Figures and graphics available in PDF and WORD PROCESSED
Ladies and Gentlemen,
Back in the 60s, Arpanet was sponsored by the US military to maintain communications in case of a Soviet nuclear attack. That system evolved into today's Internet: a tool that has transformed our world.
The Internet is a stimulant for a tired economy, a platform for democracy and self-expression, and an essential infrastructure for our everyday lives.
There are already 2 billion users worldwide, and in the future there could be tens of billions of devices connected, from phones to fridges to cars.
However, the Internet was not conceived with security in mind; perhaps, quite understandably, its creators never imagined how pervasive and essential it would become.
Indeed, you could argue that design flaws from the very beginning made the underlying codes subject to security problems. Experts such as Mr Kaspersky can tell you what damage can then arise.
My first message today is that we need to take this seriously. Already, cyber crime today amounts to over 1 trillion dollars; more than the total drugs trade.
And the more we become dependent on the Internet, the more we need it to be resilient and secure. Imagine a tool that could shut down electricity, derail trains, block communications, set homes on fire, disturb control and command.
All these things instantaneously and simultaneously; things attackers could do cheaply, anonymously, and without at all jeopardising their own safety.
This is the destructive potential of Internet unless we take its security seriously.
My second message is that we are not yet keeping up with fast-changing threats. Within the EU, for example, there are still some Member States without a functioning national Computer Emergency Response Team.
Only 15 Member States have adopted a national security strategy and even fewer have a national contingency plan.
So this year I, with my colleagues Catherine Ashton and Cecilia Malmström, intend to propose a European Strategy for Internet Security.
First, to make sure our networks and products are as robust as possible. Second, to promote working together to avert and mitigate threats.
Third, to stimulate a globally competitive EU industry. And fourth, to cooperate not just within Europe, but internationally.
It will partly be about things like awareness raising, public-private cooperation, investing in new technology, and providing the incentives to increase security.
But it will point towards legal instruments, too, so we can step up from the current voluntary approach, towards a binding one.
My third point today is that we must always remember that the Internet is unique, and protecting it requires unique solutions.
This task is increasingly taking on the language of the security world. "Defence", "warfare", "military" policies, and so on.
There are some who take that analogy further, and suggest using the traditional instruments of interstate relations: diplomacy, Treaties, national security policy, and so on.
That's understandable given the increasing strategic importance of the Internet, its centrality to national security, and the undoubtedly state-sponsored origins of some of the attacks.
But don't forget: the Internet is more than just a tool of security: it is also a tool for liberty. The two are closely linked; in our own European Charter of Fundamental Rights, the two terms appear in the same sentence.
So, security should not compromise freedom of speech, privacy and integrity of the unified Internet: rather, it should support them. Because the Internet belongs to everyone.
And for that very reason, everyone together must take responsibility.
Without working together, without balancing the different legitimate interests in play, we won't succeed in building a resilient Internet.
One that supports our citizens' need to be secure, supports our economy, and supports the values for which we stand.