Pascal Steichen, the CEO of Luxembourg House of Cybersecurity, talks about cyber-resilience and cloud computing in Europe and in Luxembourg.
The 2023 edition of the International Cybersecurity Forum (FIC 2023) took place on 5, 6 and 7 April in Lille (France). The theme (“In Cloud we trust?”) focused on digital transformation, public cloud computing, and on cloud-related security, trust and sovereignty issues. The Luxembourg Chamber of Commerce in close cooperation with the Ministry of the Economy and the Luxembourg House of Cybersecurity organized the Luxembourg pavilion.
Pascal Steichen the CEO of Luxembourg House of Cybersecurity and chairman of the European Cybersecurity Competence Centre talks about the cybersecurity challenges of cloud computing.
Pascal Steichen, a Luxembourg delegation attended the FIC 2023: what were the main goals?
Our primary objective is to promote the Luxembourg ecosystem, to meet and discover what is currently being done in terms of cybersecurity in France, in the rest of Europe and even in the world, as a Quebec delegation was present this year.
Another objective is also to help Luxembourg companies access European markets and export their expertise for instance on the French market. The Luxembourg pavilion is also present in Germany at the it-sa trade fair for IT security held in Nuremberg every year in October.
A third goal is to identify start-ups that could be interesting for the Luxembourg market and make them come to Luxembourg.
What were the delegation’s main takeaways?
This year, Luxinnovation came with a Luxembourg Cybersecurity & Defence Industry Delegation.
Furthermore, during the fair, the Luxembourg delegation had multiple exchanges with other foreign delegations among others from Belgium, the Netherlands, Germany, Spain, Finland, Switzerland, Sweden, Quebec, Poland, Romania…
During these match-making sessions, members of our delegation made promising contacts with other startups and organizations and decided to collaborate to develop future partnerships.
What were your major takeaways?
The cloud was the main topic of the Forum this year. And when we think of the cloud, we automatically think of everything that relates to the European regulation in terms of solutions, data security and sovereignty.
Conflicts exist in particular as regards to the extraterritoriality of data, primarily between European and American regulations, but also with other countries such as China.
Various European initiatives, which have been recently implemented or remain in the making, were mostly discussed during the presentations and round tables. One of those is the EUCS (European Cybersecurity Certification Scheme for Cloud Services), which will apply to all cloud services in the EU.
European Commissioner Thierry Breton highlighted the “European Cyber Shield” project, which was defined in 2022 in the European cybersecurity strategy.
The ambition is to better manage the cyber threat, through advanced technologies, secure infrastructures, common requirements, increased operational cooperation and effective sanctions.
Thierry Breton also said that “detection speed is a key factor in responding to cyber threats. ” The deployment of a European SOC infrastructure will improve response times and facilitate cooperation to achieve a true European cyber shield.
Together with the European Cybersecurity Competence Centre (ECCC), cross-border SOCs will procure cyber threat detection tools and services. The EU Commission and the ECCC contribute EUR 30 million under the Digital Europe program. The program will also fund up to EUR 72,5 million in grants for cyber threat detection, following a recently opened call for proposals.
Soon, we will launch a Joint Procurement of strategic cybersecurity infrastructures and tools together with one or several other entities – typically public authorities. The aim is to pool money and purchase the solutions and expertise we will need to strengthen information exchange and collaboration beyond borders in Europe.
Today, it is not about coordinating and collaborating on incident situations anymore. The aim is rather to work continuously with surveillance on threats and to exchange information on these threats.
Has Europe started its cloud revolution?
Revolution may not be the best word. There is certainly a need to evolve, to strengthen Europe and its expertise in an intrinsic way. Today there is a huge need to create visibility, to make known what exists and is being done in Europe in terms of cybersecurity.
A forum like FIC 2023 demonstrates that actors, companies, solutions and ideas exist. Some of these ideas have also led to the emergence of start-ups. All these must be made visible, especially to companies that are looking for cybersecurity solutions, and which are not experts in this field.
Mentalities must also change in this area: companies must stop choosing a solution that does everything but is expensive, and of which they use only 20% of the functionalities. Instead, choose a solution that does not do everything, that costs less, but that precisely meets their needs.
In this area, agencies such as the Luxembourg House of Cybersecurity can support them and help them better identify and fulfil their needs, and then choose more specific solutions that correspond to these expectations.
What role will the LHC play in Luxembourg’s cloud certification scheme?
The EUCS scheme covers a wide range of security requirements, by offering all three security assurance levels (‘basic’, ‘substantial’ and ‘high’), defined in the Cyber Security Act.
In each country, an organization (such as ILNAS in Luxembourg) will accredit the qualifications. Private cloud solution providers will certainly opt for high levels of certification, which are economically more cost-effective for them. In the event that no player in Luxembourg positions itself on basic certifications, we will propose an alternative solution.
