The heads of the European and French cybersecurity agencies, who spoke to French senators on Thursday morning (6 May), called for more cooperation between EU countries and additional resources, pointing to much higher spending on cybersecurity in the United States.
The French Senate welcomed Juhan Lepassaar, director-general of the European Network and Information Security Agency (ENISA), and Guillaume Poupard, director-general of the French National Agency for the Security of Information Systems (ANSSI), for a discussion on cybersecurity in Europe.
In particular, Lepassar pointed to the fact that EU institutions “spend on average 41% less on information security than their American counterparts”.
As part of the Digital Europe Programme for 2021-2027, the EU has pledged to invest €1.6 billion in this area. On top of that, 20% of the budget from the EU’s recovery and resilience facility will have to be spent on the digital transition – including the fight against cyber threats.
Last February, in response to a surge in cyberattacks, particularly targeted at French hospitals, the French government unveiled a €1 billion package dedicated to the creation of a “cybersecurity ecosystem”.
Lepassar also made a point of “thanking the French Republic for being a pioneer in strengthening European cybersecurity”.
For his part, Poupard, the head of ANSSI, told senators about three major threats: “serious crime”, “espionage”, which is extremely serious, and “quasi-military” attacks, which can “create a nationwide blockage”.
‘Cybersecurity touches all policy areas’
Lepassaar insisted that “cybersecurity touches all policy areas” and called on French senators to adopt a more of a horizontal approach when writing legislation, “a bit like the climate and environmental aspects at the moment”.
“We need closer international cooperation”, he added – a request echoed by his French counterpart who aims to work more “in a network” with the “permanent concern not to encroach on issues of national sovereignty”.
While a certification system for the cloud is about to be set up, Poupard said that “for the most critical systems, only European law should apply” – referring to more intrusive data legislation, especially in the US.
Poupard also welcomed the fact that the revision of the Network and Information System Security (NIS) Directive, which “establishes measures to ensure a common high level of security of networks and information systems in the Union in order to improve the functioning of the internal market”, is expected to be completed during the French EU Council Presidency in the first half of 2022.
[Edited by Zoran Radosavljevic]