A good part of our life was transferred to the computer and the mobile phone when the COVID-19 pandemic hit. The use of technology multiplied across the planet and, with it, cybercrime. In the European Union, cyber threats to essential service operators and digital service providers increased by 70% between 2019 and 2020, according to the European Union Agency for Cybersecurity (ENISA). Although, in the opinion of Juhan Lepassaar, the director of this organization, the pandemic “has not worsened the situation by itself, but has revealed the areas that need more work and the road ahead.” Estonian-born Lepassaar took over the helm of ENISA in 2019, just as the rise of cybercrime started in the EU.
If at 27 it costs blood, sweat and tears to agree on matters such as migration, it would not be unreasonable to think that they are not capable of reaching consensus on cybersecurity and the measures to be carried out in the Digital environment. However, Lepassaar assures that the member countries agree on the main goals and the need they have to cooperate: “Everyone agrees that there should be a more cyber-secure Europe,” he explains to EL PAÍS by video call from Athens (Greece), where the headquarters of the body he directs is located.
ENISA’s work is to foster cooperation between Member States, between sectors and between companies across the Union and to facilitate dialogue between them. If the goal is to build a more secure Europe, it is imperative that countries and businesses share information and row in the same direction. It may be easier for the latter, since politically “members have different preferences” about, for example, who should take more responsibility, companies or governments.
In the case of governments, all “should develop national cybersecurity strategies, review them periodically and understand how they work,” explains Lepassaar, who insists on praising the one that Spain has followed: “It has served to achieve the objectives […] and spending on cybersecurity by Spanish operators is above the EU average. ” Furthermore, the Estonian leader assures that the “health” in terms of safety of the operators of essential services and digital service providers in our country “is quite good.”
To achieve the security of these operators of digital and essential services, the European agency seeks to approve a cybersecurity certification, for which the European Cybersecurity Certification Group was created two years ago, which met six times in 2020 but none in 2021. Lepassaar insists that they hope that “in the future there will be an increase in cybersecurity certification strategies and minimum standards that will be applied” throughout the Union. A certification like that is essential for European companies and citizens to trust the internal market. ENISA is working on three types of certifications: “One for common scope areas, another for cloud services and a third for 5G,” explains Lepassaar.
As established by the body, the certifications require the “formal evaluation of the products, services and professed by an independent and accredited body.” However, a good number of European companies believe that they more than meet the necessary safety standards: according to an ENISA survey, almost 70% of the companies analyzed say that they meet the criteria required in their industry and 3.7% considers that it far exceeds them. However, threats in the digital environment are only increasing and, with them, the agency’s efforts to raise awareness not only among companies, but also among citizens. Last October, in European Cybersecurity Month, the agency launched a campaign on “cyber hygiene” for information security. As can be seen from the analogy with personal hygiene, “it is the equivalent of establishing a simple routine of measures that minimize the risks of cyber threats,” the agency explains.
The Estonian director insists: “Security is never absolute, but at least all imaginable measures will have been taken to offer guarantees to users”, and to make digital service providers resilient and cyber-secure.
As in any area of action in the Union, digital security is also a globalized environment. Lepassaar avoids citing EU allies in terms of cybersecurity, but concedes: ” It is clear that cybersecurity is part of the Union’s relations with other countries and, at any level, it can be seen that alliances have been built about common values and strong economic commitments, so if you look at who the EU’s allies are in the world and with whom it shares institutionalized economic relationships that go beyond trade, those countries would make up the EU’s alliances in cybersecurity. ‘ ‘.
You can follow EL PAÍS TECNOLOGÍA at Facebook Y Twitter or sign up here to receive our newsletter semanal.