In reaction to today’s European Union cybersecurity announcement, SIIA is concerned that the new strategy is too broad in the scope of industries to be covered and will threaten innovation. In response, I issued the following statement:
SIIA commends the European Commission for conducting a thoughtful, comprehensive review of network and information security across the European Union. There is a critical need to focus on the best cybersecurity practices that will help protect governments, businesses and citizens around the world from increasingly sophisticated cyber-attacks.
However, we are concerned about the scope of the Commission’s regulatory approach. It is overly broad, too prescriptive and threatens to suppress the very innovation that will help businesses, governments and citizens anticipate and address changing cybersecurity threats.
The proposal’s cybersecurity performance requirements will likely lead to technical mandates and rigid regulatory standards and reporting obligations. Its scope goes well beyond critical infrastructure, where the harms from cyber-attacks are the greatest. In doing so, it threatens to engulf a broad range of other industries, thereby wasting scarce security resources on areas where the dangers are not urgent.
Today’s cyber threats are global and ever-changing – rigid, far-reaching regulations will almost certainly do more harm than good. SIIA supports policies that provide the necessary flexibility to keep up with rapid technological developments pertaining to both threats and protections. SIIA and its member companies look forward to working with the Commission as it considers this proposal and possible amendments.
Ken Wasch is President of SIIA. Follow the SIIA Policy team on Twitter at @SIIAPolicy.