Comment Neelie (Kroes)

Making speeches talk

Comment Neelie

Public-private cooperation in cyber-security

Brussels, 30 January 2012

Security and Defence Agenda dinner
SPEECH/12/47 (see the source)
by Neelie Kroes
Vice-President of the European Commission responsible for the Digital Agenda

In the last decade, we have seen a transformative change for the Internet. It has gone from promise to delivery; from a technical novelty to the backbone of our economy and society. But that ever greater usage carries an implication: in tomorrow's world, if the Internet is not secured, nothing will be.sentence permalink

+

Every day, the digital ecosystem boosts productivity, drives innovation, and stimulates growth and high-quality jobs. In future, it will be not just a tool for social interaction and economic transaction: but will encompass more and more services, health and social care, education, transport and energy grids. In that world, a resilient and smooth Internet is essential to a stable and growing economy.sentence permalink

+

At the same time, threats are growing. Attacks are going up, more numerous and more serious. From those doing it for publicity or notoriety, to those involved in organised crime, spying or outright warfare.sentence permalink

+

We all need to take responsibility on this issue. So we need to act strategically, to give it attention at the most senior level, and we need to work together.sentence permalink

+

That includes the public and private sectors cooperating. The private sector owns or controls the majority of ICT infrastructure and is home to nearly all the ICT expertise. No plan for cyber security can ignore this fact. Because sometimes we need to share information on threats, on risks, on vulnerabilities. Sometimes that information is sensitive, I agree. But we need to be able to exchange good practices and provide each other with solutions.sentence permalink

+

Plus, users also have to be actively engaged in securing the Internet. Some users may be unaware of the risks they run online, but their actions, or inaction, may have real consequences for themselves and others.sentence permalink

+

And we recognised this importance back in 2009, when we set up the European Public-Private Partnership for Resilience, the so-called "EP3R"; as part of our strategy to protect critical information infrastructures.sentence permalink

+

EP3R is a forum where we can work together on these kinds of issues. Where sectors, private and public, can cooperate on strategic issues of the EU's security and resilience. Where we come up with a common understanding of how to provide e-communications, continuously and securely. And how we can equip ourselves to deal with large-scale disruptions and botnets.sentence permalink

+

What's more, because EP3R is European, we can deal with threats and attacks even when they cross borders – as they so often do. Because online attackers, online criminals hardly care which country you are based in: they will just look for the weakest link in the chain, and go for it.sentence permalink

+

But threats can cross more than just national borders; they can also cross the Atlantic. So we need to act internationally. And we're doing that too. We've set up a joint EU-US Working Group on Cyber-security and Cyber-crime. It's making significant progress – again, including on a common approach to Public-Private Partnerships.sentence permalink

+

We will take this all further in our European Strategy for Internet Security, due later this year.sentence permalink

+

What will that strategy mean for the private sector? Three things.sentence permalink

+

First, I want public and private stakeholders to exchange and act on information about cyber incidents and attacks. That might require obliging private companies to notify cyber security breaches, incidents or attacks to the authorities – so that we can react quickly, to support the company, and minimise the collateral damage.sentence permalink

+

Second, I also want to stimulate private sector efforts to improve security - by providing the right incentives, and by raising awareness among users.sentence permalink

+

And, third, on the supply side, I want to invest in innovation for security technologies. Using the funding tools we have at EU level, like the Competitiveness and Innovation Programme and the Horizon 2020 programme for R&D. We will give the industry the opportunity to test out security solutions, in a real life scenario with shared financial risk. Where gaps are identified in security technology, we can develop ways to fill them. So we can provide security tools that are effective, trustworthy and easy to use.sentence permalink

+

That will itself stimulate a new – and increasingly important – industry. We can create a new business opportunity: to supply private and public sectors alike with the tools they need to tackle online threats. I want Europe to hold its own in that globally competitive market.sentence permalink

+

I want to close by stressing the importance of cooperation. The Internet does not belong to any one group, but attacks on it affect every group. So let's work together, all sectors, all levels, public and private, national, international and European. So that we can safeguard the security of the systems that increasingly underpin our lives, today and in the future.sentence permalink

+