Making Europe Safer
11 April 2018
It is well known that the fourth industrial revolution opens up a multitude of new business opportunities. At the same time,… however, the danger for cyber-attacks is also increasing. It’s imperative that companies prepare themselves to put them out of danger zone.
– New technology is increasingly the driver of our digital evolution. New technology brings together resources in new configurations. It is the spark of life in the digital economy. However, new technology inevitably brings brand new security challenges for our networks;
– Not only should they think about security solutions, but they should also develop a keen awareness of the corporate culture for security – which requires significant investment. According to Gartner’s estimations, security spending in 2018 will continue to rise sharply globally, reaching around $ 93 billion.
– The need for cyber security solutions companies need to develop appropriate strategies to minimize any risk. These strategies should not only meet today’s expectations, but also incorporate new business models promoted by new technologies.
– The use of cloud technology will also become much more widespread. Over the next 10 years, 85% of applications will migrate to the cloud. As a result, corporate efficiency will rise sharply;
– While cyberattacks affect all sectors of the economy, there are still some key sectors that are likely to be particularly vulnerable to cyberattacks:
Manufacturing industry: As the manufacturing industry becomes better connected, the frequency and sophistication of cyber-attacks is rising. According to IBM’s 2016 Cyber Security Intelligence Index, the production industry is the third most vulnerable sector to hackers. In this area hackers focus mainly on spying on data as they are very lucrative.
– With the rise of the Internet of Things in manufacturing, the impact on security only gets more complex;
– The main objectives are networked machines, robots and 3D printers. Vulnerabilities enable attackers to get production plans. In addition, they can intervene in processes and sabotage productions. These vulnerabilities not only cause high financial damage, but also the lives of factory workers can be at stake.
– The cybersecurity risks to the manufacturing sector include everything from operational downtime, to physical damage, product manipulation and the theft of intellectual property and sensitive data.
– In this environment, preventative measures are no longer good enough. Manufacturers need to get ahead of the cyber security challenge and look at ways of being more pro-active.
– Developing more advanced monitoring and risk intelligent response capabilities provides some of the steps required to be more agile when it comes to security in a manufacturing environment. This aids the manufacturer in becoming more resilient to any potential attacks both from a pro-active and a reactive basis
Cybersecurity in Energy
– Digital technologies play an increasingly important role in energy infrastructure and are used to control energy production, transmit information about consumption, and monitor demand.
– Moreover, electricity grids and gas transport pipelines are interconnected across Europe. Therefore it is very important that energy infrastructure is protected from possible security breaches and cyber-attacks that could result in information theft, security issues and blackouts across several European regions.
– With the adoption of the Directive on security of Network and Information Systems (NIS) and the General Data Protection Regulation (GDPR), the European Commission with its Member States is implementing the baseline for cyber security.
– The key questions for the energy sector are: Is energy different from any other sector in respect to cyber security? What are the challenges in the energy sector to be addressed? What are recommended actions to be taken in respect of cyber security once the NIS Directive and GDPR are fully implemented?
The Energy Expert Cyber Security Platform (EECSP) set up by DG Energy has identified 39 gaps not covered by existing legislations. This has led to detailed recommended actions for the European Commission. They recommended 3 strategic priorities:
Firstly, identify operators of essential services for the energy sector at EU level and prepare risk analysis and risk treatment plan specific for the energy sector.
Secondly, define and implement a cyber-response and coordination framework
Thirdly, establish a European cyber security maturity framework to improve cyber resilience in the energy sector
Key success factors to meet the overall objectives is cooperation and shared responsibility of all stakeholders: public authorities, private sector, civic society and consumer organisations. We must also become better at sharing critical information in a secure and confidential manner
Why act now?
– Cybersecurity raising awareness – Overall, it can be seen that companies in all industries, as well as individuals, need to refine their cybersecurity awareness, recognize the risks, and take appropriate countermeasures.
– Cybersecurity education – At the same time, cyber security must also become an issue for state governments and at the international level, and laws and regulations must be adapted accordingly. In addition, governments need to invest in education and disclosure of cyber-threat. New regulations also play an important role here, enabling, for example, telecommunications providers to develop and implement suitable solutions against cyberattacks.
– Cybersecurity standards – Cybersecurity is a global issue and requires international solutions. We need to ensure that standards are at the heart of ICT products and services. It is key that requirements of certification schemes refer to global standards to avoid a fragmentation of a market that is global and for competitiveness purposes
–Cybersecurity research – We must develop new security capabilities so that we can give our customers products and services that they can trust. We need to focus on the cutting edge of security research, looking at ways to incorporate new technologies, by using EU funding, such as the Horizon 2020 programme, for stronger links between industry development and research for innovative solutions;
– Cooperation and shared responsibility of all stakeholders: public authorities, private sector, civic society and consumer organisations. We must also become better at sharing critical information in a secure and confidential manner
– Coordination of common actions – in Europe and globally, based on exchange of all information on: incidents, intrusion of systems, schemes of attacks, forms of hacking and malware.
– Key for the prevention is: cybersecurity hygiene – new attitude of citizens to pay attention to the rules ensuring security in the cyberspace.
– Make Cyber Security simple: A Cyber Security Strategy must promote the market share and the application of easy-to-use products and services. Viewing the European Digital Single Market and its necessary contouring, it would be desirable if this position would find its way into the strategy.