In the Cybersecurity strategy of the European Union, the EU reaffirms the importance of all stakeholders in the current Internet governance model and supports the multi-stakeholder governance approach. Indeed, the multi-stakeholder approach is fundamental to the development of successful standards, particularly in the area of Cybersecurity where public sector requirements are implemented to a large extent by private sector service providers.
In the field of promoting a Single Market for Cybersecurity products, the Cybersecurity strategy underlines the importance of the ETSI CEN CENELEC Cybersecurity Coordination Group (CSCG) and ENISA, by stating: ‘the Commission will support the development of security standards’; ‘Such work should build on the on-going standardisation work of the European Standardisation Organisations (CEN, CENELEC and ETSI), of the Cybersecurity Coordination Group (CSCG) as well as on the expertise of ENISA, the Commission and other relevant players’.
The Cybersecurity Coordination Group (CSCG) of CEN, CENELEC and ETSI is the only joint group of the three officially recognised European Standardisation Organisations with a mandate to coordinate Cybersecurity standards within their organisations. The CSCG was created in late 2011 to provide strategic advice on standardisation in the field of IT security, Network and Information Security and Cybersecurity.
In response to the European Union’s Cybersecurity Strategy, the CSCG has published a White Paper with recommendations on digital security. The CSCG’s recommendations underline the importance of Cybersecurity standardisation to complete the European internal market and to raise the level of Cybersecurity in Europe in general.
ENISA has worked in 2015 on the Recommenendations #1 (Governance framework for the coordination of Cybersecurity standardisation within Europe) and #2 (Definition of Cybersecurity). As results, two studies were published: