Last week, Microsoft partnered with POLITICO to host the first Annual Cybersecurity Summit. The event comes at a key moment in time. Cybersecurity has never been higher on the political agenda in the EU and globally. And with good reason.
This month’s cyber-attack on the U.S. Federal Government personnel office, which led to the information of around 4 million federal workers being stolen, is unfortunately not an isolated incident. This event reminds us once again of the importance of governments and companies ensuring the highest levels of cybersecurity.
Ultimately, people will not use technology they do not trust. It is up to us to establish the fundamental levels of trust that are required for new digital solutions to succeed. And the EU has already understood that more needs to be done.
In February 2013, the EU adopted its Cybersecurity Strategy. It aims to create a secure and trustworthy digital environment throughout the region. A crucial part of the strategy is the proposal for a Network and Information Security (NIS) Directive to raise security levels across Member States. By improving cooperation, including with the private sector, the Directive aims to help critical sectors and public authorities better respond to cyber incidents.
The European Commission’s commitment to building trust is also clear in the recently adopted Digital Single Market Strategy, a pillar of which is to build confidence in the digital sector. In 2016, as part of the DSM Strategy, the Commission is expected to launch a Public-Private Partnership on Research and Innovation in Cybersecurity to foster the deployment of secure networks and services. This will also work towards greater interoperability and recognition of standards in Europe.
Last but not least, the European Agenda for Security that was released on 28 April 2015 features cybercrime as a key priority. This agenda also puts a strong emphasis on public-private cooperation as a means to collect evidence and information, better react to cyber-attacks and enhance cyber capacity building action.
As cyber threats are rising, the need for swift reactions is increasingly important, and everyone – public and private stakeholders – must do their part. Public-private cooperation is not an option but an imperative. This was one of the key themes that emerged at the Cybersecurity Summit and was echoed by both Luxembourg Prime Minister Xavier Bettel and Microsoft’s Scott Charney.
Microsoft has been committed for over a decade to build products and services secure by design, secure by default, and secure in deployment. Through our Government Security Program we are fostering both security and transparency in particular through our network of Transparency Centers, the latest one having just been opened here in Brussels. In our Transparency Centers, national governments and international organizations can review and assess our source code and to assure themselves of the integrity of Microsoft’s products.
As the roles of governments in cyberspace are evolving, it is critically important to drive a robust debate on acceptable behaviors in cyberspace. The POLITICO-Microsoft Annual Cybersecurity Summit opened with a lively exchange on the need for such cybersecurity norms, in particular in times of peace, for cyberattacks that do not rise to the level of armed conflict. Microsoft is a strong proponent of politically binding cybersecurity norms and we have advocated six specific norms in a recently published whitepaper.
Another important discussion at our June 10 event covered the issue of encryption and the larger policy debate about striking the right balance between privacy and security. Europol Director Rob Wainwright highlighted the need of law enforcement access to data whereas representatives from civil society and industry have underscored the importance of robust technical means for protecting customer data. Microsoft, along with other tech companies, has been clear in our opposition to any policy actions or measures that would undermine encryption as an available and effective tool.
Finally, one of the key aspects highlighted at the Cybersecurity Summit is the need for harmonization of the legal frameworks. From an industry perspective, creating products or services that must meet divergent, or worse, conflicting national requirements is not only unworkable and unnecessary but also contrary to the EU Digital Single Market Strategy. As Member States, the European Commission and the European Parliament are in the process of finalizing the NIS Directive, they should ensure that the emerging legislation pursues a harmonized, risk-based, and technology-neutral approach.
There was broad agreement that greater uptake of cloud computing in Europe will provide significant economic opportunities while helping consumers, SMEs and enterprises to manage security risks in much more effective ways. Several panelists also pointed to key opportunities of leveraging big data to get to a culture of data-driven security. And as new security technologies, such as biometrics, are starting to make passwords obsolete, key attack vectors of the past will become much harder to exploit.
Overall, this Cybersecurity Summit demonstrated that there are a myriad of challenges ahead of us when it comes to ensuring security in the digital space, but also, that solutions do exist.
You might also be interested in reading more about “Europe’s Cybersecurity Push” on POLITICO.eu