Girding for battle in the cyber arena
The digital age has opened up new possibilities to connect, allowing people to participate actively in social, cultural and political spheres. As a result, our economies have become more vulnerable to cyber threats. Afzal Khan MEP assesses the intensity of cyber crime within Europe and offers solutions to make sure the Internet remains free, open and secure
A few years ago it would have been unthinkable to have cars that drive themselves, drones delivering products, 3D printing machines making body implants, or to store information in The Cloud. The digital revolution has opened up new possibilities to connect people, allowing them to participate actively in the social, cultural and political spheres, and has created ways to boost the economy like never before. Close to half of the world’s population is currently using the Internet and this is increasing by the day. More and more of our everyday life is moving online. However, as our economies become more interconnected and digitalised, they have also become more vulnerable to cyber threats.
Every second, a cyber attack occurs somewhere around the world, someone’s computer is being hacked, someone’s personal records, financial information, or intellectual property is being stolen. The number and impact of cyber incidents continue to grow, making headlines daily in the media, such as the recently announced loss of 500 million users’ data from Yahoo accounts.
The exact cost of cybercrime is unknown. It is because many cyber incidents aren’t reported and many suffer cyberattacks without knowing that they are being victims of it. However, it’s estimated that the annual cost for the global economy varies from 330 to 506 billion euro. The stakes could be even higher. Let’s say our electricity supply or air traffic control were successfully attacked online, the impact would then be in terms of lives lost. We are in the midst of a revolution of the cyber threat and an inadequate response could result in consumers losing confidence, businesses losing money and even national security being put at stake.
For years EU countries considered cybersecurity as a national responsibility and they were reluctant to adopt a common approach. However, member states are now recognising that working towards cybersecurity should be a priority. After all cybercriminals do not know borders, so one country’s weakness can put the whole of Europe in danger. Stepping up cooperation among EU countries is therefore the only way to prevent cybercrime.
Cybersecurity is high on the European agenda, aiming to reduce fragmentation, increasing coordination and fighting cross-border cybercrime. The past year was particularly active given the agreements on the Network and Information Security (NIS) Directive, the General Data Protection Regulation (GDPR) and the announcement of the Digital Single Market (DSM) initiative by the European Commission.
Challenges are the differences between the priorities and capabilities of individual member states and the lack of systematic cooperation and sharing of information between governments and the private sector that operates essential services such as transport, energy, health and banking.
A well-established framework exists only in 5 EU member states. As the first comprehensive European piece of legislation on cybersecurity, the NIS directive will play a key role in closing the gap. If Member States can harmonise their approach and cybersecurity capabilities, it will be a significant step towards achieving a true Digital Single Market in the EU.
We must also not forget about prevention. Our ability to defend ourselves in cyberspace depends upon a strong knowledge base. Nearly half of phishing attacks, carried out using fake emails, were against SMEs. Small businesses are fast becoming cyber criminals’ favoured target because they tend to have lower defence systems.
Consequences for SMEs that ignore security risks can be disastrous, resulting even in a company closure. It is crucial we raise awareness and provide advice to ensure that people are better informed about potential risks and how to avoid them. These campaigns should be coordinated with other national and international organisations.
Moreover, the EU has an important role to play in the field of cybersecurity by balancing security concerns with the respect for the rule of law and the protection of fundamental rights. Currently the balance has been shifted in favour of security. The way to shift it back is to ensure that we have the checks and balances and accountability structures. The EU data protection package was a major achievement ensuring some of the highest standards in the world. Safeguarding these rights remains a major concern for the EU citizens, and we should continue to defend this.
It is clear that cyber threat is one of the most serious security challenges we face. It is also clear that we have to be flexible and constantly evolve our response, as criminals develop new and more sophisticated malicious practices. A growing reliance on computer networks makes it increasingly difficult to treat cybersecurity as a distinct policy area. It needs to be mainstreamed into all our policies, especially when we think about new technologies and emerging sectors.
Together we can make sure the Internet remains free, open and secure and that inter-connectedness remains a strategic advantage, not a vulnerability.