They should do more Model UNπ€
28.04.2025 06:45
π 1
π 0
π¬ 1
π 0
They should do more Model UNπ€
We missed you guys last week!! π₯²
Do not shorten the show!! Love every second of it!!
Thanks to @techpolicypress.bsky.social for publishing my thoughts!
Europe can certainly build technological platforms and improve processes β this is not the main problem.
Solving these issues requires more than identifying operational tweaks and engineering efficiencies because streamlining regulation is more about politics than operational optimization.
Cybersecurity Policy Harmonization: how should it be done?
Today, cybersecurity is regulated by hundreds of policies at the EU and national levels. Building a comprehensive overview that allows us to identify what should stay and what should be scrapped is a daunting task.
Who would be the European Rob Joyce? Not in terms of job role, but insights, personality, tech/policy mix
Very nice to see some rigorous research into governance and cybersecurity awareness. Well overdue.
Perceived Rigor (RSR): This dimension captures how strict or demanding employees perceive the SRs to be.
Perceived Legitimacy and Effectiveness (LESR): This dimension reflects how legitimate and effective employees believe the SRs are in protecting organizational information.
To be more precise:
Employees' attitudes toward SRs are multidimensional, comprising two main factors:
The paper "It is not only about having good attitudes: factor exploration of the attitudes toward security recommendations" how employees perceive and evaluate security recommendations (SRs) within organizations.
By Miguel A Toro-Jarrin, Pilar Pazos, Miguel A Padilla
academic.oup.com/cybersecurit...
If you are developing and enforcing security policies and recommendations across your organisations, ask yourself two questions:
1. Will people actually believe it is effective to protect the org?
2. Will people find it too strict or demanding?
I am a 20y experienced red teamer. I took up 2 jobs as a blue teamer and I burned out. Thatβa why I do policy now.
Quote
Is the EC doing anything with US authorities on the telco hack?
- Yes, we are tracking it.
How can we avoid duplicating efforts with international partners?
- There is no duplication or overlaps. The same stakeholders are working together.
EU Space Law: Is Space a critical sector? Should we combine it with NIS/CRA?
- Yes, critical, and covered by NIS and CRA.
What is the timing for mutual recognition under the CRA?
- Very important item on the agenda
Will the UK Cyber Bill align with EU legislations?
- To be discussed today during the Dialogue.
Qs:
What about research? What is the plan? The budget has been going down.
- We do need more funding, focusing on PQC, GenAI, cyber defense.
What should be done for the electricity sector?
- We are looking at specific sectoral RAs and the supply chain.
Hospitals? They are completely not ready. Weβve seen so many mining bitcoins - they had already been compromised.
Piotr Ciepiela, Cybersecurity Leader, EY Partner.
The private sector is raising concerns about the amount and harmonisation of legislation.
At the same time, is important to have those regulations.
On the international side, we have been working with the US, UK, Japan, Korea, and Ukraine. Plus the Italian Presidency of the G7 set up a dedicated working group on cyber.
Last, the full implementation of the 5G toolbox.
We need to make sure our critical entities have the enabling tools and tech.
The revision of the Cybersecurity Act, with the mandate of ENISA and the certifications.
We are evaluating the Blueprint. We need to take into account the latest legislative changes, from NIS2 and Cyber Solidarity Act.
Among the new things that are going to come, in January, an Action Plan for Healthcare in Cybersecurity will come out. Why hospitals? Because of the threat landscape in this sector.
There is very strong commitment to streamline regulation. We are doing a screening now to identify areas where we can simplify. We are keen to hear from industry and companies. Consider this as an invitation.
Christiane Kirketerp de Viron, Acting Director, Digital Society, Trust, and Cybersec
Lorenzo Pupillo kicking off CEPS Cybersecurity Summit 2024
Special bonus point? A reference to Roger Federer in a cybersec book.