Brussels, 05/07/2016 (Agence Europe) - On Tuesday 5 July in Strasbourg, the Commission published its cyber security action plan during the signing ceremony of a public-private partnership (PPP) with the European Cyber Security Organisation (EUROPE 11586 and EUROPE 11578). This initiative looks at the role of non-European companies.
Ending fragmentation. According to the European Commission, at least 80% of European companies have experienced at least one cyber security attack over the past year. The number of cyber security incidents occurring in all the different sectors across the world increased by 38% in 2015. The Commission has subsequently published a communication (accompanied by three working documents and a decision setting up a public-private partnership) entitled "Strengthening the European Cyber Resilience System and Promoting Competitiveness and Innovation in the Cyber Security Sector".
In this document, the Commission expresses its commitment to examine the possibility of setting up a European certification framework for information and communication (ICT) security technologies. It also proposes to begin at the end of this year (and not in 2018, as previously planned) the European Union Agency for Network and Information Security assessment, given the swift pace of change in the cyber security environment.
The Commission has also expressed its wish to assess the need for "new rules and/or guidelines" for preparing for cyber attacks in the sectors identified by the directive on Information Security Networks (ISN), such as energy, transport, health and the banking sector. It is also proposes to present a blueprint at the beginning of 2017, focusing on a coordination plan in the event of large-scale cyber attacks. It will look at setting up an education, simulation and training platform, in the knowledge that the demand for cyber security employees will be close to 6 million in 2019.
PPP creates controversy. The cyber security public-private partnership concluded in Strasbourg by Commissioner Günther Oettinger and the recently set up European Cyber Security Organisation (ECSO), constitutes the flagship measure in this package. It should be pointed out that the European Union intends to invest €450 million as part of its Horizon 2020 Research and Innovation Programme and is hoping that cyber security market actors will invest three times as much.
The partnership will be open to companies (including SMEs), universities, research bodies, foreign companies with research and innovation facilities based in the EU, as well as countries involved in the Horizon 2020 programme (such as Switzerland, Israel and Norway). The public-private partnership opening criteria have created controversy. The ENISA director had in fact informed the Euractiv.com news site that he would prefer that European taxpayers' money was invested as a priority in European information technology companies and not used to increase the revenues of Asian or US companies. The ENISA press service informed us that they needed to "ensure that European companies can fully participate in the project". The Digital Europe organisation, however, which represents several large-scale non-European companies, denounced a certain trend in Europe that "sees protectionism as a good thing".
As we go to press, the list of companies participating in the PPP was still not yet available. Only Microsoft has so far informed EUROPE and that it will not be taking part. (Original version in French by Sophie Petitjean)