Strengthening cybersecurity for the many, not just the few

Outgoing MEP Josianne Cutajar’s mission to help forge a digital policy that prioritises the needs of the most vulnerable concludes with the approval of a reform to allow for EU-wide cybersecurity certification schemes.

Have you ever heard of managed security services (MSS)? Well, they are basically security services for your business’ computer network that you outsource to a security company.  These companies  specialise in keeping your systems safe from cyberattacks. So, instead of having to buy and maintain all your own security equipment and software, and hire people to manage it, you can pay a company to do it all for you. This can be a good option for businesses of all sizes, but especially for smaller businesses that may not have the resources to staff their own security team.

After approval by the European Parliament during its last plenary, held in Strasbourg last week, a European law on managed security services will now introduce EU cybersecurity certification schemes for outsourced services that support an organisation’s cybersecurity risk management. The law recognises the increasing importance of managed security services in preventing and mitigating cybersecurity incidents. It seeks to prevent market fragmentation due to varying national certification schemes by establishing a unified European certification framework. This ensures a consistent level of cybersecurity across the EU and boosts trust in managed security services.

Following the legislation’s adoption at plenary with 530 votes to 5, and 53 abstentions, the European Parliament’s lead MEP on managed security services, Josianne Cutajar (Malta, S&D), said: “This vote paves the way for a democratic and transparent cybersecurity certification scheme for managed security services that avoids market fragmentation. The law recognises the importance of supporting SMEs in light of the implementation of the new act, such as through more financial and technical support, a clearer definition of managed security services, and acknowledging the challenges posed by the existing skills gap. By setting up this clear framework, we are increasing transparency in the process of the certification of the schemes, ensuring the participation of the European Parliament and strengthening security within the EU for the many, not just the few.”

In a conversation with The Journal on the margins of the plenary session, MEP Cutajar echoed what she had told her fellow European legislators gathered in the hemicycle prior to the vote: “Over the past five years, I made it my mission to forge a digital policy that prioritises the needs of the most vulnerable. Let us not forget that a chain is only as strong as its weakest link. In this era of digitalisation, coupled with geopolitical turbulence, the European Parliament’s commitment to a comprehensive, safe, and inclusive digital transition for all – citizens and businesses alike – must remain a priority.”

Josianne Cutajar emphasised the need for everyone to be cybersecurity aware, just like we take physical security measures.  She compared online safety to home security, highlighting the importance of understanding cyber threats to protect our digital data.  Education, she concluded, is crucial in this fight.

The MEP from Gozo was pleased to share that she had lobbied successfully to have a reference to the importance of investment in skills included in the introductory text of the new law. “Without strong skills development in this area,” she explained, “these important services could disappear altogether.”

The Journal editor, Sandro Mangion, in conversation with MEP Josianne Cutajar (S&D) in Strasbourg.

Boosting the EU’s ability to detect and prepare for cyber threats

Meanwhile, during the plenary session, MPw also approved the Cyber Solidarity Act, which aims to build a more resilient, collective EU response against cyber-threats. In relation to this dossier, MEP Josianne Cutajar was the S&D Group’s negotiator on the Opinion of the Committee on Transport and Tourism (TRAN).

The legislation, adopted with 470 votes to 23 and 86 abstentions, had already been informally agreed upon with the Council. The proposal’s key objectives include strengthening EU-wide detection and situational awareness of cyber threats, enhancing preparedness and response capabilities for significant cybersecurity incidents, and fostering European technological sovereignty in cybersecurity.

These objectives will be primarily achieved through a pan-European network of National Cyber Hubs and by establishing a Cyber Emergency Mechanism and a European Cybersecurity Incident Review Mechanism.

During negotiations on the bill, MEPs advocated for sufficient funding for the EU Cybersecurity Reserve, which could play an important role in supporting Member States and EU institutions in dealing with large-scale cybersecurity incidents. They also pushed to ensure adequate support for the development of cybersecurity skills across the EU. This budget line will allow Cybersecurity competence centres to help Member States prepare against cyber threats.

To become law, both pieces of legislation require final approval from the Council.

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments