ETSI releases cautionary statement on proposed Cybersecurity Act (Regulation 2017/0225)
Feb 8, 2018
Sophia Antipolis, 7 February 2018
In September 2017, the European Commission published a proposal for a Regulation of the EP and the Council on "ENISA, the "EU Cybersecurity Agency", and repealing Regulation (EU) 526/2013, and on Information and Communication Technology (ICT) cybersecurity certification ("Cybersecurity Act")".
ETSI welcomes the overall objective of the proposed Regulation to “ increase EU resilience, enhance its cybersecurity preparedness and avoid fragmentation of certification schemes in the EU ”.
This position paper highlights some points that ETSI believes should be further elaborated and clarified in the proposed Regulation, namely:
- Standards for certification: clarify concepts and definitions
- Use the New Legislative Framework as a toolbox
- Rethink the three levels of security with a risk management approach and rethink the way objectives are described
- Ensure applicability and consistency with existing regimes
- Specify governance and processes
Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.