support the health and social care needs of Wales, and;
  • partnering with industry to advance economic improvement across the life sciences sector and drive business growth and jobs in Wales.

We do this by working closely with health and social care colleagues to understand the challenges and pressures an organization may face. Once identified, we then work with industry to help source and support the development of innovative solutions to respond to these challenges with agility.

Our team provides bespoke advice, signposting and support to accelerate all innovation journeys, whether supporting a clinician with a bright idea or a multinational life sciences organisation.

Life Sciences Hub Wales helps to catalyse system-wide change by convening and orchestrating a cross-sector innovation ecosystem. These connections enable us to create valuable networking and matchmaking opportunities.

To find out more, click here.

About the Achieving Innovation resource

The resource launches with:

  • Eight Insights for Achieving Innovation- article collating key insights and themes from across the resource.
  • Directory summarizing support and organisations available in Wales.
  • A narrative review of innovation evidence and literature.
  • A policy review of the Welsh government’s approach to innovation.
  • Blogs authored by leaders from across health, industry and social care focussing on innovation.
  • Podcasts where thought leaders discuss the challenges and opportunities of innovation.

Survey Reference:

A recent survey commissioned by Life Sciences Hub Wales for Beaufort Research found that 97% of health and social care regarded innovation as being very important, alongside 91% of industry.”

Beaufort Research were commissioned by Life Sciences Hub Wales to conduct an anonymous survey into cross-sector stakeholder perceptions around the organisation and the wider life sciences sector in early 2021. This was undertaken to help inform Life Sciences Hub Wales’ future strategic direction.

Continue Reading

Digital economy

Economic analysis of Digital Markets Act

Published

on

The European Commission has presented a proposal for The Digital Markets Act (DMA). Its goal is to create fair and competitive digital markets in the EU. It aims to achieve this by introducing new ex-ante regulations that will automatically apply to so-called "gatekeepers". The gatekeepers are to be large internet platforms that meet selected size criteria, writes Robert Chovanculiak, PhD.

In a new joint publication entitled Economic Analysis of Digital Markets Act, prepared by four think tanks: INESS (Slovakia), CETA (Czech Republic), IME (Bulgaria), and LFMI (Lithuania), we point out the shortcomings of the DMA and highlight the possible unintended consequences of this regulation. In addition, we also suggest a way to modify the proposed procedure for regulating internet companies.

Among the main shortcomings is the very definition of 'gatekeepers'. They do not really occupy a dominant position within the economy as a whole. Even within digital services, there is intense competition between platforms against each other, while at the same time their position in the market is constantly being challenged by new innovators.

The only space where gatekeepers have the ability to influence the rules of the game is on their own platform. However, even though they have full control over setting the terms and conditions for users, they have no incentive to set them unfavourably. This is best seen when it comes to various practices that the DMA proposal restricts or outright prohibits.

In the study, we show that these business practices are time-tested and are legitimately used by many companies in the offline world. Moreover, there are a number of economic explanations in the literature as to why these business practices are not a manifestation of anti-competitive behaviour, but instead provide increased welfare for both the end and business users of the platform.

We therefore recommend that the DMA rethinks the centralization and automation of the entire process of identifying "gatekeepers" and individual prohibited business practices. From the perspective of the CEE region, it is important to maintain the dynamic element of competition. This can be achieved by replacing the static and ex ante approach in the DMA with a polycentric approach where national capacities are involved in decision making while maintaining an open regulatory dialogue in which internet companies themselves have the opportunity to participate.

Robert Chovanculiak, PhD is an analyst at INESS and lead author of the Economic Analysis of Digital Markets Act.

Continue Reading
Advertisement
Advertisement

Trending