The European Economic Social Committee (EESC) has also recommended strengthening the mandate of the European cybersecurity agency and establishing an effective European certification scheme for online services and products.
These are the key conclusions of a public hearing on the cybersecurity act held in Brussels on Tuesday which will feed into the EESC opinion being drafted by members Alberto Mazzola and Antonio Longo.
The EESC says it supports the cybersecurity package set out in a European Commission proposal last September but has flagged up additional measures.
An EESC spokesperson said, “The concept of cybersecurity has emerged worldwide. It is a global challenge as attacks may take place anywhere and target individuals, civil society organisations, social systems and economic sectors across any member state.
“This is why the EESC is encouraging the EU to take the necessary steps and agree on a model of resilience against such attacks at European level.”
Pierre Jean Coulon, President of the EESC section for transport, energy, infrastructure and the information society (TEN), pointed to a Eurobarometer survey on Europeans’ attitudes towards cybersecurity which showed that 73 per cent of internet users are concerned that their online personal information could not be kept secure by websites and 65 per cent that it could not be kept secure by public authorities.
Most respondents said they are concerned about being the victims of various forms of cybercrime, and especially about malicious software on their device (69 per cent), identity theft (69 per cent) and bank card and online banking fraud (66 per cent).
The EU Agency for Network and Information Security (ENISA) is a centre of expertise for cybersecurity in Europe and is currently based in Greece, but the EESC believes it should be “developed, made permanent and endowed with more resources.”
It should, says the ESSC, focus on eGovernment and universal services (eHealth) as well as preventing and combatting ID theft and online fraud.
Speaking after the hearing, Mazzola said, “New resources should be allocated to ENISA to enable it to fulfil its mandate and to enhance the resilience of the European cyber system.”
He added, “The EESC believes that we need to build a strong cyber skills base and improve cyber hygiene by establishing an EU-certified curriculum for high schools and professionals. We also believe that a European digital single market would need a uniform interpretation of the rules, including mutual recognition between member states, and that a certification framework could provide a minimum common baseline.”
The EESC recommends establishing an EU cybersecurity certification framework, based on commonly defined cybersecurity and ICT standards at European level. Online services and products could then be certified with a proper labelling system, with a view to improving consumer confidence.
Longo said, “It is important to strengthen the trust of consumers, who are increasingly using digital payments for eCommerce and place their personal data online. We need a certification system that guarantees cybersecurity software, for instance through a recognisable label, as is currently the case for websites and the ‘lock’ next to the address bar.
“In addition, the knowledge of the dangers in the digital world and the tools for avoiding illicit use being made of personal data must be gradually extended to schools and training courses for workers.”