Three months ago, the European Commission launched its Cyber Security Strategy and proposed a directive on network and information security (NIS). However, there are still some questions that must be answered and challenges to be faced if Europe wants to offer a safe Internet to its citizens.
“The strategy has two overarching purposes. It provides a basis for greater cooperation between the different actors and, most importantly, shows the direction for future work,” said Cecilia Malmström, EU Commissioner for Home Affairs, at the Cybersecurity Conference which took place in Brussels on 16 May.
Nevertheless, if something remained clear after the first speakers took the floor during the event, is that a strategy and a directive are not enough to fight against cyber threats. Online criminals are improving their capacity to hack big companies, banks, media and personal accounts; and the number of questions about how the European Union has to tackle these threats and who has to be involved in the issue are also increasing.
“Global problems need global solutions. But this means nothing if technologies are unsafe,” stated John Suffolk, Huawei's Global Cyber Security Officer. He added that policy-makers, businesses and organisations talk about challenges in cybersecurity, but that they don't take realistic steps to face them.
Cooperation between parties involved is basic to win the battle, explained Udo Helmbrecht, Executive Director of ENISA. But, “how to work together” is still an unsolved matter, because national and international ways of working are different, he explained.
“We have the wrong approach and the wrong business model”, Helmbrecht stated and explained that authorities are not thinking about the end-user, who still “doesn't understand the risks of the Internet.”
In addition, not all businesses are willing to collaborate and set up security measures, due to the expense this entails. Consequently, European and international authorities have to find the incentives for companies which consider that fight against cybercrime is expensive and useless, Zoran Stančič, Deputy Director General of DG Connect.
At international-level, the two main problems are that countries are not working at the same speed, and no common standards are being established, John Lyons, CEO of International Cyber Security Protection Alliance, said.
Besides, governments need to practice ways to overcome cybercrisis, something that must be done now in collaboration with the industry, which is also involved in the protection of citizens from online dangers, Jamie Shea, Deputy Assistant Secretary General for Emerging Security Challenges at NATO, explained.
Despite agreements and dialogues are taking place between the EU and the US, China or India, “capacity building outside the EU is still a challenge, because we don't have a model,” Heli Tiirmaa-Klaar, Cyber Security Policy Advisor at EEAS, concluded.