How to put cybersecurity at the centre of society
The authors recommend policies to help foster the right culture and equip people with the right knowledge and digital skills to continue building a strong, secure and innovative digital society in Europe.
Thierry Breton, Commissioner for Internal Market, said: “Cybersecurity is not an isolated challenge; rather we should view it as a critical component of how we live our lives and do business online. Since it is also constantly changing to respond to new and evolving threats, it requires a holistic approach – increasing our cyber-resilience and working together on all levels, from citizens and companies to Member States. Europe has the expertise to lead in the field and this report again shows it.”
Mariya Gabriel, Commissioner for Innovation, Research, Culture, Education and Youth, and responsible for the Joint Research Centre (JRC), said, “Securing our digital society is now more important than ever. These past months have shown how central the digital space is in our lives, with work, education and connecting with family and friends all happening online. This can also make us vulnerable to cyber threats. The report ‘Cybersecurity: our digital anchor’ presents a new, systemic approach to protect us from these threats – one in which education and digital skills are central and we should all be involved”.
Digital technologies allow us to do things that were unthinkable just 10 years ago and they give us access to an enormous amount of knowledge.
But the more our world goes digital, the more we are vulnerable to cyber attacks. That is why zero trust is so critical to the safety and security of our networks.
The coronavirus pandemic has accelerated this digitalisation, with a sudden and large-scale move to teleworking, the use of digital services in hospitals, laboratories and government services, and the explosion in online schooling.
‘Cybersecurity: our digital anchor’ connects the dots to analyse cybersecurity as a societal challenge for Europe – a challenge in which everybody should be actively and continuously engaged.
It brings together knowledge from across technological, economic and social disciplines and argues for a coherent, cross-sectoral and cross-societal cybersecurity strategy which can be implemented across all layers of European society.
Cybersecurity is no longer a technological ‘option’, but a societal need
In a speech to the European Parliament, the European Commission President Ursula von der Leyen stated that “cyber security and digitalisation are two sides of the same coin. This is why cyber security is a top priority.”
Traditionally, cybersecurity is addressed by focusing on the peculiarities of a single problem in a single sector. But the digitalisation of our society requires a completely different, systemic approach.
That’s because digitalisation indirectly exposes everyone’s daily life to cyber threats.
It is found in trivial tasks like social networking but also in more complex activities like financial transactions and healthcare services.
In recent years there have been several large cyber-attacks, where hundreds of millions of citizens were hit simultaneously and sensitive information compromised.
The cost of cyber attacks is also increasing. By 2021 the organised crime revenues from cyber attacks are expected to surpass those coming from illicit drugs trafficking.
Beyond the individual, digitalisation is also found in critical infrastructures like energy grids, banks and government services.
And it is a key aspect of the EU recovery plan to repair and prepare for the next generation following the coronavirus pandemic. Cybersecurity is therefore indispensable in protecting us against State attacks and threats.
Cybersecurity is a pillar of European sovereignty for the future
A European Union with a strong cybersecurity culture and technology will be in the position of guaranteeing digital sovereignty, supporting a strong online economy and keeping people safe.
Apart from its numerous benefits, the digital world is a battleground for a plethora of different groups and actors, and cybersecurity is both costly and essential.
Attackers are moving faster, do not abide by the rules, and are not subject to any restrictions.
The potential for a ‘Cyber Pearl Harbor’ against the critical infrastructures of any country is just around the corner. This means that strategic cybersecurity plans must be devised and cutting-edge technologies must be developed and put in place.
A paradigm shift is needed on cybersecurity
The old approach to cybersecurity, where actions are taken only when a vulnerability is discovered, is obsolete and unacceptable.
A new, systemic approach means shifting from reacting when something bad happens, to deploying cybersecurity from the start of any new digital service.
It also means moving away from ‘isolating to protect’ to ‘opening-up and building resilience’. We’re moving toward an open-data and fully interconnected society where isolating will no longer be possible.
New approaches should be designed based on resilience and adaptability to stresses and attacks.
Everybody should be equipped to actively engage in cybersecurity
There is no ‘one size fits all’ solution and it will take a collective effort. Cybersecurity is a framework, where everything, from system design and usability, to the education and training of citizens, must work in tandem to secure the digital world.
The majority of large scale cyber incidents are triggered by human error. At the same time, ‘blame the user’ is not a solution. Cybersecurity requires a deep societal engagement and understanding.
Cybersecurity is tightly linked to the evolution of technologies, and must embrace the full set of methods and means to build secure technologies and services. This includes both industrial and societal processes.
Cybersecurity by design requires coherent and coordinated cyber secure policies by design
The implementation of cybersecurity measures is often seen as a cost by industries, and for this reason often neglected.
Including cybersecurity elements in all sectorial policies (as well as privacy and data protection elements), would speed-up the implementation of cybersecurity measures.
Emerging new technologies like AI, blockchain and quantum computing are opening up the digital world to new opportunities, but also to new cyber threats.
Policy makers must raise the attention of the cybersecurity aspects of these technologies from the beginning.
The digitalisation of our society means industrial sectors are tightly interconnected. Weaknesses in one sector can also hamper other sectors. Cybersecurity policies therefore need to be coherent and interoperable across sectors.
New Cybersecurity Strategy
On 27 May 2020, the Commission adopted a new Communication Europe’s moment: Repair and Prepare for the Next Generation.
As part of the package, the new Cybersecurity Strategy will look at how to boost EU-level cooperation, knowledge and capacity.
It will also help Europe strengthen its industrial capabilities and partnerships, and encourage the emergence of SMEs in the field.
This will accompany the review of the Directive on security of network and information systems and a proposal for additional measures on Critical Infrastructure Protection.
Together with the ongoing work on cybersecurity as part of the EU Security Union, this will increase capabilities within Member States and boost the EU’s overall cybersecurity.