With a new Communication on the EU’s Cybersecurity Strategy announced today, it is crucial for the EU to draw on lessons from the COVID-19 crisis, argues Hanane Taidi, Director General of TIC Council, the global voice of the independent testing, inspection and certification sector.

If 2020 has taught us anything, it is that we should expect the unexpected and prepare for what we know but also for what we don’t. This is easier said than done.

While the priority of governments and society as a whole must remain on mitigating the impact and spread of COVID-19, for the future it will be extremely important to learn lessons on preparedness, planning and resilience for society but also for our economic activity.

This is particularly relevant when we look at the pandemic’s impact on the use and dependence on digital services and products. While we may have relied on digital and IT systems before, their vital place at the heart of our economic and social activity has been further reinforced as we switched to telework, online healthcare, shopping, banking and more.

The seamless nature of this transition did not come without risk and, at EU level, there is an urgent need to ensure that existing cybersecurity policies and legislation are implemented fully in order to deliver the highest level of online safety and security. The European Commission’s upcoming Communication on Cybersecurity, and proposals for at Digital Services Act and Digital Market Act on Dec 15, must tackle the delays in implementing the 2018 Cybersecurity Act, speed up the EU-wide cybersecurity certification framework, and provide a safe single market for consumers on and offline.

This is important because the delivery of high-quality online services requires third party testing and certification in order to ensure safe, secure, and trusted digital products. We may all have been told to watch out for the dreaded ‘zoom-bombing’, but the cybersecurity threats that arise as we become even more digital go far beyond this. From DoS attacks to phishing and hacking threats, safeguarding against these threats, and delivering safe and secure online services requires the collaboration and work of all stakeholders.

In 2019, TIC Council conducted, along with Longitude (an FT company), a survey among businesses to understand the evolving landscape of risk management. Unsurprisingly, a global pandemic was not identified as a potential risk by respondents, but there was a deep awareness of the importance of cybersecurity threats, ranked second after climate change as the greatest risk area in the survey. This focus and work on cybersecurity has paid dividends during the pandemic, with no major cybersecurity incidents being experienced despite the acute turn to digital.

During this period, TIC services have been working with companies to provide third party certification and ensure the continued delivery of products and services. Vitally, this was carried out to ensure that the medical and pharmaceutical sector could cope with the major load that was placed upon it while also dealing with threats resulting from increased digitization. The demand for widescale cybersecurity transformation is of the utmost importance to ensure the safety and wellbeing of patients and healthcare professionals. The need for certified solutions will continue apace as businesses, governments and indeed the healthcare sector increasingly implement new technologies, from AI to blockchain.

These services need to be enabled and supported through the proper policies and legislation. At EU level, it is vital that there is a proper implementation of the Cybersecurity Act. The 2018 Act introduced the first EU-wide cybersecurity certification framework for ICT products, services, and processes. However, the rolling work plan to identify the strategic priorities of the framework has been delayed repeatedly.

Its overdue adoption early next year, a few months behind the planned process, will ensure that there is clarity and a focused strategic direction for EU certification schemes, with high assurance levels especially for connected devices which are used by citizens and businesses across the continent, as well as industrial systems and eventually 5G connectivity.

As we become ever more digital, it is vital that we have robust policies and legislation implemented effectively which allow products and services to be independently tested and certified and meet internationally recognized standards. This enables supply chains to keep moving and gives confidence to people so that they know they can work and communicate safely and securely online.

This point will be key, as supply chain disruption was one of the major impacts of the pandemic. The over reliance on a remotely located supply chain led to dangers such as lack of preparedness relating to Personal protective equipment and the proliferation of counterfeit, unsafe and non-compliant products.

Moving forward, as economies reopen, the challenge for TIC sector will be to act more than ever as an ally for all industries and regulators to provide assurance on safety and compliance.

About TIC Council: TIC Council is an international association representing independent testing, inspection, and certification companies. It brings together more than 90 member companies and organizations from around the world to speak with one voice.