The European Commission (EC), the European Union (EU)’s executive cabinet branch, launched its first public-private partnership (PPP) on cybersecurity Tuesday, which expects to raise nearly $2 billion of investment by 2020.
The partnership is part of a larger set of new EU initiatives to strengthen Europe’s defenses against cyber attacks and competitiveness in the cybersecurity sector, the EC said.
Under the EC’s action plan, the EU will invest almost $500 million in the PPP under its Horizon 2020 research and innovation program. The European Cyber Security Organization (ECSO) will represent cybersecurity market players and is expected to add three times more than the EU in investments, totaling upward of $2 billion total for the initiative. Other members of the PPP are set to include members from national, regional, and local public administrations; research centers; and academia.
The PPP aims to “foster cooperation at early stages of the research and innovation process and to build cybersecurity solutions for various sectors, such as energy, health, transport and finance,” the EC said in a statement.
Günther H. Oettinger, Commissioner for the Digital Economy and Society, CEO of the European Organization for Security, and Interim Chairperson of the ESCO, Luigi Rebuffi, and representatives from 48 public and private organizations from 14 countries signed the partnership in Strasbourg, France.
“Europe needs high quality, affordable and interoperable cybersecurity products and services. There is a major opportunity for our cybersecurity industry to compete in a fast-growing global market,” Oettinger said in a statement.
“We call on member states and all cybersecurity bodies to strengthen cooperation and pool their knowledge, information and expertise to increase Europe’s cyber resilience. The milestone partnership on cybersecurity signed today with the industry is a major step,” he added.
“Cybersecurity is an integral part of our value chain, and this partnership will support us in enhancing our cyber protection,” Axel Krein, senior vice president of Airbus Group’s cybersecurity program, one of the companies contributing to the PPP, said in a separate company statement.
Airbus Group and its defense and space business unit’s cybersecurity branch will contribute to the PPP by providing resources to support the implementation of the research initiative, the company said.
As part of this new cybersecurity effort, the EC will also set out different measures to deal with the fragmentation of the EU cybersecurity market. Although currently an information and communication technology (ICT) company may need to undergo separate certification processes to sell products and services in different EU member states, the EC is starting to look into a possible common European certification framework for ICT security products.
The new EC action plan is rooted in its 2015 Digital Single Market Strategy, the 2013 EU Cybersecurity strategy, and the upcoming Network and Information Security (NIS) Directive, the Commission said. It also builds on the recent communications on Delivering the European Agenda on Security and Countering Hybrid Threats.
The EC is looking at other cybersecurity industry improvements as well. It wants to ease access to finance for smaller businesses (defined as SMEs for small and medium-sized enterprises) working in cybersecurity. The Commission said it will explore different options for this under the new EU investment plan.
The EC also expected the Network and Information Security Directive to be adopted by the European Parliament tomorrow. This directive creates a network of Computer Security Incident Response Teams (CSIRTs) across the EU so they can rapidly react to cyber threats and incidents.
The directive also establishes a ‘Cooperative Group’ between member states to support and facilitate strategic cooperation, the exchange of information, and to develop trust and confidence in cybersecurity issues.
“The Commission today calls on Member States to make the most of these new mechanisms and to strengthen coordination when and where possible,” the EC said.
To aid these efforts the EC will further propose how to enhance cross-border cooperation in major cyber incidents and will bring forward its evaluation of the European Union Agency for Network and Information Security (ENISA), an agency that recommends and supports cyber resilience policy implementation for EU member states. The evaluation aims to assess whether ENISA’s mandate and capabilities are adequate to achieve its mission, the Commission said.
The EC framed these cybersecurity moves as an effort to address how, according to a PricewaterhouseCoopers survey, at least 80 percent of European companies experienced at least one cybersecurity incident in the past year and incidents rose across all industries by 38 percent in 2015.
“This damages European companies, whether they are big or small, and threats to undermine trust in the digital economy. As part of its Digital Single Market strategy, the Commission wants to reinforce cooperation across borders, and between all actors and sectors active in cybersecurity, and to help develop innovative and secure technologies, products and services throughout the EU,” the Commission said.
“Without trust and security, there can be no Digital Single Market. Europe has to be ready to tackle cyber-threats that are increasingly sophisticated and do not recognize borders,” Andrus Ansip, Vice-President for the Digital Single Market, said in a statement.
“Today, we are proposing concrete measures to strengthen Europe’s resilience against such attacks and secure the capacity needed for building and expanding our digital economy,” Ansip added.