- Working groups
Trust is vital in today’s hyper-connected society. Digital businesses operating without high levels of online security risk are being left behind as other competitors deliver on customer demands for secure services and products. Both the ICT industry and policymakers are aware of the importance of high network information security, but somehow this is not always well reflected in terms of legislative action.
Telecom operators have been at the forefront of this debate for many years, protecting citizens’ personal data and ensuring network security, an area that was recognised as being important during the last Framework Directive debate, leading to additional obligations for telecom operators which were subsequently taken up. In a recent survey published in ETNO’s Agenda for Europe, the UK consultancy ComRes found that customers are most likely to trust telecom operators, as opposed to other service providers, reflecting telcos’ well-established position in the digital value chain. Telcos are committed to continuously improving their security and data protection standards, both as a commercial differentiator and as a response to customers’ needs.
EU decision-makers are currently reviewing an important piece of legislation. A draft Directive on Network and Information Security (NIS) is being discussed by the Member States of the Council and the debate is at an advanced stage, thanks to efforts by the EU Italian Presidency to progress this file. This is a fundamental milestone in the development of a modern framework for defending citizens and businesses’ data across the Continent.
ETNO, together with other industry peers, welcomed the initial European Commission proposal, which – for the first time – introduced minimum security requirements on the so called “Internet enablers”. Since the Internet is the backbone of modern societies and economies, any significant failure is likely to have consequences far beyond the online world, and so the Directive proposal was a very positive step in helping to ensure a cyber-safe society. A single European cyber-secure market can only properly function with a holistic approach addressing a large number of actors of societal and economic value who - if not already doing so today - will be managing the critical infrastructure of tomorrow.
In our view, minimum security requirements, in particular the adoption of risk management practices and the reporting of security breaches, should apply across the entire digital value chain in the interests of both consumers and businesses.
Take, for example, cloud services. Companies, both large and small, are increasingly outsourcing their IT infrastructure in the cloud. Our observer member Cisco reports that global cloud IP traffic will account for more than two-thirds of total data centre traffic by 2017. Many believe cloud to be the future for businesses, but security will clearly be critical if this is to happen. For this reason, cloud services, as much as other Internet enablers, should remain within the scope of application of the NIS Directive.
This Directive will be pivotal in fostering a good functioning of the Internal Market and for ensuring that European citizens experience a secure and trustworthy digital environment throughout the entire value chain. The opportunity to provide best-in-class, forward-looking security protection for EU citizens should not be wasted.
by Caroline Greer, Public & Regulatory Affairs Manager, ETNO and Cristina Vela Marimon, Chair of the ETNO Data Protection, Trust & Security Working Group