Jochen Michels, Head of Public Affairs Europe
The European Commission and the High Representative of the Union for Foreign Affairs presented in December 2020 the EU’s ‘Cybersecurity Strategy for the Digital Decade’, aimed at reinforcing collective resilience against cyberthreats for both citizens and businesses in Europe. With the EU Cyberpolicy Forum ‘The new EU Cybersecurity Strategy and its impact on Member States and industry’, we gathered high-level experts to understand how this could be achieved.
The discussion was joined by over 230 attendees from about 30 different countries and powered by top-class speakers from EU institutions as well as from national cybersecurity agencies: Bart Groothuis, Member of the European Parliament and rapporteur on the NIS2 Directive; Lorena Boix Alonso, Director for Digital Society, Trust & Cybersecurity at the European Commission’s DG CONNECT; Guillaume Poupard, Director General of the French National Cybersecurity Agency (ANSSI); Susana Asensio, Member of the Board of Directors at the Industrial Cybersecurity Center in Spain; and Kaspersky CEO Eugene Kaspersky.
To kickstart the discussion, the Forum’s attendees were asked the following question: What are the three most important priorities when it comes to increasing resilience and cybersecurity in Europe? 24% answered ‘critical infrastructure protection’, 16% chose ‘security by design and by default’, 13% opted for ‘industrial cybersecurity’, and 12% picked ‘awareness and skill building’. For the remaining options, participants selected ‘standardization and certification’ (7%), ‘research and innovation’ (7%), ‘better cross-border cooperation’ (6%), ‘increased cooperation between public and private sector’ (6%), ‘responsible vulnerability disclosure’ (3%), ‘capacity building’ (3%), ‘joint EU cyber diplomacy activities’ (3%), and ‘cooperation with global partners’ (1%).
Eugene Kaspersky started by explaining that in 2020, the COVID-19 pandemic had seen an increase in cyberattacks, with supply chain attacks in particular becoming more and more professional. Faced with this reality, the new Network and Information Security (NIS2) Directive is a ‘good motivator for companies to pay more attention to the security and safety of their products’. A solution to improve the EU’s resilience could then be to promote cyber immunity to eventually ‘develop cyber defence and build immune systems that are secure by design’.
Lorena Boix Alonso, Director for Digital Society, Trust & Cybersecurity at the European Commission’s DG CONNECT, explained that the Commission is tackling the security of the supply chain, in particular by ‘introducing requirements for every company as part of their risk management to look at vendors and manufacturers they are dealing with’. According to her, the Commission’s proposal for a Joint Cyber Unit would ensure that common operational activities are fit for purpose in cases of crisis, and that the creation of the European Cybersecurity Competence Centre would help ‘cover the entire chain from research and development to deployment.’
Praising the NIS2 Directive as an ‘incredible job done by the Commission’, and touching on the current cyberthreats Europe is faced with, Guillaume Poupard, Director General of the French National Cybersecurity Agency (ANSSI), observed that ‘sovereignty means that Europe must be able to play by its own rules and values – not protectionism’ and stressed the need to educate and train cybersecurity professionals and citizens on digital security issues.
MEP Bart Groothuis welcomed the new EU Cybersecurity Strategy as well as the DNS4EU capability, and called on the NIS2 Directive to ‘go steps further than the NIS1 and establish advanced forms of cooperation’. He also put forward the idea of an online service for anyone to check email and website configuration, or to install a basic logging capability. According to him, the EU’s cybersecurity posture should be focused more on active cyber defence, in particular because ‘the threat landscape is rapidly evolving and the EU should get before the power curve, not behind it’.
Finally, the importance of collaboration in the cybersecurity field was also underlined by Susana Asensio, Member of the Board of Directors at the Industrial Cybersecurity Center in Spain, as she declared that ‘cooperation of all actors is critical for allowing the community to react as soon as possible’. Even though she considers it is of the utmost importance for the future success of European industry, she noted that ‘many industrial projects still don’t include enough cybersecurity requirements from the design phase.’
We look forward to hosting you at our next #EUCyberPolicyForum. If you are interested in participating in further EU policy-related webcasts organized by Kaspersky, please send us an email at [email protected].