Earlier this week, Neelie Kroes (vice-president of the European Commission responsible for the digital agenda public-private sector co-operation in cyber security) gave a speech in Brussels outlining the EU’s position on addressing cyber attacks and information security.
Kroes’ delivery nodded towards the European Strategy for Internet Security due later this year, also revealing key elements of the strategy which will impact the private sector:
public and private sector partnerships: focus on collaboration between public and private sector stakeholders to exchange information about cyber attacks
stimulation of private sector measures to improve security: offering incentives to companies to improve processes and technologies to that end (and to raise consumer awareness)
investment in innovation for security technologies: aims to “give the industry the opportunity to test out security solutions in a real life scenario with shared financial risk”, identify gaps and develop technologies to address these gaps accordingly
Interestingly, Kroes specifically acknowledgeD the “business opportunity” afforded by the growing cyber threat in stating: “We can create a new business opportunity: to supply private and public sectors alike with the tools they need to tackle online threats. I want Europe to hold its own in that globally competitive market.”
The Brussels speech in full
Here’s what Kroes had to say…
In the last decade we have seen a transformative change for the Internet. It has gone from promise to delivery: from a technical novelty to the backbone of our economy and society.
But that ever-greater usage carries an implication: in tomorrow’s world, if the Internet is not secured then nothing will be.
Every day, the digital ecosystem boosts productivity, drives innovation and stimulates growth and high-quality jobs. In future, it will be not just a tool for social interaction and economic transaction but will encompass more and more services, health and social care, education, transport and energy grids.
In that world, a resilient and smooth Internet is essential to a stable and growing economy.
At the same time threats are growing. Attacks are going up, they are more numerous and more serious. From those doing it for publicity or notoriety to those involved in organised crime, spying or outright warfare.
We all need to take responsibility on this issue. So we need to act strategically, to give it attention at the most senior level and we need to work together.
Co-operation between the public and private sectors
That includes the public and private sectors co-operating. The private sector owns or controls the majority of ICT infrastructure and is home to nearly all the ICT expertise. No plan for cyber security can ignore this fact because sometimes we need to share information on threats, on risks and on vulnerabilities.
Sometimes that information is sensitive, I agree, but we need to be able to exchange good practices and provide each other with solutions.
Plus, users also have to be actively engaged in securing the Internet. Some users may be unaware of the risks they run online, but their actions – or inaction – may have real consequences for themselves and others.
We recognised the importance of this back in 2009 when we set up the European Public-Private Partnership for Resilience, the so-called “EP3R”; as part of our strategy to protect critical information infrastructures.
EP3R is a forum wherein we can work together on these kinds of issues. Where sectors, private and public, can co-operate on strategic issues of the EU’s security and resilience. Where we come up with a common understanding of how to provide e-communications both continuously and securely, and assess how we can equip ourselves to deal with large-scale disruptions and botnets.
What’s more, because EP3R is European, we can deal with threats and attacks even when they cross borders – as they so often do. Online attackers, online criminals hardly care which country you are based in: they will just look for the weakest link in the chain and go for it.
Threats can cross more than just national borders: they can also cross the Atlantic, so we need to act internationally. And we’re doing that, too.
We’ve set up a joint EU-US Working Group on Cyber Security and Cyber Crime. It’s making significant progress, including the instigation of a common approach to public-private sector partnerships.
We will take this all further in our European Strategy for Internet Security which is due later this year.
What does the strategy mean for the private sector?
What will that strategy mean for the private sector? Three things…
First, I want public and private sector stakeholders to exchange and act on information about cyber incidents and attacks. That might require obliging private companies to notify cyber security breaches, incidents or attacks to the authorities so that we can react quickly to support the company and also minimise the collateral damage.
Second, I also want to stimulate private sector efforts to improve security by providing the right incentives, and by raising awareness among users.
Third, on the supply side I want to invest in innovation for security technologies using the funding tools we have at EU level, like the Competitiveness and Innovation Programme and the Horizon 2020 programme for R&D.
We will give the industry the opportunity to test out security solutions in a real life scenario with shared financial risk. Where gaps are identified in security technology we can develop ways to fill them so we can provide security tools that are effective, trustworthy and easy to use.
That will itself stimulate a new – and increasingly important – industry. We can create a new business opportunity: to supply private and public sectors alike with the tools they need to tackle online threats. I want Europe to hold its own in that globally competitive market.
I want to close by stressing the importance of co-operation. The Internet does not belong to any one group, but attacks on it affect every group. Let’s work together, all sectors, all levels, public and private, national, international and European so that we can safeguard the security of the systems that increasingly underpin our lives, today and in the future.
Neelie Kroes is vice-president of the European Commission responsible for the digital agenda public-private co-operation in cyber-security