A Secure Future: Cybersecurity and the EU - Foundation Office United Kingdom and Ireland
The event was introduced by Matthias Barner, Director of Konrad-Adenauer-Stiftung UK and Ireland and moderated by Noelle O Connell, CEO of European Movement Ireland. The role of the EU Cybersecurity Strategy in promoting cyber resilience, safeguarding data and keeping the online economy secure was analysed. The panel discussed issues concerning prevention, securing critical infrastructure and protecting intellectual property, while also developing capabilities to respond and equipping organisations and citizens. The event also looked at the experiences of EU Member States and the recent attack on the Irish Health Service.
Jo De Muynck, Head of Operational Cooperation Unit in the European Union Agency for Cybersecurity (ENISA) began his opening remarks by highlighting ENISA’s a recent report which draws attention to the increased impact and frequency of cybersecurity incidences, with ransomware being one of the primary security threats. He stated that there has been a recent flood of misinformation and disinformation and urged policymakers to put these issues at the core of their agenda. The EU Cybersecurity Strategy contains concrete proposals for employing regulatory and policy initiatives across three areas: resilience; operational capacity and cooperation. Mr De Muynck [SO1] stressed the importance of keeping pace so that emerging technologies are not misused by cyber criminals. The EU Joint Cyber Unit is an important step towards completing the European cybersecurity crisis management framework.
The second speaker, John Reyels, Head of the Cyber Policy Coordination Staff with the German Federal Foreign Office noted that this past year has seen many premieres in the cyberworld including several significant attacks on critical infrastructure such as the attack on the German Parliament, the Bundestag, and the cyberattack on the Irish health sector. Mr Reyels expressed the concern that exists among diplomats over the destabilising nature of these cyber-attacks. While international human rights laws apply in the cyber world, Mr Reyels admitted that more work needs to be done to improve the application of these laws in the cyber world. As they were conceived at a time when the cyberworld was unimaginable. Mr Reyels stressed the need for EU countries to engage with the processes at the United Nations such as the Open-Ended Working Group, that strive to build a framework for safe and responsible behaviour in cyberspace. Mr Reyels praised the cooperation that exists at an EU level, such as through the EU Toolbox mechanism that allows EU partners to respond to a crisis in unison, whether that is by releasing a joint statement or putting in place sanctions against perpetrators. The EU should work towards having standard policies when it comes to trustworthy suppliers, particularly when dealing with critical infrastructure.
Brian Honan, CEO and Principal Consultant for BH Consulting Cybersecurity and Data Protection discussed the knock-on effects that cyberattacks can have on society, pointing to the HSE cyberattack and the Colonial Pipeline that disrupted access to health care and fuel prices respectively. Mr Honan pointed to the work being done at an EU level but stated that policy alone will not solve this issue. We need the wider international community to engage in cyber diplomacy, as many attacks come from groups based in countries outside of the EU. Mr Honan echoed the point made by Mr Reyels about the need to have trustworthy suppliers. Some technology will come from others who may not share the same democratic values or respect for human rights as we hold. According to Mr Honan, we need to assist citizens and businesses to become more aware of how to improve their cybersecurity and prevent attacks. Laws and regulations, together with cyber diplomacy and education for citizens, can help prevent and mitigate against cyberattacks. Mr Honan concluded by saying that in order to build a European Union that is based on the individual freedoms and rights and one that has a thriving and resilient economy, we need to focus on not only technology, but also policy, diplomacy and people.
Following the discussion, questions were posed about the potential threat of cybercrime to the integrity of electorate processes and what EU institutions and governments can do to prevent and deal with attacks. Jo De Muynck said that while ENISA can offer advice to Member States, these issues can be dealt with on a national level and he encouraged countries to share best practices and lessons learned. John Reyels replied by saying that governments need to build sensitivity among the public about these threats and need to make the citizens aware of any active campaigns of disinformation surrounding elections. Brian Honan added that awareness campaigns should encourage people to get news from trusted sources. He would also like to see more pressure being put on social media platforms to monitor and regulate rogue accounts that are used to amplify and spread this disinformation.
A questioner asked Mr Honan how policy makers and citizens could be supported in relation to areas like technology in smart cities, GDPR and autonomous vehicles. He highlighted how society has generally viewed cybersecurity exclusively as an IT problem. However, recent cyberattacks have alerted people that cybercrime can affect all corners of society and that IT experts alone cannot solve these issues. He urged people to start raising cybersecurity and privacy issues with politicians and policy makers so that these topics are prioritised.
John Reyels was asked how EU initiatives such as PESCO can be used to help Member States meet challenges posed by cyber-attacks. He admitted that it can be complicated, but we need to find ways to pool together our resources to counter the threats we face and used NATO as an example of how this can be done. He recommended that at a national level, countries should build on their individual cyber defence forces, while the EU has the responsibility of creating a platform for States to share best practices and create capacity for a joint cyber response when necessary. Jo De Muynck outlined the ENISA projects that currently exist to facilitate the pooling of expertise and encouraged further cooperation between states to ensure an adequate response should a large-scale cyber crisis happen.
Following a question about what the EU can do to reassure the Irish people that their data is safe after the recent cyberattack on the Irish Health Service, Mr De Muynck outlined that many lessons were learned and that this case demonstrated how communication and rapid common situational awareness is critical.
Answering a question based on whether militaries can learn from the cooperation seen by policing services in the cyber domain, Mr Reyels drew attention to the Council of Europe’s Budapest Convention which provides a mechanism allowing for the exchange of information across borders. This should be used as an important blueprint for international cooperation in the cybercrime field.
You can watch a recording of the event here.