A way out of the Brexit morass?
09 May 2019 – 14:15 | No Comment

Brexit-bound Britain will participate in this month’s European Parliament (EP) election, unless UK prime minister, Theresa May, and opposition leader, Jeremy Corbyn, manage to push the thrice-rejected EU withdrawal agreement through the House of Commons …

Read the full story »

Energy & Environment

Circular Economy

Climate Change


Home » Cyber Security

What should Europe do differently in tackling cyber risk?

Submitted by on 30 Nov 2016 – 12:14

By Arvind Venkataramana, Research Director, International Centre for Parliamentary Studies

The 2016 Cyber Security Roundtable organised by the International Centre for Parliamentary Studies took place in Brussels on the 12th of October. Attendees included Members of the European Parliament, the European Commission representatives, Chief Information Officers from the public and private sectors, law enforcement agencies and other key stakeholders to discuss the ongoing challenges and threats in cyber security in the EU. Over the course of the event, policy makers and cyber security experts offered key recommendations on how the EU and its member states can learn from existing cyber breaches and prepare for the future. Here are some of the key themes that came out of the discussions at the roundtable.

The European Parliament Viewpoint

Mr. Afzal Khan, Member of the European Parliament, provided the MEP viewpoint. He admitted his primary objective was to listen to everyone else’s points of view and take recommendations back to the European Parliament. He spoke about the immense opportunities that were available as a result of digitalising key functions such as banking, transportation, energy, government departments etc and the subsequent threats, which should be addressed immediately.  Cyber attacks are becoming increasingly common from individual to governmental levels. The EU should be more proactive in dealing with them, as criminals are currently one step ahead of the system.

What is the source?

The biggest challenge in dealing with cyber threats is identifying the source. There have been multiple instances of attacks coming from countries such as Russia, China, North Korea and other parts of the world which indicate government backing. On the other hand, member states have had to deal with individuals sitting within the confines of their homes and initiating attacks on government infrastructure. The EU should, therefore, put in place better systems to identify and track down the source, which can then lead to improved enforcement action.

Balance between privacy and security

One of the biggest challenges in dealing with emerging cyber threats is gathering information and data. While data is freely available, converting it into meaningful information can be a complex operation and may involve breaching privacy laws. The EU should revisit existing legislation to ensure it continues to protect privacy but strengthens security as well – there should not be a trade off between the two.

Need for further collaboration

Member states should collaborate amongst themselves but should also build partnerships with governments in other regions. Collaboration is the most significant step towards identifying and eliminating cyber threats. The European Commission should initiate and fund such programmes.

Recommendations and conclusion

The following recommendations were put forward by the attendees of this roundtable to the policy makers of Europe:

– The EU should qualify and define the Rules of Engagement so all stakeholders are aware of the action that needs to be taken to address a threat;

– Current EU policy is far too reactive so new systems, procedures and technologies need to be adopted in order to address imminent threats;

– The EC should initiate innovative collaborative projects (eg. Cyber Coalition), for member states to share best practices, upcoming technologies and prepare for threats. Cyber security is a truly global phenomenon and solutions will not be effective if it is purely country-specific;

– Existing business plans to procure cutting-edge technologies are not strong enough and this needs to be revisited. Procurement should have a long term focus;

– EU policy makers seem to have a ‘fortress’ mentality in strengthening infrastructure but tend to dismiss micro-level threats that can escalate;

– Within Europe, there is a shortage of skills in dealing with cyber threats and more jobs should be created to attract the best talent;

– The private sector should be held accountable for lapses and there has to be a common code of conduct to ensure data breaches are not encouraged;

– Education and creating awareness around cyber security can go a long way in reducing cyber attacks;

– The role of biometrics in reducing cyber crime has been well documented and the EU needs to implement the consistent use of these technologies among member states;

– Policy has to evolve with changing threats. As it stands, policies do not cover emerging cyber threats and this can have far reaching consequences;

– The EU should build and fund centralised Centres of Excellence, which can be tasked with identifying threats, developing fast responses and eliminating cyber attacks;

– Recent data has shown certain marginalised groups of individuals have been the source of cyber attacks so more ‘counter education’ initiatives have to be invested into;

– IT education should start very early in schools and should be included in compulsory curriculum;

– Public Private Partnerships have to be established where the sharing of data and information is done with ease.

For more details on this year’s roundtable, please email information@parlicentre.org. For next year’s programme, please visit www.cybersecurity.parlicentre.org.

Delegates at Cyber Security Europe 2016

Croatia’s Deputy Milrep for EU, Armed Forces Of The Republic Of Croatia, Director, Center For Cyber And Information, Security Officer Commanding, Defence Forces Headquarters Communications and Information Services Company, Defence Forces Ireland, ATM Security Specialist, Eurocontrol, Lieutenant-Colonel, Eurocorps, Head of Unit – Digital Policy Development and Coordination, European Commission – Directorate General, Digital Economy & Society, Head of Unit – Cybersecurity and Digital Privacy, European Commission – Directorate General, Digital Economy & Society, MEP (Romania), European Parliament, MEP (UK), European Parliament, MEP (Poland), European Parliament, Special Assistant to the Chairman, European Union Military Committee, CEO, IDECO, Director of Policy and Public Affairs, Internet Watch Foundation, Research Expert – Cryptography, Katholieke Universiteit Leuven, Director, Media Council, Adviser, Ministry Of Defence, Counsellor- Cybersecurity Policy, Ministry Of Defence, Deputy Milrep, Ministry Of Defence, Deputy Director General, Ministry of Justice, Head of NSM NorCERT, National Security Authority (Nsm), SVK MilRep, NATO, Deputy Assistant Secretary General – Emerging Security Challenges, NATO, Key Account Manager: Security, Innovation & Capability Development, QinetiQ, Principal Consultant: Advanced Cyber Threat Projects, QinetiQ, Managing Director, The Delian Project, IT Security Manager, The Foreign Intelligence Service, Manager, European Regional Affairs, The Internet Society, Research Associate, University College London