Cybersecurity in the European Defense Industry: The Demand for High Security Standards in Cloud Services
By Emanuele Bonini
Harmonization and Competitiveness: The Need for High Security Standards
Giorgio Mosca of Leonardo/ASD emphasizes that harmonization and certainty are crucial for the competitiveness of the European defense industry. He highlights the urgent need for the new European Commission to address certification systems, focusing on the implementation of the European cybersecurity certification scheme for cloud services (EUCS).
The Importance of a Unified Approach
Brussels faces a challenge in establishing a unified approach to data storage, processing, and sharing within the defense, security, and aerospace sectors. The EU’s current efforts are seen as insufficient and untimely by industry leaders. The proposal for a cybersecurity certification scheme by ENISA and ECCG falls short of industry demands for certainty and uniform standards.
ASD’s Call for Higher Security Standards
The ASD, representing European security, defense, and aerospace companies, is pushing for the EU to adopt higher security standards—referred to as high+—to foster investment and ensure security. Mosca points out that without these higher standards, the industry faces increased exposure to cyber-attacks and economic disadvantages due to fragmented security regulations across member states.
Economic and Security Impacts
According to Mosca, the lack of high security standards in the EUCS system has at least two major impacts:
1. **Increased Vulnerability to Cyber-Attacks**: Data stored outside the EU and managed through channels outside of European control increases the risk of cyber-attacks and potential disruptions.
2. **Economic Burden**: The current approach adds administrative burdens and costs to businesses, countering the Commission's goal to reduce these barriers.
The Path Forward: A Single European Model
The discussions on the proposed European cybersecurity certification system for cloud services (EUCS) have been ongoing since December 2019. Industry leaders advocate for the reintroduction of the highest assurance level (high+ criteria) to protect sensitive European industrial data.
The industry hopes that within the European Cybersecurity Certification Group, representatives of EU member states will be willing to reconsider the decision and see what the new European legislature proposes.
Conclusion
The push for higher security standards in cloud services is essential for the competitiveness and security of the European defense industry. A unified approach and harmonized standards will mitigate vulnerabilities and promote a secure and thriving digital market in Europe.
---
References:
- ENISA
- European Cybersecurity Certification Group
- ASD
- Leonardo
By Emanuele Bonini
Harmonization and Competitiveness: The Need for High Security Standards
Giorgio Mosca of Leonardo/ASD emphasizes that harmonization and certainty are crucial for the competitiveness of the European defense industry. He highlights the urgent need for the new European Commission to address certification systems, focusing on the implementation of the European cybersecurity certification scheme for cloud services (EUCS).
The Importance of a Unified Approach
Brussels faces a challenge in establishing a unified approach to data storage, processing, and sharing within the defense, security, and aerospace sectors. The EU’s current efforts are seen as insufficient and untimely by industry leaders. The proposal for a cybersecurity certification scheme by ENISA and ECCG falls short of industry demands for certainty and uniform standards.
ASD’s Call for Higher Security Standards
The ASD, representing European security, defense, and aerospace companies, is pushing for the EU to adopt higher security standards—referred to as high+—to foster investment and ensure security. Mosca points out that without these higher standards, the industry faces increased exposure to cyber-attacks and economic disadvantages due to fragmented security regulations across member states.
“We believe that if we want to talk about the security of supply, we have to talk about the security of supply chains and the secure ways of connecting these chains,” said Giorgio Mosca.
Economic and Security Impacts
According to Mosca, the lack of high security standards in the EUCS system has at least two major impacts:
1. **Increased Vulnerability to Cyber-Attacks**: Data stored outside the EU and managed through channels outside of European control increases the risk of cyber-attacks and potential disruptions.
2. **Economic Burden**: The current approach adds administrative burdens and costs to businesses, countering the Commission's goal to reduce these barriers.
The Path Forward: A Single European Model
The discussions on the proposed European cybersecurity certification system for cloud services (EUCS) have been ongoing since December 2019. Industry leaders advocate for the reintroduction of the highest assurance level (high+ criteria) to protect sensitive European industrial data.
“Clarity is needed for the industry in the sector, which is crucial for competitiveness,” said the executive of Leonardo, urging the new Commission to take the dossier back in its hand.
The industry hopes that within the European Cybersecurity Certification Group, representatives of EU member states will be willing to reconsider the decision and see what the new European legislature proposes.
Conclusion
The push for higher security standards in cloud services is essential for the competitiveness and security of the European defense industry. A unified approach and harmonized standards will mitigate vulnerabilities and promote a secure and thriving digital market in Europe.
---
References:
- ENISA
- European Cybersecurity Certification Group
- ASD
- Leonardo