ECIS Press Statement
The following is a statement by ECIS commenting on the European Commission’s Communication on Resilience, Deterrence and Defense: Building strong cyber security for the EU, published on 13 September 2017.
Brussels – 13 September 2017 – ECIS welcomes the Communication on Resilience, Deterrence and Defense: Building strong cyber security for the EU, in particular the European Commission’s renewed focus on education and training and other initiatives aimed at improving cyber-resilience, which ECIS has long argued should be one of the top priorities. Indeed, attacks such as Dyn and WannaCry have demonstrated that one of the greatest vulnerabilities to the Internet of Things (“IoT”) ecosystem is human error – whether clicking on phishing links, failure to update or patch systems, or lack of adherence to basic practices of cyber hygiene.
Whilst it is critical that regulators across the European Union act in a co-ordinated fashion to enhance and promote a regional cyber-secure ecosystem, it is also important that they do not advance policies which could inadvertently stifle innovation and thereby undermine cyber resilience. The vast potential of the IoT for the European Union will be realised only in an EU policy climate which focuses on managing risk and empowering innovators to be sufficiently dynamic, adaptive, and responsive to an ever changing cyber threat landscape.
ECIS is of the opinion that the proposed framework for certification and labelling scheme are inadequate solutions to the challenges cyber security poses. It will add complexity and costs for both providers without adequately protecting end users. In addition, ECIS fears certification could instil a false sense of security in users.
International standards alignment must remain a priority. In addition, there is a need for cyber security risk management frameworks. This guidance should include information as to how respective standards address security requirements laid down in EU regulation. Where gaps in standards and certification schemes are identified these should be pursued via the normal EU standardisation system.
ECIS is an international non-profit association founded in 1989 that endeavours to promote a favourable environment for interoperable ICT solutions. It has actively represented its members regarding issues related to interoperability and competition before European, international and national fora, including the EU institutions and WIPO. ECIS’ members include large and smaller information and communications technology hardware and software providers. The association strives to promote market conditions in the ICT sector that ensure there is vigorous competition on the merits and a diversity of consumer choice.
ECIS’ member companies have a long and established track record of providing resources and operational expertise to EU authorities so as to effectively address cyber security and related policy questions. In particular, ECIS has always been an advocate of a co-operative regulation model for cyber security.