ECSO European Cyber Security Organisation

The main goal of ECSO is to develop a competitive European cyber security ecosystem, to support the protection of the European Digital Single Market with trusted cyber security solutions and, ultimately, to contribute to the advancement of the European digital autonomy. The main objective of ECSO is to support different kind of initiative and concrete actions for the development of the European cybersecurity ecosystem and in particular to:

• Foster and protect from cyber threats the growth of the European Digital Single Market;
• Develop the cybersecurity market in Europe and the growth of a competitive cybersecurity and ICT industry, with an increased market position;
• Develop and implement cybersecurity solutions for the critical steps of trusted supply chains, in sectoral applications where Europe is a leader.

ECSO unites a great variety of European cyber security stakeholders, including large companies, SMEs and start-ups, research centres, universities, end-users, operators, clusters and associations, as well as the local, regional and national administrations across the European Union (EU) Member States, the European Free Trade Association (EFTA) and H2020 Programme associated countries.

On 12 September 2018, the European Commission has issued a proposal for a EU Regulation for the creation of a European cyber security competence centre, of a network of national coordination centres and the further development of the “Community” of stakeholders.

Today, this proposal is under discussion at the Council of the European Union and the European Parliament. Considering that in May 2019 there will be new elections for the European Parliament, the finalisation of this regulation will likely take place only after summer 2019. Yet, discussions are extremely intense in this period, as this regulation is seen as a major milestone in the development of the European cyber security ecosystem. The new EU approach to cyber security will be supported from 2021 by the 2 billion € budget from the EC of the Digital Europe Programme dedicated to cyber security, the budget for research & innovation of the Horizon Europe Programme, other EU funds (e.g. defence, regional etc.) as well as national funds linked with private investments.

ECSO has been asked to present its comments to the proposed regulation before the Council and the rapporteurs at the European Parliament, which are summarised hereafter. We are also in continuous discussion with the European Commission to identify possible improvements in the approach. We are now preparing the suggestions for the way forward which will be presented at the Council mid-January and will be reported to you soon after.

While welcoming the general objectives of the proposed regulation, we have summarized our comments in two main messages and five main issues.

The first message: The governance should be improved and should be built upon a Public - Private Partnership.

Member States and Industry are strongly linked in this endeavour and should have sufficient weight in the decision making. The governance should be built upon a Public Private Partnership, with Industry present in the Governing Board (Industry, here and for all these comments, should be considered in its “large” definition, including suppliers and users, large companies and SMEs, RTOs and academia) for those decisions that are not hampering national sovereignty or causing conflicts of interest. We are studying a possible solution accommodating these needs.

The second message: ECSO should have a well-defined role in the new structure and its momentum should not be lost.

The new structure should better consider ECSO activities, trusted relationships and achievements that have led to the gathering and cooperation of cyber security players from all the different sectors, constituting the initial “Community”.

Issue 1: ECSO welcomes the missions and the general objectives of the proposed regulation but underlines the limited expected impact of industry related bodies

Issue 2: An effective approach linking research with industry is needed to efficiently coordinate investments

Issue 3: The proposed governance is challenging for industry an enhanced public-private partnership should be created and industry should be part of the governing board

Issue 4: Several points are missing in the proposed regulation: an EU cyber security industrial policy, a clear mention of digital autonomy and the role of regions

Issue 5: ECSO proposes to use its experience, activities and trusted relationships in the new European partnership