In our latest Distilling Cyber Policy podcast episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Despina Spanou, the Head of the Cabinet of the Vice-President of the European Commission. In her role, Despina oversees the European Union's policies on security, migration and asylum, health, skills, education, culture and sports. Previously, she was Director for Digital Society, Trust and Cybersecurity at DG CONNECT.
The discussion begins with the recent history and intentions of EU technology policy making, including the success stories of the EU’s Digital Covid Certificate and the evolution of the NIS 1 and 2 Directives, and the benefits of approaching cybersecurity not just as standalone technology policy, but as a fundamental part of the EU’s collective wellbeing and resilience.
Despina breaks down the EU’s legislative process, with the Commission first developing policy proposals, and then the Parliament (representing EU citizens) and the Council (representing EU member states) co-legislating and negotiating a final version of said policy. Jen emphasizes the difference between “directives,” which member states can implement in their own interpretation, versus “regulations,” which member states must implement word for word.
Despina then delves into the development of the Cyber Resilience Act (CRA), the associated timeline, and some of the implementation challenges - including around developing the European cybersecurity workforce. The conversation concludes with a look towards international cooperation on cybersecurity, including the recent announcement of the US-EU Joint Cybersafe Products Action Plan and the outcomes of the latest U.S-EU Trade and Technology Council meeting.
This week’s news segment features the Office of the National Cyber Director’s summary of their 2023 Cybersecurity Regulatory Harmonization RFI, and the recent White House announcement for bolstering cybersecurity in rural hospitals across the US with the help of Microsoft and Google.
For our new Community Corner segment, we are joined by the awesome Bryson Bort, founder and CEO of Scythe, founder of Grimm, and co-founder of the ICS Village. Bryson shares highlights from the recent Hack the Capitol conference, which focuses on industrial control systems.
You can find the latest Distilling Cyber Policy episode on Spotify and Apple. As always, if you would like to submit something for Community Corner, or have topic ideas for upcoming episodes, please email iaj01@venable.com.
Read Next
What States Can Learn from North Carolina’s Approach to Securing Government
As states across the country grapple with how to adopt AI responsibly, North Carolina offers a compelling case study - not because it has all the answers, but because it has built the institutional muscle to learn, adapt, and lead.
Developing a National Cybersecurity Strategy
Developing a national cybersecurity strategy is a critical investment a government can make to secure its future. This paper outlines the components and offers a framework with the tools to design, implement, and improve their strategies.
FedRAMP Signals Acceleration of Requirements for Machine-Readable Packages in the Rev5 Process
FedRAMP has proposed modifications to the Rev5 process in the newly published RFCs that could enact major changes and require Cloud Service Offerings to provide authorization packages in a “machine-readable format.”
