Let's get it right!

By Thomas Boué1.07.2015Economics, Global Policy

When it comes to cyber protections, Europe is a patchwork: Passing only national laws and lacking in cooperatin with the corporate sector, the EU members undermine their cybersecurity. It’s time to get it right.

Bolstering cybersecurity is a challenge facing boardrooms and government officials around the world. While technology is enabling us to be smarter about how we communicate, create, and solve problems, it has also introduced new risks which must be managed.

While the German Parliament will vote on a new IT security law tomorrow, debates continue in Brussels to achieve consensus on a Network and Information Security (NIS) Directive aimed at harmonising cybersecurity laws across Europe. That is no small feat when negotiating among 28 countries. A recent report released by BSA charts just how big a task they have before them.

Desrepancies between laws and capabilities

The “„BSA EU Cybersecurity Dashboard“(„BSA EU Cybersecurity Dashboard)”:http://cybersecurity.bsa.org/“ is a first-ever analysis of national cybersecurity laws and policies in the EU. It finds that an unhelpful patchwork exists in Europe when it comes to cyber protections. While some countries have strong cybersecurity legal frameworks – the UK, Germany and Estonia, for example – others still have much work to do. The report makes clear that considerable discrepancies exist between Member States’ laws and operational capabilities, resulting in gaps and fragmentation that could put the entire Single Market at risk.

Encouragingly, the report finds that most EU Member States recognise that cybersecurity should be a national priority, with a particular focus on ensuring the cyber resilience of critical infrastructure. Critical networks and infrastructure – transport, energy, banking – are where disruption would do the most harm.

Germany is a good example of a country that has done many things right, with a comprehensive cybersecurity strategy in place and a clear commitment to cybersecurity protections at the highest levels of government. However, purely national cybersecurity standards in Germany as outlined in the IT security law could also pose a hindrance to the coherence of cybersecurity rules across Europe. Cybersecurity does not stop at national borders; thus, industry-led, internationally-recognized technical standards play a vital role in delivering newer and more secure products to market, and enhancing the cyber resilience of governments, businesses, and citizens.

Vulnerable through lack of cooperation

The report also highlights some key gaps in protections across Europe, such as a lack of cooperation between governments and the private sector on cybersecurity. In Europe, most infrastructure is owned by the private sector, making public-private cooperation essential – yet only five EU Member States have an established framework for public-private partnerships on cybersecurity.

The more communication and coordination is taking place between EU governments and the private sector, the more resilient Europe will be in the face of evolving cybersecurity threats. An important improvement that could be achieved by the Network and Information Security Directive would be the creation of platforms for dialogue between the public and private sector on cyber threat trends and developments and to promote EU-wide exchanges on industry and government cybersecurity best practices.

The EU Cybersecurity Dashboard outlines the fundamental elements of a strong legal cybersecurity framework – from establishing strong legal foundations, to engendering trust and working in partnership, to
promoting cybersecurity education. These building blocks provide valuable insight for national governments who will ultimately implement cybersecurity rules and policies.

What to do?

The report also provides guidance on what not to do, as some governments around the world are unfortunately using cybersecurity as justification for protectionist rules that reduce choice and undermine cyber protections. That includes avoiding country-specific cybersecurity standards, obligations to disclose sensitive information such as source code or encryption keys, data localisation requirements, or preferences for indigenous providers among other unhelpful policies.

Cybersecurity cannot happen in domestic silos and it is important to consider the European and global implications of any decisions made in Germany. The IT security law should not, deliberately or inadvertently, prevent international companies from participating in the German market.

The severe hacker attack on the German Bundestag proved the importance of strong and resilient IT systems. No country is going to achieve this goal on its own. Only if the state and the private sector join forces to stop criminal hackers from becoming 21st century highwaymen, we will be able to strengthen public trust in the digital highways of our time which is a crucial prerequisite for realizing the growth potential of the digital economy.

COMMENTS

MOST COMMENTED

Communication Quarantine

Secretly checking emails, twittering from the restroom, online 24/7. How addicted to the "social media" phenomenon have we become? Markus Albert attempts to find out himself.

Google Almighty

Social media and Google are quickly becoming invaluable to our lives. By breaking with old structures, the little start-up emerged as the most dominant force of the Internet Age.

The Highlanders' Way

The Scottish National Party is governing from Edinburgh. Their central aim: independence from England. But this does not necessarily spell doom for the UK. Instead, we might see the emergence of new forms of partial sovereignty.

Tales from the Shire

The German federal government is relinquishing power to the EU in Brussels. Yet encouraged by the success of regional autonomy movements elsewhere, Bavarians want to bring politics back to Southern Germany - and closer to the people.

Moscow, Get Ready for Trouble

The long shadow of the Soviet Union can be felt even today. Around Russia, former republics and part-republics are experiencing turmoil across national and ethnic borders. If Moscow is not careful to play her cards right, destabilizing forces could soon become energized.

There is Always Room for Mysteries

Our understanding of the universe is continuously expanding. But every question that is solved only leads to new questions. Alexander Goerlach talked to Sir Martin Rees about astronomy, scientific certainty, and the role of religion in contemporary society.

Mobile Sliding Menu