Two years ago almost to the day, months before cyberattacks entered the world’s collective consciousness, the European Union took the bold step of publishing an ambitious cybersecurity strategy. The strategy aims to outline the best path forward for identifying and responding to emerging digital threats.
Orchestrators of the plan, “An Open, Safe and Secure Cyberspace,” believed that it would be a central step towards creating an environment in which the digital economy could thrive, having so far been largely isolated from attacks but known to be vulnerable. As the European Commission’s Catherine Ashton said, “For cyberspace to remain open and free, the same norms, principles and values that the EU upholds offline, should also apply online.”
Since its inception in 2013, the EU’s Cybersecurity Strategy has focused on five pillars, namely:
- Achieving cyber resilience
- Reducing cyber crime
- Building cyber defense policies
- Deploying new cybersecurity technologies
- Creating a central international cybersecurity policy.
Even in this short period of time, significant strides have been made towards adoption. The NIS Directive has been a cornerstone piece of legislation resulting from the plan. It requires EU member states to adopt a national strategy that “sets out concrete policy and regulatory measures to maintain a level of network and information security.” The Directive also requires private entities to disclose major cyberattacks.
As Defense One points out, this amount of progress is no small feat, as institutions within the EU generally “stumble forward” because of the fragmentation that is inherent to the union. In the case of the Cybersecurity Strategy, three separate EU institutions – the Directorate General for Home Affairs, the European Council and European External Action Service, and the Directorate General for Economic Affairs – have been required to work in tandem for the initiative to be successful.
Unfortunately, even as the Cybersecurity Strategy has come together, questions remain among the government organizations that are ultimately impacted by the Strategy’s mandates. With regards to the NIS Directive, which will likely require compliance by 2017, three in five organizations say they have received either little or no clear guidance on the legislation, and one-third say they don’t understand the impact of the legislation. That’s according to a study by security firm FireEye.
The EU’s efforts continue to be a work in progress. That being said, it’s arguably more legislative progress in support of cybersecurity than has been seen in the United States. Across the pond, although the White House’s recent budget proposal has encouraged more funding to bolster cybersecurity, most U.S. federal agencies still aren’t doing enough. The Brookings Institute has described federal efforts as “abysmal.” Specifically, Brookings found that fewer than half of all U.S. federal agency strategic plans mention cybersecurity.
This is notable, because the public sector has an opportunity to show the private sector how network security should be done. Private organizations need to have some sort of model to follow, as they wade into what may be the unfamiliar waters of cybersecurity.
One of the lessons network administrators will quickly learn, particularly as they secure remote access for their employees, is how valuable it is to manage a VPN network from a single point of administration. As an organization scales, the network needs to keep up with the growth, without sacrificing security or efficiency, no matter how many new users or endpoints are added.
As network administrators adopt best practices like these, they not only protect themselves, but they help build the “open, safe and secure cyberspace” envisioned by initiatives like the EU Cybersecurity Strategy.
Want to learn more about securing M2M communications? Join us for our webinar “Managing Secure Communications in M2M Environments,” 2 p.m. EST, Tuesday, February 24, or download our new whitepaper:
In Managing Secure Communications in M2M Environments, we cover:
– How to choose a connection method that’s right for your application.
– How to configure end devices so they can perform authentication steps.
– How to manage VPN configurations and updates without human interaction.