Sélecteur de langues
Autres langues disponibles: aucune
European Commissioner responsible for Home Affairs
Making cyberspace more secure
Security and Defence Agenda (SDA) Cyber Security Initiative Conference on 'Defining Cyber Security'
Brussels, 9 November 2011
Vint Cerf – one of the founders of the internet – said:
"When we built the framework for the web, we did not think about security. We should have put stronger focus on issues like – where did that email come from and what device am I talking to - and therefore my conclusion is that we should start again with the internet".
What an interesting conclusion to draw. Even if I do not believe that we can start over again, Cerf confirms what we have been saying for some time – we have not taken the security aspect of the internet seriously enough.
Let's say, for example, one registers a domain name or an IP (internet protocol) address as Mickey Mouse, Main Street, Disneyland.
Not possible you say? Unfortunately, almost 50 percent of the applicant data for the top five generic domains - .com (dot com), .org, .net, .info and .biz show evidence of false or incomplete identity information.
This makes it extremely difficult, if not impossible, for law enforcement authorities to trace abuse of internet resources.
Equally worrying, one can now purchase illegally obtained information, such as credit card details, from websites for as little as 1 Euro per card.
I would not be surprised if a few of us here today have fallen victim to this. It might be worth checking your bank accounts when you get back home tonight.
And consider for a second what sensitive information we have stored on the internet; medical and criminal records, information vital to critical infrastructure, to name but a few.
Some say that threats from cyberspace are exaggerated, that with faith in technological advances, and a little patience, our security concerns will fade.
I disagree. This is a battle we might not win. If we are to keep an open and secure internet we have to act now.
* * *
The main responsibility lies with the Member States and industry. But of course the European Commission has a role to play. And it is one which we take very seriously.
Since February last year, enhancing cyber security and tackling cybercrime has been one of our top priorities – as has been highlighted in the Internal Security Strategy. And much has been done – both through harmonising legislation and through practical actions.
But instead of focusing on what we have done, let's look ahead and see what is still to do. I would like to highlight three things.
First, and in my mind the most important task, we must make all necessary preparations so we can set up a European Cybercrime Centre in early 2013. This centre will be the focal point for Europe's fight against cybercrime.
Early next year, we will table a proposal on the key objectives for the centre as well as on the logistics. This will then be discussed with the Member States and industry.
Because, as the old saying goes, "you get out what you put in". Without sharing information with key partners the centre will never be able to fulfil its potential.
Second, together with my colleagues Neelie Kroes and Cathy Ashton, we will, over the coming year, develop an overarching EU cyberspace strategy. The aim of the strategy will be to increase the impact of our actions and, above all, to better coordinate our activities.
One concrete example of this is to create the links between the cybercrime centre and Member States law enforcement authorities on one hand and the different Computer emergency response teams (CERT) on the other hand.
Through this, we will also improve cooperation between our two important agencies Europol and ENISA.
Third, even if we step up the efforts in Europe, this will not be enough given the global scale of the problem. And this is where cooperation with our key strategic partners is crucial.
A prime example is the EU-US working group on cyber security and cybercrime, set up following the summit last November.
That group is now due to report back to the EU-US summit in a few weeks.
And I can tell you that we have successfully delivered results in everything from combating child pornography – where we have identified new technical solutions - to the first ever test of Trans-Atlantic responses to cyber attacks, an exercise which took place last week.
But more remains to be done – such as making it more difficult for "Donald Duck" to register a domain name, as well as to improve operational cooperation in the fight against cybercrime – therefore I hope the upcoming Summit will task us to do further work.
* * *
Let me end where I started – once again with the thoughts of Vint Cerf– a man who helped found the internet, but who, in his words, 'didn't think about security'.
That was the case then. But today we would be foolish - 20 years later, with computer systems increasingly vulnerable to ever more malicious attacks – to say the same thing.
The Commission will be busy in the coming year finalising the set up of a cybercrime centre, develop an overarching EU cyberspace strategy and enhancing cooperation with the US as well as with other international actors. But we cannot do this alone.
For this reason, I call upon governments, organisations, and industry to put this higher on the agenda. And let's agree on one thing – more action on all fronts is needed.
That is why I would like to thank the Security and Defence Agenda for this timely initiative to discuss what concrete actions need to be taken. And I look forward to the policy recommendations this project will result in.
Thank you for your attention.