Cyber security is key to creating a single digital market in Europe, said Jakub Boratynski, head of unit trust and security at the European Commission (EC).
“To most people the single digital market is about economics, but it cannot flourish without cyber security,” Boratynski told the Trust in the Digital World conference in Madrid.
Boratynski said the EC defines information security as the protection of networks and information systems against human mistakes, natural disasters, technical failures or malicious attacks.
“Failures in the digital world can have profound impacts on the physical world as we saw in 2013, when a systems failure caused the UK’s air traffic control service to restrict flights for a few hours,” he said.
The challenge, he said, lies in the fact that organisations often deal with a lot of unknowns – such as whether problems are being caused by technical failures or malicious attacks and, if it is an attack, who is behind it.
Read more about the EU single digital market
- The EU should address mobility and data security as well as innovation through fair competition to expand digital growth, says a report from the UK government.
- The UK is the EU’s leading digital economy and home to its biggest creative sector – and so has most to gain and most to lose in a digital single market.
- Stefano Pileri, CEO of Italian telecoms firm Italtel, has called for greater collaboration and investment in network development across the EU, including the creation of a single digital market.
EU leaders must be aware of cyber threats
“We can never be sure when the next failure or attack will happen, but we can be sure that it will happen at some time or other,” said Boratynski.
For this reason, he said, it is important for Europe’s leaders to be aware of the trends in cyber security, such as the fact that the attackers are capable of innovating faster than defenders; that defenders need to collaborate and share more information as attackers are doing; and that security needs to be more user-centric and take the limitations of users into account.
“The most important message is that cyber security will never be ‘solved’, but that it can be ‘managed’ – which is the cornerstone of the proposed network and information security (NIS) directive,” he said.
Boratynski said the three main aims of the NIS directive are to ensure member states build a minimum cyber security capacity at a national level; that member states put in place the necessary infrastructure to enable collaboration between all member states at policy and operational level; and to ensure there are risk management capabilities and incident reporting obligations for all serious incidents.
EC needs to make NIS directive a reality
Boratynski said the negotiations around the proposed NIS directive are close to resolution, and that the EC expects an agreement by summer 2015.
“There are still some hurdles to overcome which are mainly related to how the directive will be scoped, but we are confident it will cover critical infrastructure and regional co-operation,” said Boratynski.
Priorities for the EC, he said, are to mature member states’ cyber security capabilities and make the NIS directive work in reality, making the European Union (EU) a leader in cyber security by developing an industrial strategy, and mainstreaming cyber security in all European policy making.
Key questions under debate are whether these aims are feasible and whether “trustworthy ICT” can become a EU trademark, he said.
Boratynski said the EC is confident, however, that the NIS directive will bring market opportunities for cyber security products and solutions, and greater co-operation between the public and private sectors because of increased capabilities and obligations at a national level.