1. What exactly is ‘Trust and Security’ in the digital field? Is it just about cybersecurity?
Trust represents the primary concept that allows our society to function. This concept can be transferred into the digital world and enable us to build trust with others. Cybersecurity is very important in this context, but having the tools and technologies which actually enable us to build this trust is as important as being able to use those tools in a secure way.
Digital trust services and digital identity services help modern societies and enterprises to speed up social and business interactions and build trust across geographies, while helping individuals and companies to deliver value with lower operational costs and be truly digital.
Digital signing and electronic identity services are two of the major products that speed up digital interactions between participants, for example in public services, the payment of taxes or the signing of legal contracts.
As a part of the EU4Digital project, digital trust and cybersecurity play an important support role, and they enable all other aspects of the digital economy and society to deliver value in a secure way.
2. How developed is trust and security in the Eastern partner countries? Does the region lag behind more advanced digital economies in this area, and what are the implications?
The Eastern partner countries have a well-developed technological basis when it comes to trust services, but the main difference with EU member states is that each Eastern partner country operates under a different regulatory framework from its counterparts. Enabling cross-border mutual recognition of trust services between the Eastern partner countries and EU member states requires some effort on the harmonisation of regulatory and organisational frameworks, in order to achieve the required compatibility level when it comes to readiness for mutual recognition between Eastern partner countries.
3. So what is EU4Digital doing to help close the gap on trust and security?
The main objectives of the EU4Digital project in the area of trust and security are to identify potential issues for cross-border mutual recognition of trust services and to offer a practical action plan and assistance to overcome those issues.
4. Between which countries is EU4Digital piloting eSignatures? What will this actually involve?
EU4Digital’s pilots in digital trust services aim to prove that in a modern 21st century society there are processes, tools and technologies that can enable two countries to recognise each other’s digital trust services, thus enabling and growing the digital economy between them.
Two pilots will be implemented to demonstrate that compatible and compliant digital signatures can be issued and validated, one involving two Eastern partner countries, Ukraine and the Republic of Moldova, and one between an Eastern partner and an EU member state, Ukraine and Estonia. The eSignature pilot will help us to identify the existing gaps and obstacles from the regulatory, organisational and technical perspectives, allowing us to outline an action plan for post-pilot activities required to achieve the required level of cross-border mutual recognition. The pilots are scheduled to be implemented during April-September 2020.
5. If the pilot works, will it be extended across the region? Could we ultimately hope to see it stretch to the whole EU area?
Enabling cross-border recognition between EU member states and the Eastern partner countries is the ultimate goal of the Trust and Security team. It is an ambitious goal, but one that can be achieved. The first steps will be to identify and share all the lessons learned during the pilots with all the partner countries and to define common guidelines for the region to achieve legal, organisational and technical readiness, so that this can be a common path adapted and included in national roadmaps for all the Eastern partner countries.
6. What are the main cybersecurity challenges in the region? How is EU4Digital helping to build up resilience in the partner countries?
An analysis of state regulations, policies and security measures already implemented by Eastern partner countries has allowed us to identify the main cybersecurity challenges in the region, which are:
- Lack of qualified personnel and resources in the cyber area;
- Insufficient dedicated and systematic funding;
- National Cyber Strategies not established, outdated and not aligned with the EU’s Directive on security of network and information systems (NIS Directive);
- Outdated national legislation not compliant with current EU legislation and cybersecurity standards;
- No regular cyber risk assessments performed at a national level;
- National-level contingency plans not established;
- Critical Information Infrastructure (CII) lists at national level not defined or incomplete.
Through the EU4Digital project, a set of good practices and recommendations in the field of cybersecurity was identified and prepared for national authorities in the form of guidelines. These guidelines provide recommendations on how to continue with the development of their cybersecurity and for effective practices in developing, implementing, evaluating and maintaining cybersecurity measures. This will contribute to a stronger and more resilient cyberspace among the partnership countries and decrease the risk of disruption or failure of network information systems.
Furthermore, the detailed overview of cybersecurity in each Eastern partner country – state of play, main challenges and next actions provided in the individual country reports – will serve as an input into the EU4Digital: Improving Cyber Resilience in the Eastern Partnership Countries programme.