17 March 2020, BRUSSELS: CyberSec4Europe is offering essential input on the governance structure of the European Cybersecurity Industrial, Technology and Research Competence Centre and Network of National Coordination Centres (NNCC). The legislative proposal for establishment of this body was first published by the European Commission in September 2018 and had its first reading in the European Parliament on 13 March 2019.One of the tasks of the Competence Centre is to set up and help coordinate the NNCC and the Cybersecurity Competence Community. The role and the structure of the Cybersecurity Competence Community, which has been left open for interpretation in the Regulation Proposal, will be crucial in helping secure the digital single market and increase the EU’s autonomy in the area of cybersecurity.

CyberSec4Europe’s recently published report on the governance structure of the Cybersecurity Competence Community advocates an innovative and bottom-up approach to complement the more top-down elements in the current Regulation Proposal. Following data collection and analysis work with participation of over 80 stakeholders from across the cybersecurity community, the recommendation focuses on the involvement of civil society through a Stakeholder Council to build and strengthen its cybersecurity capabilities, as well as facilitate transparency and promote trust.

The new proposal introduces the concept of Community Hubs of Expertise in Cybersecurity Knowledge (CHECKS), which could provide an auspicious environment for regional/sectoral level cooperation between the Network and the Community. Hence, the project will evaluate this proposal with a prototype implementation in the coming months. By connecting to the NNCC, while staying close to the operational environment and cybersecurity professionals, the CHECKS could be well positioned to accumulate regional and industry-related information and expertise. As a part of its ongoing activities, CyberSec4Europe will evaluate the internal governance of the suggested institutions, such as the Competence Centre and CHECKs.

Lead Co-ordinator, Professor Dr. Kai Rannenberg, Goethe University Frankfurt, says: “We are confident that the CyberSec4Europe community-driven approach for the governance model complements the EU Regulation Proposal. At the core of the model are community cybersecurity hubs, which should enable collaboration between industry and academia, bring market security innovations, and help build capabilities in the area. Nevertheless, a governance model based on community hubs will still need accompanying mechanisms to increase funding and investment. We are happy to see the approach being discussed and invite further input and feedback for the future development of the Competence Centre and Network.”

Note to Editors:

About Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is a research-based consortium with 43 participants from 20 EU Member States and two Associated Countries. As a pilot for a Cybersecurity Competence Network, it is testing and demonstrating potential governance structures for the network of competence centres using the best practice examples from the expertise and experience of the participants.

CyberSec4Europe is addressing key EU Directives and Regulations, such as the GDPR, PSD2, eIDAS, and ePrivacy, and help to implement the EU Cybersecurity Act including, but not limited to supporting the development of the European skills base, the certification framework and the role of ENISA.

CyberSec4Europe partners address 14 key cybersecurity domains, 11 technology/ application elements and nine crucial vertical sectors. With participation in over 100 cybersecurity projects amongst them, CyberSec4Europe partners have considerable experience addressing a comprehensive set of issues across the cybersecurity domain. The project demonstration cases will address cybersecurity challenges within the vertical sectors of digital infrastructure, finance, government and smart cities, health and medicine and transportation. In addition to the demonstration of the governance structure and the operation of the network, CyberSec4Europe will develop a roadmap and recommendations for the implementation of the Network of Competence Centres using the practical experience gained in the project.

CyberSec4Europe started on 1 February 2019 and will last until July 2022.

CyberSec4Europe is funded by the European Union under the H2020 Programme Grant Agreement No. 830929