The European Commission is developing a joint cyber security strategy that will help create a common vision for improving cyber defenses across the European Union, the head of the European Commission for Home Affairs said yesterday.
The strategy, which is expected to be completed later this year, has several key elements, Cecelia Malmstrom, European Commissioner for Home Affairs, said at a conference on Trans-Atlantic cooperation in cyber security hosted by the Center for Strategic and International Studies.
First, Malmstrom said, is that freedom and security in cyber space are “not mutually exclusive” and that both must be achieved.
“The virtue of an open cyber space has to be maintained while of course providing the right levels of security,” Malmstrom said.
Resilience and response capabilities also have to be enhanced, Malmstrom said. There needs to be a cyber component to critical infrastructure protection throughout the EU, she said.
This drives the need for improving information sharing “in a secure and confidential manner” and doing so between and within the public and private sectors of the EU members, Malmstrom said. Information sharing around cyber security can also be enhanced with the United States, she said.
Given that the private sector owns most critical infrastructure, they need to find ways to improve their security, reduce risks, and work with national authorities and each other, Malmstrom said. To do this, incentives are required but not through a “top down approach…with governments trying to mandate better cyber security,” which she said, “is bound to fail” based on previous experience.
Malmstrom said that new ways have to found to work with the private sector to create trust and improve coordination, including the “joint handling of incidents.”
The private sector will need to continue to develop better software and more resilient technology while the EU must continue investing in new technologies, she said.
Finally, the strategy will “identify” how the EU can “reach out to our strategic partners” globally to improve coordination and make responses more effective, Malmstrom said. Ongoing work between the United States and the EU here, such as joint cyber security exercises, is “a good example,” she said. The United States and EU are also beginning to develop a strong operational partnership in cyber security, pointing to cooperation among the FBI in the United States and the European law enforcement agency Europol.
Malmstrom noted that the European Commission has outlined plans for a new Cybercrime Center that will be established within Europol in The Netherlands. This center will be the focal point of cyber crime fighting in Europe and will also be a node for sharing information with international agencies such as the FBI and Interpol, she said.