Cyberattacks know no borders. The fragmentation of Europe and the security initiatives of each country are forcing the European Union to take the lead. It is enacting measures to quickly bring security to the data of more than 500 million people, who have been swept away by the wave of digital and new technologies. The need for European coordination has become a priority for the European Commission, and specifically, the European Commissioner in charge of Digital Economy and Society: Mariya Gabriel.
(Featured Image: Mariya Gabriel, European Commissioner in charge of Digital Economy and Society / Image Credit © Andrei Pungovschi / European Union, 2017)
Digitally speaking, countries are increasingly connected and interconnected. How do you create shared momentum?
Our economy and society are digitizing. It is essential that the confidentiality of our data is guaranteed. There is no single solution to this challenge. That’s why we work on several tracks at the same time. We want to make clear that cybersecurity is a challenge at all levels. It is by uniting our forces and carrying out common actions that we will be able to solve them.
First off, we must ensure that member states have the necessary capacities and authorities to implement the Network and Information Security (NIS) Directive, which defines the cybersecurity obligations of essential state service operators and digital service providers. At the same time, the implementation of the NIS Directive is financially supported by the Connecting Europe Facility.
Additionally, the European Parliament and the Council of the European Union have recently reached an agreement on our proposed cybersecurity law and sent a very strong message. We will, on one hand, strengthen the European Cybersecurity Agency, ENISA, which will receive sufficient human and financial resources to fulfill its concrete operational tasks. It will be able to be more responsive in helping member states. On the other hand, this cybersecurity law creates a European cybersecurity certification framework for the first time.
Our message is twofold: (1) Our citizens deserve access to relevant information, such as the security level of a product they intend to buy. (2) Our industries should be able to develop their activities freely and safely in Europe.
The political agreement on the cybersecurity law recognizes that there are situations in which voluntary certification schemes are no longer sufficient and that we should now consider further steps, for example in making some certifications mandatory.
One thing is very clear today: our economy and society are growing so rapidly with digital technology that our cybersecurity efforts must be permanent.
“Europe is currently facing a huge skills gap – we are talking about a figure in excess of 300,000 people.”
What are the main threats and opportunities cybersecurity brings to Europe?
Nobody is safe from a cyberattack. Cyberattacks do not know borders and are perfected every day. We must respond to them on several levels.
Awareness remains vital. If we do not know what we need to do to improve security, we will be powerless. The SaferInternet4EU campaign is a concrete example that addresses exactly this problem for young people, parents, teachers and cyber experts.
On that note, we also need more cybersecurity experts. Europe is currently facing a huge skills gap – we are talking about a figure in excess of 300,000 people. As part of the new Digital Europe program, with a €9-billion budget, the European Parliament has voted to allocate €700 million to the development of advanced digital skills. The challenge is not only to create new profiles but to bring our talent back to Europe and give them the means to develop their expertise.
Fragmentation is another big challenge. We are not yet at the same level in all member states. We must continue to work to put into place a system of effective cooperation between the different authorities. That’s why we’ve proposed Blue Print, a large-scale coordination mechanism that learns from the WannaCry and NotPetya attacks.
Finally, we recently developed a cybersecurity competence center based in Brussels and a network of competence centers throughout the member states. The new center will ensure coordination and address fragmentation by forging close and permanent links between different communities: research, science, industry, etc. We propose the joint management of cybersecurity projects in future Digital Europe and Horizon Europe programs, complemented by financial contributions from member states. With this mechanism, the Commission and member states can, at each step of the process, monitor the projects together, taking into account the specificities and strengths, and achieve a shared objective.
“We are proposing a budget in the billions of euros to create a joint EuroHPC venture among member states which aims to position Europe as a top-three global leader in the field of supercomputers by 2022-2023.”
Hackers are getting more and more creative. How do we deal with these permanent attacks?
We must recognize that every day new threats appear. It is clear that technological mastery is an important factor in anticipating and countering threats. Here are two examples.
The first is high performance computing (HPC). This can significantly reduce attack identification time from several months to a few weeks or even days.
The second is Quantum. Those who master Quantum technology will have a considerable lead in encrypt and decrypting information.
The European Union has accelerated its commitment in these areas. In 2012, four of the top 10 supercomputers in the world were European. Today, Europe is not even in the top 10. That is why we are proposing a budget in the billions of euros to create a joint EuroHPC venture among member states (25 currently participating), which aims to position Europe as a top-three global leader in the field of supercomputers by 2022-2023.
“It is now essential to bring together all actors (member states, companies, researchers, etc.) around one table so that they can identify the best ways to cooperate in their specific sectors and beyond.”
What do you expect to come out of an event like the International Cybersecurity Forum?
Cybersecurity has become such a priority for our fellow citizens, businesses and the European Union that such discussions are welcome. Europe is at a crossroads with many pieces of legislation (cyber security law and the ENISA reinforced agency, NIS directive, European center of competence in cybersecurity, HPC, Quantum, etc.) and many clearly defined future investments. It is now essential to bring together all actors (member states, companies, researchers, etc.) around one table so that they can identify the best ways to cooperate in their specific sectors and beyond.
A conference like the FIC is an excellent opportunity to continue the discussion, take concrete steps, meet one another, build a network and facilitate proposals, research projects or business ideas – in short, to be actors, not spectators of threats and liabilities. This type of conference can make our daily work easier while ensuring coherence that benefits Europe as a whole.
“Our personal data is not for sale. It’s too valuable. We must ensure that there are backups of our data.”
What do you want to tell European citizens about cybersecurity?
A few very simple things: our personal data is not for sale. It’s too valuable. We must ensure that there are backups of our data. Do not use easy-to-guess passwords. Don’t share them either. In the field of cybersecurity everyone has a role to play.
I would like to thank them in advance for raising awareness about this topic and sharing it with those around them in order to minimize risk and position ourselves to benefit fully.
“We must continue to fight against stereotypes. There are only 17 percent female entrepreneurs in the new technology sector in Europe.”
Involving more girls and women in the digital economy is also at the heart of your plan. What message do you want to give them?
I want to tell them that we are not the United States. We are not China. The strength of the European approach is that we want an inclusive, innovative and values-based digital Europe. As soon as we talk about inclusion, we cannot exclude half of the European population, and when we talk about values, equality between men and women is one of those core values.
I want to tell them to have more confidence in themselves. Our analyses show a growing interest of girls in digital and new technologies; 90 percent of them mention it. However, at the university level, out of 1000 women graduates only 24 are in ICT and only six pursue a career in this sector. For men, those numbers are 92 percent and only 49, respectively. Both are too little!
We must continue to fight against stereotypes. The media has an important role to play in showing what we can be – to give more confidence to young girls and to encourage female entrepreneurship. There are only 17 percent female entrepreneurs in the new technology sector in Europe. But startups led by women show very positive results financially.
It is vital to work together with member states and organizations, locally and internationally, to attract more girls to STEM, make them understand the full spectrum of options and show them that new technologies are not reserved for men.
We need the diversity we have in our society to be reflected in the world of video games, in the evolution of new technologies and beyond.