In our latest Distilling Cyber Policy podcast episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Despina Spanou, the Head of the Cabinet of the Vice-President of the European Commission. In her role, Despina oversees the European Union's policies on security, migration and asylum, health, skills, education, culture and sports. Previously, she was Director for Digital Society, Trust and Cybersecurity at DG CONNECT.
The discussion begins with the recent history and intentions of EU technology policy making, including the success stories of the EU’s Digital Covid Certificate and the evolution of the NIS 1 and 2 Directives, and the benefits of approaching cybersecurity not just as standalone technology policy, but as a fundamental part of the EU’s collective wellbeing and resilience.
Despina breaks down the EU’s legislative process, with the Commission first developing policy proposals, and then the Parliament (representing EU citizens) and the Council (representing EU member states) co-legislating and negotiating a final version of said policy. Jen emphasizes the difference between “directives,” which member states can implement in their own interpretation, versus “regulations,” which member states must implement word for word.
Despina then delves into the development of the Cyber Resilience Act (CRA), the associated timeline, and some of the implementation challenges - including around developing the European cybersecurity workforce. The conversation concludes with a look towards international cooperation on cybersecurity, including the recent announcement of the US-EU Joint Cybersafe Products Action Plan and the outcomes of the latest U.S-EU Trade and Technology Council meeting.
This week’s news segment features the Office of the National Cyber Director’s summary of their 2023 Cybersecurity Regulatory Harmonization RFI, and the recent White House announcement for bolstering cybersecurity in rural hospitals across the US with the help of Microsoft and Google.
For our new Community Corner segment, we are joined by the awesome Bryson Bort, founder and CEO of Scythe, founder of Grimm, and co-founder of the ICS Village. Bryson shares highlights from the recent Hack the Capitol conference, which focuses on industrial control systems.
You can find the latest Distilling Cyber Policy episode on Spotify and Apple. As always, if you would like to submit something for Community Corner, or have topic ideas for upcoming episodes, please email iaj01@venable.com.
Read Next
FedRAMP Unveils Next Phase of Modernization
ADI and FedRAMP hosted an event unveiling FedRAMP 20x Phase II, which discussed accelerating and automating cloud service authorization for federal use and cutting down time, effort, and paperwork in favor of efficiency, trust, and cybersecurity.
Yet Another Blog About “Cyber Defense”
We’re stuck in a loop: large scale attacks happen, experts lament, voices call to unleash the private sector, debate ensues, nothing changes. But will it be different this time?
CyberNext DC 2025 Preview
On October 8, the Cybersecurity Coalition and Cyber Threat Alliance will host the annual day-long CyberNext DC to examine this evolving cybersecurity policy landscape.
