Other available languages: none
Vice-President of the European Commission responsible for the Digital Agenda
Public-private cooperation in cyber-security
Security and Defence Agenda dinner
Brussels, 30 January 2012
In the last decade, we have seen a transformative change for the Internet. It has gone from promise to delivery; from a technical novelty to the backbone of our economy and society. But that ever greater usage carries an implication: in tomorrow's world, if the Internet is not secured, nothing will be.
Every day, the digital ecosystem boosts productivity, drives innovation, and stimulates growth and high-quality jobs. In future, it will be not just a tool for social interaction and economic transaction: but will encompass more and more services, health and social care, education, transport and energy grids. In that world, a resilient and smooth Internet is essential to a stable and growing economy.
At the same time, threats are growing. Attacks are going up, more numerous and more serious. From those doing it for publicity or notoriety, to those involved in organised crime, spying or outright warfare.
We all need to take responsibility on this issue. So we need to act strategically, to give it attention at the most senior level, and we need to work together.
That includes the public and private sectors cooperating. The private sector owns or controls the majority of ICT infrastructure and is home to nearly all the ICT expertise. No plan for cyber security can ignore this fact. Because sometimes we need to share information on threats, on risks, on vulnerabilities. Sometimes that information is sensitive, I agree. But we need to be able to exchange good practices and provide each other with solutions.
Plus, users also have to be actively engaged in securing the Internet. Some users may be unaware of the risks they run online, but their actions, or inaction, may have real consequences for themselves and others.
And we recognised this importance back in 2009, when we set up the European Public-Private Partnership for Resilience, the so-called "EP3R"; as part of our strategy to protect critical information infrastructures.
EP3R is a forum where we can work together on these kinds of issues. Where sectors, private and public, can cooperate on strategic issues of the EU's security and resilience. Where we come up with a common understanding of how to provide e-communications, continuously and securely. And how we can equip ourselves to deal with large-scale disruptions and botnets.
What's more, because EP3R is European, we can deal with threats and attacks even when they cross borders – as they so often do. Because online attackers, online criminals hardly care which country you are based in: they will just look for the weakest link in the chain, and go for it.
But threats can cross more than just national borders; they can also cross the Atlantic. So we need to act internationally. And we're doing that too. We've set up a joint EU-US Working Group on Cyber-security and Cyber-crime. It's making significant progress – again, including on a common approach to Public-Private Partnerships.
We will take this all further in our European Strategy for Internet Security, due later this year.
What will that strategy mean for the private sector? Three things.
First, I want public and private stakeholders to exchange and act on information about cyber incidents and attacks. That might require obliging private companies to notify cyber security breaches, incidents or attacks to the authorities – so that we can react quickly, to support the company, and minimise the collateral damage.
Second, I also want to stimulate private sector efforts to improve security - by providing the right incentives, and by raising awareness among users.
And, third, on the supply side, I want to invest in innovation for security technologies. Using the funding tools we have at EU level, like the Competitiveness and Innovation Programme and the Horizon 2020 programme for R&D. We will give the industry the opportunity to test out security solutions, in a real life scenario with shared financial risk. Where gaps are identified in security technology, we can develop ways to fill them. So we can provide security tools that are effective, trustworthy and easy to use.
That will itself stimulate a new – and increasingly important – industry. We can create a new business opportunity: to supply private and public sectors alike with the tools they need to tackle online threats. I want Europe to hold its own in that globally competitive market.
I want to close by stressing the importance of cooperation. The Internet does not belong to any one group, but attacks on it affect every group. So let's work together, all sectors, all levels, public and private, national, international and European. So that we can safeguard the security of the systems that increasingly underpin our lives, today and in the future.