Sir Julian King, commissioner for the Security Union, European Commission, told delegates at the Forum International de la Cybersecurite this week how 2017 was the year that many finally became aware of cyber-security due to the huge attacks which were able to proliferate fast and overcome borders - with WannaCry in particular. He added (in French, hence quotes below are translations) that it is expected there will be 50 billion connected devices by 2020, and noted how we are increasingly seeing cyber-attacks from state actors - attacks on platforms, dissemination of terrorist messages and fake information.
“No one is free from these threats. It's now an emergency situation,” he told delegates, going on to explain how the creation of a single market depends on the trust of consumers. “We need to invest more in cyber-security as more challenges are faced, where rules are still to be defined. We can define our own European way and turn challenges into opportunities. But we need to act and strengthen our defences now; new measures have been taken. A new strategic approach was launched in November last year to improve resilience, accountability and traceability and increase cooperation - public/private, technological, operational and defence.”
King then referred to the EU NIS directive - (on information and network systems) which he described as, “The first pillar of European action, to be finalised by the end of May and implemented by December."
It will, “Harmonise preparedness levels by (EU) members and exchange information. Then in September we see establishment of a new agency for Europe on Cyber Security - to give better support to member states as not all are at same level of cyber-security. It will better structure collaboration between states and provide assistance to those who need it most.”
Other aims include ensuring uniformity of approach through certification, with agreed European processes, products, etc so that a certificate issued in one state will be recognised in all states, ensuring the reliability of EU partners, and it could even be provided outside the EU. “It needs to be the best model, based on what has already been achieved in France, leveraging existing certification schemes, but it should take a pan-European dimension,” he added.
To build resilience, guidelines must be drawn up regarding how to cope with large scale cyber-attacks. We need to strengthen R&D on cyber security and to help this there should be public/private investments of €2 billion in the EU by 2020.”
The European centre will also encompass legal approaches to cyber crime, to equalise the fight, allow use of electronic evidence from outside EU, and provide more robust deterrents at an EU level. Political and diplomatic remedies should also be pursued, with a strategic framework for cyber-attacks developed EU wide.
Economic sanctions and international cooperation should also be considered with the EU commission looking at hybrid threats and how it can cooperate with like-minded bodies such as the EU, Nato, UN, and OECD working together.
“Regulations should and must play key role, and we must get people to abide by regulations; we all need to deploy our own cyber-protection, implement this new legislation and upgrade our cyber protection,for ourselves and our clients.”
While the theft of data is very detrimental to companies and societies, we are also now faced with disinformation online with the advent of fake news. King described this as, “A new vector to destabilise our democracies from inside, questioning our values, free expression, pluralism and debate. And there is dissemination of messages leading to instigate terrorism.”
To fight against fake news, King said that we need to better prepare our citizens and show zero tolerance against cyber-terrorism by taking all measures necessary.
King concluded: “Only by working together can we face these threats.”