Q and A with the European Parliament's cybersecurity rapporteur Angelika Niebler

-- By Laurens Cerulus
2/7/18, 1:17 PM CET

Europe has a unique chance to set global standards for how the Internet of Things is secured against hackers, according to the member of the European Parliament taking the lead on writing new cybersecurity rules.

The Commission in September proposed a Cybersecurity Act that would develop a European "trust label" to show to customers how well a product is protected against hackers. It was in response to a massive internet breakdown at the end of 2016 caused by a network of computers called the "Mirai" botnet, made up of hacked smart fridges, cameras and other devices.

"From a consumer perspective, we have to ensure that our citizens have trust in products, IT solutions and internet services," said cybersecurity rapporteur Angelika Niebler, a German Conservative MEP and lead figure in the Christian Social Union.

"We have a strong industrial base in Europe and we can play a lead role in the world on cybersecurity, as Europeans, if we manage to go for a standard, for a certification scheme," she said, comparing it to how Europe regulated energy labels on refrigerators.

"We have a huge profile in the world on data protection, always trying to find a fair balance between the interests of everyone involved. On cybersecurity, we have a real chance if we do the job properly," she said. POLITICO caught up with Niebler recently at the European Parliament in Brussels to ask her how she plans to unite MEPs on the issue in the months ahead.

Colleagues of yours say a voluntary scheme won't actually change things.
The proposal from the Commission that we go for a voluntary scheme is the right one, I think. If our voluntary scheme is not working, we [then] might have to ensure that we get more pressure on the stakeholders [like manufacturers]. But this is not yet sorted out and I am not in favor of an interventionist approach.

We also don't yet know who it is that we are targeting: Is it the consumer, is it industry, is it national governments? We need some debate on the scope of application. Do we include all IT solutions, software, hardware? Or do we start less ambitious, maybe concentrating only on the Internet of Things?

We should start with the voluntary scheme, but keeping the wording of the Cybersecurity Act open. And if it is not working, make sure we have an easy way to move on and make a mandatory scheme possible.

You have roughly one year to draft a Parliament position and finish negotiations with EU Council. Doable?

This is not a very hot potato for political parties. Like with data protection, everyone wants to make a good deal, make a good proposal. In Parliament we'll get it through rapidly.

My feeling is we'll have the big debates with Council. Especially the big member states could be reluctant as they might fear a conflict of competences between ENISA [the EU's cybersecurity agency] and their national agencies.

Germany has a strong cybersecurity model: Its agency is respected, its cyber industry established and Germans understand the risks. Can it inspire European lawmakers?

The German model is a good model and could serve as an example, but it is not the only good model. What I learned from French colleagues is that France has a very well-established model too.

Member states that don't have the power would be supported by offering them a European scheme. That's what Europe is about. We do not have to do everything in 28 ways, let's share resources where we can.

The Commission's proposal boosts the powers of the EU's cybersecurity agency. Do you plan to change much of what's proposed?

There is a commitment from everyone working on the file that we have to strengthen the mandate of ENISA. I haven't heard any of my colleagues not being in favor of a permanent mandate.

Regarding the staff and financial means of ENISA: We really have to push forward. How many employees does ENISA have? Around 80. The German Federal Office for Information Security (BSI) has more than 800. We should go for a strong ENISA. This means doubling the staff, at least, in personnel and in budget.

Regarding the certification scheme, we have to figure out what role they're going to play.

What we have to make sure is that we make people aware that we have a European cybersecurity agency that's doing good work. With the WannaCry attack they did a good job. We can promote that.

This interview was edited for length and clarity.

To view online: https://www.politico.eu/pro/q-and-a-with-the-european-parliaments-cybersecurity-rapporteur-angelika-niebler/

Only POLITICO Pro subscribers have access to POLITICO Pro content.

9. KW 2020

25. Februar 2020
Medienempfang der CSU-Landesleitung, Passau

26. Februar 2020
10.00 Uhr: Politischer Aschermittwoch in Passau

26. Feburar 2020
18.00 Uhr: Politischer Aschermittwoch, Vaterstetten

27. Februar 2020
10.30 Uhr: Waldgespräch des CSU-Kreisverbandes Ebersberg im Ebersberger Forst

10. KW 2020
Fraktionswoche, Brüssel

4. – 6. März 2020
Sitzung des EVP-Fraktionspräsidiums

8. März 2020
15.00 Uhr: Veranstaltung zum Weltfrauentag des CSU- und FU-Ortsverbandes Gräfelfing-Lochham, Bürgerhaus Gräfelfing

11. KW 2020
Plenarwoche, Straßburg


Diese Website verwendet Cookies. Durch die Nutzung dieser Webseite erklären Sie sich damit einverstanden, dass Cookies gesetzt werden. Mehr erfahren