Neelie Kroes, the EU Commissioner for the Digital Agenda, stresses that cyber security is a shared responsibility between public and private players.
Networks and infrastructure are mainly privately owned and run but only 26% of enterprises in the EU have a formally defined ICT security policy with a plan for regular review, she noted.
"I understand that companies do not share information due to fear of reputational damages or liability," Kroes stressed in a November 2012 speech, saying there should be "no weak links across the EU."
Kroes announced that the Commission was considering extending to new areas the telecom sector's obligation to adopt risk management measures and report incidents to authorities. She cited the following sectors: "Internet services, banking, energy, transport, health, public administrations".
Cecilia Malmström, EU Commissioner for Home Affairs, urged EU countries and national judicial authorities to cooperate on cybercrime: “We can't let cybercriminals disrupt our digital lives. A European cybercrime centre within Europol will become a hub for cooperation in defending an internet that is free, open and safe.”
Ren Zhengfei, founder and CEO of Chinese telecoms equipment giant Huawei, said growing data flows across borders are creating new challenges for industry and policymakers.
“As data flooding increases far faster than prevention technology develops, the whole industry faces information security challenges. Cyber security is a common issue that the whole industry has to face. We must join hands to proactively address this issue,” Ren said. “We must utilise information to benefit mankind and adopt a positive attitude towards data floods—not merely look at the ills or complexities that they create,” he said.
Rob Wainwright, director of Europol, said: “The establishment of the European cybercrime centre will be a landmark development in the EU's fight against cybercrime. I am delighted that the Commission has proposed its establishment at Europol. Organised crime groups, terrorist groups and other criminals are quick to exploit the opportunities afforded by developments in technology, and the time is ripe for the authorities to get one step ahead. The European cybercrime centre will provide governments, businesses and citizens throughout the Union with the tools to tackle cybercrime.”
Monika Hohlmeier (European People's Party), European Parliament rapporteur on the directive on attacks on information systems, said: “The effort of collaboration in the fight against cyber crime has to be stepped up - amongst authorities and between companies and public bodies. I am hoping that the new European centre for cyber crime at Europol can be successful in preventing and fighting online crime in the EU”, said the European Parliament Rapporteur.
“There is a serious disconnect in how people view the threat of cyber crime,” said Adam Palmer, cyber security advisor at Norton. “Cybercrime is much more prevalent than people realise. Over the past 12 months, three times as many adults surveyed have suffered from online crime versus offline crime, yet less than a third of respondents think they are more likely to become a victim of cybercrime than physical world crime in the next year. And while 89% of respondents agree that more needs to be done to bring cybercriminals to justice, fighting cyber crime is a shared responsibility. It requires us all to be more alert and to invest in our online smarts and safety.”
“The revised ITRs should acknowledge the challenges of the new internet economy and the principles that fair compensation is received for carried traffic and operators’ revenues should not be disconnected from the investment needs caused by rapid internet traffic growth,” said Luigi Gambardella, the chair of ETNO, which represents Europe’s largest e-communications services and network providers.
“The ITRs should be flexible enough so as to further encourage future growth and sustainable development of telecoms markets, while respecting the guiding principles that led to the successful development of the Internet: private sector leadership, independent multi-stakeholder governance and commercial agreements,” Gambardella added.
"If you are going to make policy on the internet you need to know about the affected parties in this case civil society, governments, industry. That means a multi-stakeholder approach should be preserved. That is not happening in the ITU negotiations,” said Vint Cerf, a so-called “father of the internet,” who works as Google’s chief internet evangelist.
“Static regulation could threaten the growth of the Internet, the Internet economy and Internet innovation,” said Sally Wentworth of the Internet Society, an NGO seeking to retain an open internet.
Wentworth went on to explain why there are fears over the Dubai negotiations: “Only governments ultimately get to negotiate. If you want to be involved, the first thing to do is to call on your government to offer an open and participatory national process to prepare for this treaty negotiation.”
John Suffolk, the global cyber security officer at Huawei, told EURACTIV: “There is a danger that cyber could be used as a proxy for a trade barrier. I think every one of us should be very cautious that that accelerates. It’s a view I gave in government and in the private sector and it’s my private view, but I think it’s a dangerous road.”
“Cybercrime is borderless by nature – this also makes criminal investigations more complicated for law enforcement authorities. To effectively tackle cybercrime, adequate cross–border provisions are needed, and international cooperation and mutual assistance within EU law enforcement, and between the EU and third countries, needs to be enhanced.” says Rob Wainwright, Director of Europol.
The web browser is now one of the most security-critical components in our information infrastructure - an increasingly lucrative target for cyber-attackers,” comments Professor Udo Helmbrecht, Executive Director of ENISA.
“The bottomline is: cybersecurity is incredibly difficult – and is made even more challenging by the rapid change in technology, for instance what we are seeing in cloud computing,” said Katherine McGuire, Vice President of Government Relations for the Business Software Alliance.
McGuire stressed: “It requires continuous work and innovation to secure our evolving cyberspace and thwart the relentless work of cybercriminals. This is why we need the commitment and involvement of all parties to make it happen.”
Christopher Painter, coordinator for cyber issues for the State Department, said the US faces various potential cyber threats from “freelance hackers to militants and potentially rival states.” “It goes across governance issues, economic issues, military issues,” Painter told Reuters.
"Very few single cyber-related events have the capacity to cause a global shock. Governments nevertheless need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate. There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services. In addition, reliable Internet and other computer facilities are essential in recovering from most other large-scale disasters," Peter Sommer from the London School of Economics and Ian Brown from the Oxford Internet Institute wrote on a report for the OECD.
"Over the past ten years, the frequency and sophistication of intrusions into U.S. military networks have increased exponentially. Every day, US military and civilian networks are probed thousands of times and scanned millions of times," said William Lynn, the US deputy Secretary of Defense, outlining the importance of security to EU policymakers.
"Adversaries have acquired thousands of files from US networks and from the networks of US allies and industry partners, including weapons blueprints, operational plans, and surveillance data," Lynn continued.
Assistant US Secretary for Infrastructure Protection, Todd M. Keil, observed in a recent speech that “An approach to critical infrastructure security that is based solely on protection is insufficient for successful management of the risks that we currently face.”
"The protection of personal data is a fundamental right," EU Justice Commissioner Viviane Reding said in a statement. "To guarantee this right, we need clear and consistent data protection rules. We also need to bring our laws up to date with the challenges raised by new technologies and globalisation. The Commission will put forward legislation next year to strengthen individuals' rights while also removing red tape to ensure the free flow of data within the EU's Single Market," Reding continued. On the risk of personal data breaches, Arvind Narayanan and Vitaly Shmatikov from the University of Texas, argue: "Privacy risks of publishing micro-data are well known. Even if identi?ers such as names and Social Security numbers have been removed, the adversary can use background knowledge and cross-correlation with other databases to re-identify individual data records."
On the difficulties of protecting data, Marc Mueller from the German Federal Office for Information Security, BSI, said: There is a high number of information recipients and senders in some sectors. Especially in the case of privatized markets changes in addresses and responsibilities by staff turnover or other changes inside organisations are daily business. Sometimes new companies are created and old ones disappear over night – just because of changing stakeholders. Guaranteeing the reachability of all involved partners during particular situations of crisis is extremely difficult."
The NGO, Europe versus Facebook, issued a press release urging citizens to demand their data from Facebook: "Every citizen in the EU has the right to get a full copy of all personal data a company is holding about them (“access request”). Three students from Vienna, Austria have done so recently and got a CD with a PDF of 780, 1,142 and 1,222 pages. In all data sets you could find sensitive information such as political and religious beliefs, or sexual orientation of the user."
“The completion of the Domain Name System Securit Extension (DNSSEC) chain of trust means that everyone visiting a website using a signed .eu domain name can be confident of its legitimacy since name server responses can now be validated all the way up to the Internet root zone,” said Marc Van Wesemael, General Manager of EURid, the .eu domain registry.
“As such, .eu is amongst the first top-level domains to have full DNSSEC-support, fulfilling our objective to be at the forefront of implementing Internet security measures via proven standards. EURid encourages .eu domain name holders, through their registrars, to sign their .eu domain names with DNSSEC, therefore adding digital signatures to all levels in the chain,” he added.