The interinstitutional negotiations with the European Parliament on the new public-public partnership began.
The Council adopted a Partial General Approach (PGA) on the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres, i.e. the new partnership with Member States on cybersecurity scaling up the efforts under the current contractual Public-Private Partnership on Cybersecurity. Concurrently, the European Parliament (EP) adopted the report prepared in the Industry, Research and Energy (ITRE) Committee on the same file in its plenary sitting with an overwhelming majority (489 votes to 73, with 56 abstentions). This new partnership with Member States shall serve as the implementation mechanism for the funding of the cybersecurity elements within the Digital Europe Programme (DEP) and the Horizon Europe Programme (see Swisscore article).
The first trilogue meeting took place on 13 March and promptly concluded due to no major conflicts between the Council, the EP and the European Commission (EC). At the ITRE committee meeting of the 18 March, Julia Reda, rapporteur for the file, mentioned diverging views between the Council and the EP on how far the operational tasks of the Cybersecurity Competence Centre shall reach. Besides, the EP holds the view that the EC and the European Agency for Network and Information Security (ENISA) should handle the dedicated budget, rather than seeing the funds mostly go to national projects. During the ITRE Committee meeting of 25 March, Paul Rübig, shadow rapporteur for the file, mentioned that some differences persist between the Council and the EP, while attesting to the willingness of all parties to reach a final agreement during the third and last trilogue, scheduled for 28 March.
Despite these promising steps towards strengthening the EU cybersecurity landscape, the European Court of Auditors (ECA) points to challenges in making the EU “the world’s safest digital environment” in a new briefing paper issued on 19 March 2019. The ECA highlights several shortcomings, one of them regarding the policy and legislative framework e.g. weaknesses in monitoring and measuring the objectives. The report further mentions the high fragmentation of the funding and spending and the lack of a common cybersecurity governance framework, ultimately affecting cyber-resilience. Finally, the ECA’s briefing paper also reports on the lack of effective mechanisms to respond to large-scale cyber incidents, against the background of the forthcoming European parliamentary elections in May.
In parallel, Switzerland’s two Federal Institutes of Technology (EPFL and ETHZ) announced the launch of a joint Master’s programme in Cybersecurity. Sponsored by the Swiss government, the new programme will be primarily but not exclusively intended for computer science, information technology or communication systems Bachelor students. Set to start in the 2019-20 school year programme, this new Master’s degree aligns with the “National strategy for the protection of Switzerland against cyber risks (NCS) 2018-2022” adopted on 18 April 2018. The programme completes Switzerland’s offering in the field, after the HES-SO Wallis launched a Certificate of Advanced Studies (CAS) in cybersecurity in February 2019.