AMETIC, the Spanish ICT Business Association has organized an informative event on the new European regulation “Cybersecurity Act”, which from June 2019 will regulate the implementation of a common European framework for the certification of “Cybersecure” ICT products and services to promote cybersecurity of online services and consumer devices.
This European regulation not only seeks to increase the confidence of users in relation to the use of connected devices, but also to strengthen the European cybersecurity industry and the European Single Market, positioning it as a reference worldwide, in line with other markets such as the United States or China. The European Union Agency for Network and Information Security (ENISA), which through this regulation will be named as the new European Agency for Cybersecurity, will coordinate and harmonize policies at European level, and will support Member States in the implementation of plans and national strategies in the fight against threats and cybersecurity attacks.
Antonio Cimorra, director of Information Technologies and Digital Agenda of AMETIC, highlighted during the opening of the session the advances that the digital transformation has introduced in society, as well as the importance of ensuring cybersecurity. He also commented on the measures that, from AMETIC, and particularly from the Cybersecurity Commission where important suppliers of this technology meet, are being developed in this field. Cimorra also highlighted the association’s support for the new European initiative.
Later, Ignacio Pina, Technical Director of the National Accreditation Entity (ENAC), explained that, “although the regulation will not be mandatory at the beginning, as far as certification is concerned, it is spected that the market will regulate itself fostering its adoption “. Pina added that “certification in itself does not generate security, but rather seeks to build trust among consumers”. In this regard, he commented that “the transition between current national certification schemes in force and the new common European framework will be gradual”. On the other hand, he stressed that “the role of the industry in defining the certification schemes that derive from this regulation, is essential for them to be aligned with market needs.”
Implications of “Cybersecurity Act”
Next, Cybersecutity focused round table was held witht the motto “How does the Cybersecurity Act impact on companies in the digital sector ?”.
Round table was presented by David González, president of the AMETIC Cybersecurity Commission and Head of Sales for Europe and North Africa of G & D. The participants were Mariano José Benito, CISO of GMV; Jesús María Alonso, Head of Consulting Spain of ATOS; Ainhoa Inza, CEO of TCAB (Trust Conformity Assessment Body), and Miguel Bañón, CEO of EPOCHE & ESPRI.
They discussed the implications of the certification regulation for the activity of companies in the digital sector, and the following steps to address in this new scenario.
In general, the participants commented that it is a very positive initiative since, despite being a voluntary regulation for the time being, it is expected that its impact on the market will increase the number of certified secure ICT products in a significant way. They also highlighted that, for Spain, it is an opportunity for consolidation at the European level in terms of cybersecurity, taking advantage of the fact that the Spanish certification ecosystem is among the best considered in Europe.
On the other hand, it has been highlighted that, since there is no penalties framework within the regulation, it is important for companies to detect the benefit of certification, such as the impact on the consumer in terms of trustworthiness. They have also commented that the objective of this initiative is that consumers “get used” to verify that those ICT products or services that they buy or consume, carry the seal of safety certification.
Finally, the presentation by the expert representative of the National Cryptological Center (CCN), an entity that currently coordinates the work of certification in cybersecurity at the national level, addressed how the new Scheme will be adopted in Spain. CCN has coincided with other speakers in the great opportunity that “Cybersecurity Act” supposes for the European and Spanish cybersecurity industry when it comes to positioning Europe in line with other markets.