EU Digital Commissioner Neelie Kroes, the Network and Information Security Directive, and a meeting of top experts held this week looking at keeping online systems secure.
I have long been convinced about the many benefits of new digital services – and remain so. These are tools we all can enjoy and benefit from – more convenient, more efficient and offering a huge boost to our economy and society.
But recent allegations remind us how important privacy is. People will only use those services as much as they trust them. Trust that they or their data won’t be compromised, hacked into or spied on. Particularly if they’re sharing personal or sensitive information online.
To ensure that trust, we need networks and systems that are secure and resilient; and that calls for proper cybersecurity practice everywhere.
The fact is, too often, big ICT users like businesses or governments underestimate the risks they face. They need to not just become more aware of those risks – but to manage them. This is become truly urgent. Every week, we seem to hear about new incidents: loss of passwords, attacks on banks, hacking of websites or systems.
Technology is rapidly evolving; so are threats. A lot of businesses seem to think just using basic ICT security tools is enough – but in general it isn’t. Proper risk management practice means things like dynamically assessing and mitigating risks. It also helps to exchange information on threats and vulnerabilities – and perhaps, if there is actually an incident, to respond together. Those processes and practices need to be well-thought-through and fully embedded, not an afterthought or box-ticking exercise.
But how do we identify and embed such good practices, across the ICT value chain? We call in the experts. Our Cybersecurity Strategy, published in February, calls for a platform bringing together public and private stakeholders to do exactly that – and to ensure the kind of market where secure ICT solutions can be developed and taken up. And that platform had its first meeting just yesterday.
Featuring top experts from a range of organisations—from national governments to ICT companies; banks to service providers—the Platform is looking at exactly these areas: like how to provide incentives to manage and measure risks; how to exchange information about risks and incidents; and input to the Research and Innovation agenda.
They have my full support. Their findings will help ICT users prepare and work together better; and they will feed into Commission Recommendations on cybersecurity due in 2014, in areas from risk management to incident reporting. Ultimately, they will build a digital Europe that is more cyber-resilient, and less prone to hacking and security breaches.
And of course, this is in parallel with legislative work we are doing on the proposed Directive on Network and Information Security: ensuring that critical infrastructure and Internet enablers stay cybersecure. So I will be working closely with the European Parliament and Council to ensure this proposal is agreed as a matter of urgency; these days, protecting our networks and systems should be every politician’s top priority.
This matters. As more and more people – and more and more core economic sectors – get connected and start relying on digital systems, ensuring security is no longer just an issue for telecoms providers: it’s also something that matters to governments, banks, transport companies, energy grids, health providers and more.
So I hope that this platform gets to work straight away – I’m confident that soon it can raise the bar and raise awareness about the cybersecurity risks businesses and governments face – and help stimulate the solutions, too.