Which strategy for a Europe with sovereign and powerful cyber security?
A joint keynote by Atos and IDnomic was held at Les Assises de la Sécurité et des Systèmes d’Information in Monaco in October. The discussion concerned European sovereignty and cyber security.
Europe must confirm and consolidate its computer security policy. Member States must defend their sovereignty. Coralie Héritier, General Manager at IDnomic, and Alexis Courette, Products Manager at Atos, presented the breeding ground for the emergence of a cyber-sovereign Europe.
Europe is en route to a sovereign cyber security policy
The European Union is ready to launch its computer security policy in a number of areas. Various steps have already been taken.
European sovereignty in computing is one of the objectives of Member States. For this, it is important to raise the level of cyber security in an identical manner in all European countries.
The GDPR (General Data Protection Regulation) and the NIS directive (Network and Information Security) to protect OIV (organisations of vital importance) are good examples. This year, the Cyberact aimed to harmonise cyber security certifications. The same was true for the harmonisation of the electronic national identity cards in Europe.
The European "digital program” ready to launch
This programme was initiated by the EU a number of years ago. For the next five years, investments have been increased to €9.6 billion in order to guarantee Europe’s industrial shift, and develop the digital industry to assume the autonomy and sovereignty of Member States.
If Europe is strong on the digital level, users and businesses will have confidence in it and will begin a process of digitalisation. We can consider that Europe’s project is to achieve a digital strategy with an economic aim. All these constraints will precede and accompany an industrial policy. There is, for example, the military programming law, which has helped to increase the level of security provided by operators.
What about France?
In France, certification schemes lead to industry creating new trustworthy products and services. These products and services are offered to organisations of vital importance. The same should be done on a European scale to create a strong project capable of supporting Europe’s strategic autonomy. However, one aspect remains complicated: different countries pursuing divergent interests have to be aligned.
Computer attacks are on the increase worldwide
The economic war is clearly here. The computer and cyber security sector demonstrates this:
• The number of computer attacks targeting companies to plunder data for economic intelligence is on the rise. Sensitive or personal data are retrieved to feed the data market.
• The number of attacks against public agencies is growing, impacting regional authorities, municipalities, etc. In the United States, 22 cities have been attacked this year, including Baltimore, where 10 000 computers where shut down at a cost of $18 million. When this type of attack occurs in a small municipality, residents are also affected.
• Some nations, like China and Russia, are attacking others. Sometimes, Mafia organisations become involved, on occasion even serving nations. The geopolitical face of this economic war is conducted by exploiting extraterritorial laws, such as the Cloud Act. The USA accesses data stored by an entity on American soil. The Government exploits its digital hegemony to obtain levers on the European economy. European companies are exposed to the risk of fines.
Europe needs two solutions:
• Regain control of its data and give its operators sovereignty and autonomy.
• Develop solutions to ensure confidence in the cloud and develop a European solution.
• However, it is complicated for Europe to build an industry among Member States. Europe’s digital sovereignty runs up against national concerns. A balance is still difficult to find.
Work to be done for a sovereign cyber security in Europe
The first objective is to federate, initially at the national scale, industries and users in clusters or groupings. Then, among Member States, these businesses must be gathered in clusters. The goal is coherence and lobbying capacity in a sector where the Americans have significant influence. Standards are imposed by North America, so offers are essentially American. Given this, the European Cyber security Act has to be evolved upwards.
We must also enrich the destination of the budget dedicated to cyber security. The 2020 financial envelope launched by Europe includes the research and development component of European cyber security, and its products.
However, "go to market" is forgotten in this financing. Some companies are not necessarily European but work on European soil. Therefore, the EU must be ready to push technological start-ups to develop them under the European flag and make them competitive and consolidated.
Companies want SaaS solutions. They want the same end-to-end solution. So, Europe must increase solutions by investing in this sector and proposing a set of consistent products.
Speakers: Coralie Héritier, IDnomic and Alexis Caurette, Atos Cybersecurity Products