Toespraak Neelie Kroes over het belang van veiligheid bij ict (en)

Met dank overgenomen van Europese Commissie (EC) i, Eurocommissaris voor Digitale agenda (opgeheven) i, gepubliceerd op vrijdag 15 april 2011.

Ladies and Gentlemen,

I'm delighted to be here because I think that protecting and increasing trust in critical ICT infrastructure is a key to innovation and jobs.

Today we are digitally dependent. That's a good thing. But it comes also with costs and responsibilities.

If we want to deliver the social and economic potential of ICT, then ICT systems have to be resilient, they have to be trusted. And that is impossible if cyber security is weak.

The European Commission wants to support a joint effort to lift our levels of cyber security. We want to be strong leaders, but we also know we can't do it alone from the top, or without our allies around the world.

On March 31st, the European Commission adopted a Communication on Critical Information Infrastructure Protection, which looks to strengthen not only our internal European cooperation, but also global cooperation.

We are speaking now because there has been progress in recent years, but not enough progress. We have not achieved the close cooperation we need, and we have to correct this.

If we don’t take action now, we will be keeping a brake on the economy and exposing governments and citizens to avoidable risk.

We had yesterday afternoon a Telecom Ministerial conference. There were a lot of tough discussions. Cyber security costs money, and there is not a lot of money floating around in 2011 budgets. But the cost of inaction is greater still - in terms of jobs, economic activity and the diminished trust of citizens and businesses. Yesterday I asked for a stronger political commitment to cyber-security, and I am pleased to say we agreed to make that commitment.

Specifically we are calling on Member States and the private sector at national, European and international level, to work with us to:

  • ensure all 27 Member States and the EU institutions have functioning Computer Emergency Response Teams by the end of 2012,
  • develop the first-ever European cyber-incident contingency plan by 2012,
  • continue pan-European cyber incident exercises, and ensure all Member States run their own exercises,
  • Promote global adoption of agreed principles for the stability and resilience of the Internet; and also for cloud computing,
  • establish or deepen strategic partnerships with our allies.

We do have ambitious goals at all levels: national, European and international. And they depend on much more than government action. I hope you are ready to join me in making practical efforts to improve cyber-security. On these issues, we are all in the same digital boat!

Economics of security

A major topic of concern for everyone here is, of course, the economics of better security. What price is the right price for more resilient and trusted systems?

I'm not here to tell you that. But I do want to warn that the price of failure is high.

It's not just a matter of waiting for a repeat of the 2007 Estonian attacks. For example, how many private sector jobs are you missing out on because there is not enough trust in the digital economy? The EU's digital economy is at least €500bn a year. That's the size of Belgium's economy, and it's growing at 12% a year.

It would be growing even faster if it were more trusted by small businesses and citizens. So every missed chance to increase trust in the digital economy is a jobs killer, and profit kissed goodbye.

Yesterday we also debated about whether a binding regulatory framework for Critical Information Infrastructure Protection would be desirable or not. Whatever the response, one thing is certain: you need to organise and engage as a sector to improve the quality and security of products and services. For example, as a sector your have to do more to push back against insecure products on the market. You have to treat security and privacy as core design principles.

That means that security features should become the norm, rather than a competitive advantage, but overall that will be a good thing for you and for the wider economy.

You can count on me - and on public authorities broadly speaking - to help you. In this respect, we all should take the best of public-private partnerships. I give the highest importance to these partnerships. The private sector owns or controls a majority of our ICT infrastructures, it is home to nearly all the ICT expertise. There is no cyber-security without the private sector playing a full role.

International cooperation

At the government level, we will also co-ordinate efforts on EU-US cooperation, to give just one key example. The new EU-US Working Group on cyber security and cyber crime will focus on four priority areas:

  • 1) 
    Cyber Incident Management,
  • 2) 
    Public-Private Partnerships (PPP)
  • 3) 
    Awareness Raising, and
  • 4) 
    Cybercrime.

The first cyber-incident desktop exercise will take place in 2011.

The PPP work stream will focus on fighting botnets, security of the Domain Name System, the Border Gateway Protocol, routing tables, undersea cables and industrial control systems for smart grids.

We will share best practices and materials for awareness raising.

And on cybercrime, our goal will be increased efficiency in removing child pornography from the Internet.

Conclusion

In conclusion, I want to say that I am grateful for the progress we have made in recent years. But I will be insisting on high standards, and will push back hard against any complacency on these issues.

It is much better to be safe than sorry; to invest rather than deal with expenses and regrets later on.

We cannot afford weak links, and we must support the weak links to get stronger. As I said before - we are all in the same digital boat.

Let us together, public and private sectors, make European and global cyber-security our collective success.

Thank you.