Strengthening Cybersecurity Capacity: A European Obligation

By Horst SEEHOFER, Federal Ministry of the Interior, Building and Community, Germany

Our modern, high-tech society depends on a whole series of delicate systems: sensitive information and communications systems, high-quality infrastructure, and secure energy provision.

These factors are the backbone of technological progress and economic development.

In this context, the spread of digital technology increasingly influences policy and business decisions, as well as the day-to-day lives of our citizens.

The digital revolution is characterized by the breakneck speed at which we are confronted with innovation.

As a society, we have less and less time to adjust to and apply technological advances.

The time-to-market cycle of new apps and products is constantly shrinking, while new ventures based on innovative digital technologies crowd established enterprises out of the market.

As IT systems become more complex, all areas of the information society are increasingly interconnected.

This brings with it an increased risk of disruption and attacks, from within our country and from abroad.

Threats in cyberspace are hugely dynamic, with cyberattacks growing more intelligent and professional by the day.

Methods of attack are evolving as rapidly as IT systems are advancing, while globalization and the interconnection of technology mean that bugs, regulatory loopholes or negligence can often have huge knock-on effects.

The greater a role digital technology plays in the actions of government, in business, and in everyday life, the more pressing the need to involve all stakeholders at national, European and international level in a joint approach to tackling the resultant cybersecurity challenges.

In the first instance, cybersecurity is a domestic task. At present, Germany is well equipped by international standards, as the report by the Federal Office for Information Security shows. However: cybersecurity must evolve constantly.

The increasing reach of digital technology brings threats of an ever- changing nature and intensity.

And in an increasingly interconnected world, cybersecurity must extend beyond the national level.

We must work systematically in Europe to achieve this, for example by developing joint minimum standards for the European market.

Implementing the NIS Directive, passed in 2016, is therefore the top priority within the European Union.

The Directive sets out measures aimed at achieving a high common level of security of network and information systems in the European Union.

To build on this, in September 2017 the European Commission put forward the Cybersecurity Package, a proposal for the new Cybersecurity Act.

Preliminary political agreement was reached on the Act in late 2018. The Act will give the European Network and Information Security Agency (ENISA) a permanent mandate and allocate additional resources and capabilities to it.

An EU-wide framework for basic voluntary cybersecurity certification for IT products, systems and processes will also be implemented in all sectors with the aim of creating the right incentives for secure products and system solutions.

The Act is a solid basis on which we will be able to seek joint European answers to key questions on the topic of cybersecurity, both now and in the future.

In addition, in September 2018 the European Commission submitted a proposal for a regulation establishing a European Cybersecurity Industrial, Technology and Research Competence Centre.

The aim of the Regulation, to stimulate the development and deployment of cybersecurity technologies, is a good one.

Joint efforts at EU level are essential. It is in all of our interests for research and development on information technology and communication systems to take place within Europe.

This will enable us to minimize our reliance on third countries.

We must be aware that we can only reap the full benefits of new digital technologies and the worldwide networks enabled by them if we integrate cybersecurity from the start.

Security by design has to be a firm component of our strategies so that we can strengthen trust in new technologies.

Because one thing is clear: If we want the digital revolution to be successful, cybersecurity is crucial.