By spring 2023, the CCB should count 120 employees: 60 more than a year ago. Phédra Clouner, Deputy Director, explains “We are fully engaged in the implementation of the European Cybersecurity Act. It introduces a cyber security certification framework for ICT products, services and processes for the whole EU. Each member state must appoint a National Cybersecurity Certification Authority (NCCA) for this purpose. In Belgium, that task has been assigned to the CCB. This move will entail extra work, hence the significant recruitment.”
A lever for internationalisation
The certification body has a double mission: firstly, it will represent Belgium and Belgian interests at the European level, including in determining the schemes that will be used for cyber security certification. “The concrete elaboration of the Cybersecurity Act has yet to take shape. We already know that there will be three levels of certification: ‘basic’, ‘substantial’ and ‘high’. As NCCA, we will issue the certificates for the highest level, and will also be responsible for monitoring this European certification in Belgium.”
According to Clouner, the importance of European cyber security certification cannot be underestimated: “We will finally have a uniform system to compare the cyber security of IT products, services and processes. For companies, it means only going through certification once for the entire EU. This can become an important lever for the internationalisation of Belgian companies. Moreover, our ambition is to become one of the European countries that is least vulnerable to cyber threats. The more we can certify at a high level, the more this will contribute to cyber security.”
Many regulations in progress
In addition, the CCB remains the national coordinating body for cyber security. “There are many European regulations coming up or being implemented. To give one example, the NIS2 directive, which aims at enhancing and monitoring the cyber security of critical sectors,” says Clouner. “By 2024, digital service providers and new sectors including the public sector, postal services, chemicals and manufacturing will also have to comply with new requirements. This is a whole new security framework that we are preparing.”
At the same time, the European Union is increasing investments in research and development, and in innovation in the field of cyber security. The European Cybersecurity Competence Centre (ECCC) was set up for this purpose. “The aim is to pool and better coordinate research, technology and industrial development investments in the field of cyber security in the Union, across the borders of civilian and defence organisations. The ECCC will also manage financial support from, in particular, the Horizon 2020 and the Digital Europe Programme. Our role is to be the national hub and support this competence centre and coordinate investments from the EU programmes in Belgium,” Clouner explains.
New initiatives for 2023
In order to offer Belgian projects a greater chance of European financial support, the CCB will set up the Belgian Strategic Advisory Group in 2023. “We will gather representatives from the Belgian cyber ecosystem around the table: representatives of government services, academia, and stakeholder organisations. In this way, we will get a good view of what is happening in the field, and we can better inform the community, through all of the partners, about investments the EU can potentially support.”
Another priority for 2023 is to further increase the cyber resilience of the Belgian economy. “We will fully focus on raising awareness and cyber resilience among companies, through the portal 'safeonweb@work' and a campaign, which will also run on television. We will develop tools to help companies evaluate their cyber security maturity and identify their vulnerabilities, and direct them to specialised advice, for example. Finally, we are working on a quality label for websites, which will allow users to easily see whether the site they are visiting is sufficiently secured,” concludes Clouner.