Speech: Securing our digital economy
European Commission
[Check Against Delivery]
Neelie KROES
Vice-President of the European Commission responsible for the Digital Agenda
Securing our digital economy
CEBIT, Cyber Security Conference
Hanover, 10 March 2014
To add your comment to this speech, see the social version of the speech here
The annual CEBIT fair reminds us of the positive power of technology.
I do not apologise for being an optimist about technology. But I am a realist too.
It is clear that the cord connecting technology and democracy has been severed. This is bad for democracy and bad for technology and it will not be easy to stitch the two back together.
Just as a realist must acknowledge this problem, a realist also knows that slogans and anger are not real solutions.
First we need to understand how the internet is changing, and how it is now driven by data.
The next phase of the internet will be data-centred and connectivity driven. Cloud computing, big data, the Internet of Things; tools which support manufacturing, education, energy, our cars and more. The internet is no longer about emails.
To make the “leap of faith” into this new world, reliability and trust is a pre-condition. But when even the phone of the Chancellor is not sacred, that trust can never again be taken for granted. Not only that, it is clear that for millions of Germans, and billions around the world, that trust is now missing.
Online trust has many aspects. It is not something that governments or a hardware supplier can simply deliver to you like a package from Amazon.
It's about parents knowing their kids are empowered and protected online. It's about businesses knowing their cloud data is safe - not in the hands of competitors or governments is safe. It's about having resilient critical infrastructure so an electricity network breakdown doesn't mean a nuclear meltdown.
Deutsche Telekom report 800,000 attacks a day on their networks. That's almost 10 per second, all day, every day.
93% of large ones report being subject to cyberattack. 75% of small businesses report it to.
And you know, I think 100% of businesses are under attack; it is just that some don’t realize it.
Each such incident can cost up to €50 million. For critical infrastructure, the cost of a breakdown could be as high as a quarter of trillion dollars. And don't forget the reputational damage. As more and more of that trust from citizens is flushed into the ocean.
This cannot continue. Whatever sector you're in - online security needs to be part of your business model. A habit as automatic as locking your front door.
Continued risks like we see today turn our economy and our privacy into a game of roulette. It’s no better than the games the banks played with us, and which we joined, in the years leading up to 2008.
Security is not only about damage control. It can also be Europe’s competitive advantage in a world that is seeking security. President Obama's recent speech was a welcome first step to better security. Democratic checks and balances are essential: but they are not enough: we must also protect ourselves
So let us set out what we want and what we will build for ourselves: European sovereignty.
This isn't about independence or isolationism. It's about being in control. Guaranteeing the best interest of our citizens, industry and researchers. Working together to make Europe the securest open internet space.
European sovereignty can ensure personal sovereignty: so you own and control your data, for good and bad. You have the right to decide where your data goes, and the responsibility to live with your choices.
These concepts do not give us easy answers. Because there is no easy answer. Real solutions lie in collaboration and shared responsibility.
One thing is clear: protectionism is not the answer. Protectionism is based on a lie - the lie that erecting walls can solve problems and make opponents go away.
Germany of all countries knows that walls do not achieve that. no such thing.
For a European secure communication network, as Bundeskanzlerin Merkel called for recently, we really need to change our mindset. Not just cutting ourselves of from online innovation: but by tightening protections across the value chain.
The European Commission is already investing in innovation, together with research partners across Europe. And we have tabled a legislative proposal on Network and Information Security that must be finalized in 2014 if we are serious about protecting ourselves.
This EU directive requires companies and governments to take responsibility for your data. A voluntary approach is not enough: not any more. A weak link lets down the whole chain; weak legislation lets down our economy.
The next few months will be crucial for this Directive: I will work closely with lawmakers to agree it this year.
Then we have a virtuous circle, where technology, laws, fundamental rights our industry and our economy all support each other.
We should not embrace technology for its own sake: but for the opportunity it offers our industry, our economy, our everyday lives.
Snowden gave us a wake-up call. Let's not snooze through it. Let's not just act shocked. Let’s not turn our back on technology.
Instead: let’s act to protect ourselves with more than slogans. Let’s work together with the best and trusted partners in and outside Europe.