The EU’s New Proposals Concerning Liability in Cybersecurity
On 23 October 2017, an interview with the chief of EU cybersecurity, Steve Purser, was posted online. In the interview, he discussed the need for liability for cybersecurity attacks. There is a need for better certification for cybersecurity.
Most of those who work in cybersecurity are only certified on the national level, but not for all of the EU. The risk there is that someone may have certification in one country, but it may not be recognized in another country. Although it has started some controversy, a European scheme would ensure that cybersecurity certifications are standardized and meet acceptable requirements.
When it comes to companies and their software, some even think that the companies should be liable for any and all cybersecurity attacks. Purser believes that while in some ways this is necessary, it shouldn’t be a generalized standard.
Adding extra barriers can be a hindrance to creativity and advances in technology. So in some things, companies should have standards that make them liable for cybersecurity attacks. But in other things, companies still need freedom to be innovative in what they’re doing.
There have been some concerns that creating a general, higher EU standard for cybersecurity certification will hinder relationships with countries that are not part of the EU. Purser notes that there isn’t reason for concern right now. The proposal is merely that: a proposal.
Since right now these higher standards are just an idea, there’s no telling what will come of them. It’s all unknown at this point. When it comes to the planning stages of this proposal, those working on it will need to do their research and weight the both the benefits and the drawbacks.
Purser notes that the criteria for the proposed general EU-wide certification are yet to be determined. However, when the EU does start laying out criteria, they do need to keep in mind levels of security that are actually needed. Placing the bar too high for security would be fatal when attempting to get into new markets. But on the flip side, they need to make sure they have enough security to keep things safe. It is a balance that needs to be found.
This proposal for general EU standards for cybersecurity is still relatively new. What will come of it remains to be seen. There is a lot of work to be done still and this is just the beginning.