by Afonso Ferreira (DG CONNECT, European Commission, on leave from the French CNRS) and Paul Timmers (DG CONNECT, European Commission)
In February 2016 one of the largest heists in history was attempted against a Bangladesh bank. Gangsters tried to rob almost 1 US$ Billion and disappear in the Philippines. At the time of this writing 81 US$ Million are still unaccounted for and seemingly unrecoverable. This was a crime committed exclusively in cyberspace until electronic orders were transformed in cash. The current state of investigations points to the fact that the computer hackers only had to tamper with two bytes – twice – in the bank software in order to get away with the money.
Cybersecurity is an ever-growing challenge for companies, states and individuals, as digital technologies become more widely used in economic, social and governance matters. With the convergence of the cyber and the physical spaces, risks and threats in the cyberspace may increasingly affect physical space and individuals’ livelihoods. Cyber incidents and attacks can disrupt the supply of essential services for our societies, since digital technologies are complex and underpin other systems and services, like finance, health, energy, transport.
On the positive side, with the fast continuing evolution of information and communication technologies (ICT) and their integration into almost every facet of modern society, enormous opportunities for innovation are created. Digital technologies and the Internet are the backbone of our society and economy; they are key enablers of prosperity and freedom. A high level of network and information security (NIS) across the EU is essential to ensure consumer confidence and to keep the online economy running. This will, in turn, preserve the well-functioning of the internal market and will boost growth and jobs. Cybersecurity is therefore an integral part of a much broader transformation across society, driven by the digital revolution.
Consequently, the European Union works on a number of fronts to ensure cybersecurity in Europe, supported by ENISA – the European Network and Information Security Agency.
EU Strategies and Legislation
The Cybersecurity Strategy for the European Union provided in 2013 the overall strategic framework for the EU initiatives on cybersecurity. Its goal is to ensure strong and effective protection and promotion of citizens' rights so as to make the EU's online environment the safest in the world.
Also in 2013 the European Commission put forward a proposal for the NIS Directive, with measures to ensure a high common level of network and information security across the Union. It should be adopted in summer 2016 and provides legal measures to boost the overall level of cybersecurity in the EU. Once adopted and implemented, the NIS Directive will benefit citizens, government, and businesses, who will be able to rely on more secure digital networks and infrastructure to access or provide essential services online.
The establishment of the NIS Public-Private Platform was announced in the Cybersecurity Strategy, to foster the resilience of the networks and information systems which underpin the services provided by market operators and public administrations in Europe. Its Working Group on secure ICT research and innovation was tasked with the preparation of the European Strategic Research Agenda in Cybersecurity (SRA), which was delivered by end 2015.
Finally, one of the 16 initiatives set in the Digital Single Market Strategy is the launch of an ambitious contractual public-private partnership (cPPP) on cybersecurity. It aims to strengthen the EU cybersecurity industry and make sure European citizens and businesses have access to more innovative, secure and user-friendly solutions that take into account European rules and values.
The Cybersecurity cPPP will deliver innovation against a roadmap for research and innovation (based on the SRA developed by the NIS Platform). It will implement:
- Bottom-up cooperation on research and innovation between Member States and industrial actors in the upstream part of the innovation life cycle.
- Better alignment of demand and supply sectors for cybersecurity.
- Synergies to develop common, sector-neutral technological building blocks.
- Engagement of big costumers of cybersecurity solutions to define common requirements for their sector.
- Parts of the DSM Priority Standardisation Plan, as announced in the Digitising European Industry strategy launched in April 2016.
- Mechanisms to ease access to finance as well as developing human capacities.
The cPPP will maximize the use of Horizon 2020 funds through better focus on a few technical priorities, leveraging funding from Leadership in Enabling and Industrial Technologies and Societal Challenge Secure Societies to deliver societal benefits for users and provide visibility to European Research and Innovation excellence in cybersecurity.
The views expressed in the article are the sole responsibility of the authors and in no way represent the view of the European Commission and its services.