In this exclusive interview, we had the privilege of speaking with Luca Tagliaretti, the Executive Director of the European Cybersecurity Competence Centre (ECCC). As a key figure in shaping Europe’s cybersecurity landscape, Luca will share the agency objectives, its strategic importance, and the challenges it faces in an evolving digital landscape. As cybersecurity becomes increasingly critical for both public and private sectors, Luca’s insights will shed light on how the ECCC aims to foster collaboration, innovation, and resilience across Europe.
- Q: Considering that Romania is hosting a European Union agency for the first time, how do you think the ECCC will impact the field of cybersecurity, and will it create development opportunities in this domain?
A: The presence of the ECCC is Romania brings mutual benefits. Bucharest offers a perfect location for the centre with skilled workforce and a good ecosystem of cyber companies and expertise. At the same time having the ECCC is Romania shall benefit the local companies in having access to information, attendance to events and cross pollution of expertise. This is already measurable by the high number of successful applications for grants received by Romanian companies.
- Q: How does the European Cybersecurity Competence Centre (ECCC) define its mission within the cybersecurity architecture of the European Union, and what are its main responsibilities in this critical domain?
The mission of the ECCC fits well into the overall cyber strategy of the European Union. The ECCC’s mandate is to strengthen the EU cyber resilience, to support investment in research and to increase competitiveness of the EU industry on the global scale. A special focus is on building resilience of small and medium-sized enterprises (SME) to face cyberthreats.
- Q: What are the ECCC’s strategic pillars for the next 5 years in strengthening European cybersecurity and what major initiatives are planned to address emerging threats?
The ECCC strategic agenda, published on the website of the Agency, is based on 8 priorities and 27 individual actions which define the areas of investment and joint efforts. The main pillars of the strategy are:
- Support SMEs to develop and use strategic cybersecurity technologies, services and processes:
- Support and grow the professional workforce:
- Strengthen research, development and innovation expertise in the broader European cybersecurity ecosystem.
In particular for the first pillar the ECCC will invest significant funds for development of key technologies for cybersecurity to be used by SMEs and government. This include PQC and AI.
- Q: How does the ECCC collaborate with other essential cybersecurity bodies, such as ENISA or NATO partners, to create a coordinated defense network?
ENISA is the natural partner of the ECCC as most of our actions are coordinated with them. ENISA is member of the ECCC Governing Board, and its representatives are involved in the thematic working group of the Agency. For what concerns cooperation with NATO, this can only happen within the larger EU-NATO Agreement and cannot be done by single EU bodies.
- Q: From the ECCC’s perspective, what are the main trends in the evolution of cybercrime, and how do these affect European society as a whole, both economically and socially?
The ENISA Threat Landscape indicates Ransomware as the top threat for the next year and the one with the highest economical costs. However, from a more strategic viewpoint it’s important to note that state-sponsored cyber-attacks to critical infrastructure are very serious threats that need a systemic response. These attacks have increased in number and impact following the complex geopolitical situation and increase of hybrid warfare.
- Q: What priority measures has the ECCC adopted to combat ransomware, and how do these measures contribute to the prevention and management of such attacks at the European level?
Fighting ransomware as a crime is mainly a task of Europol and the EC3 lab in cooperation with national law enforcement agencies. The ECCC role is more in prevention and raising awareness. Few ongoing grants are related to increasing resilience of industry and private citizens to mitigate or stop ransomware attacks.
- Q: Given that critical infrastructures are increasingly frequent targets of cyberattacks, how does the ECCC plan to improve their resilience against potential threats?
Attacks to critical infrastructures is a growing threat that need to be properly address especially in view of the increased use of hybrid attacks as a result of the unstable geopolitical situation. To strengthen resilience of the critical infrastructure the ECCC is supporting (with the dedicated funds) the implementation of the NIS2 Directive and the creation of a network of cross-borders cyber hubs that will act as early detection and response centre in case of cyber-attacks to critical infrastructures around Europe.
- Q: What strategies is the ECCC implementing to counter disinformation and digital manipulation, phenomena that directly impacts the functioning of democratic processes in Europe?
The ECCC does not have a direct role in the implementation of the Digital Services acts or in countering disinformation. These are activities coordinated by the European Commission directly with the involvement of the national cyber agencies.
- Q: How does the ECCC aim to raise public awareness about cybersecurity threats and encourage the adoption of best practices at both individual and organizational levels?
Raising awareness and increasing competence on cybersecurity is one of the pillars of the ECCC mission. We do that by financially supporting dedicated events and initiatives at member states level and partnering with specialized organizations. One large initiative for 2024 was to work with ECSO (the ECCO project) for the organization of events, webinars, conference and seminars to raise awareness. This effort will continue and grow in the future with the ECCC taking a more prominent role in organizing large EU events in cooperation with ENISA and member states.
- Q: What are the main challenges and emerging opportunities that the ECCC anticipates in the field of cybersecurity over the next decade?
For the next 3 years, the ECCC will focus on four main areas which are considered existing and emerging threats. These are: Artificial Intelligence for cybersecurity; Post Quantum Cryptography; implementation of the Cyber Solidarity Act to increase resilience of critical infrastructures and finally preparedness of SMEs to cyber-attacks. In these areas the ECCC will invest more than 350 million euro for EU projects.
- Q: What is your opinion on the level of cybersecurity development in Romania, based on the Cybersecurity Dialogues Congress in Sibiu, where you represented the ECCC?
Romania has a very dynamic ecosystem of companies that compete at international level with good success. In addition, the Romania universities educate very skilled professionals that are often recruited abroad for their knowhow. The challenge for the policy makers is to create incentives and the right conditions for the young talents to remain in Romania rather than moving abroad. You have all the potentials for becoming the centre of excellence in cyber at European level and I hope the presence of the ECCC will help this process.