Speech: Facing the future – making our online economy trustworthy, reliable and resilient
European Commission
[Check Against Delivery]
Neelie KROES
Vice-President of the European Commission responsible for the Digital Agenda
Facing the future - making our online economy trustworthy, reliable and resilient
10 years of securing Europe’s cyber security… and beyond!' ENISA’s high-level event
Brussels, 1 October 2014
To add your comment to this speech, see the social version of the speech here
Ladies and Gentlemen,
We are here to congratulate ENISA on its ten year anniversary. It hasn't always been an easy ride, to get Enisa where it stands now. But a lot has been accomplished so far... And much more can be done and needs to be done.
I hope you'll forgive me. I see birthdays not only as a chance to celebrate, but as a great opportunity to reflect, and to plan for the next steps. Not commemorating the last 10 years, but looking ahead to the next 10. What are the opportunities and challenges we are facing in Europe, when it is about becoming more responsive and resilient to cyber threats? Are we alert, aligned and ready for it? Or do we like just to imagine that we have everything in place?
If I am honest with you, Europe needs to be far more ambitious in this field. Both in the public sector as well as in the private sector. We can't wait for something to happen which could potentially have an enormous impact on Europe's critical infrastructures. Just think of the consequences of telecom networks not functioning or energy grids. Just think of what it means, if one part of the European Single Market is much more vulnerable to cyber threats, than the other part. Because that is the present situation we are in. Think of what it means if citizen's trust in the digital economy is gradually and steadily eroding.
Digital tools are changing our world, transforming every aspect of our lives. Greater dependency also means greater vulnerability. At present, there is an ever-growing awareness of online threats, and their implications. In June EU-leaders called cyber- security a priority for the next Commission. Only a few weeks ago NATO put cyber on the top of their agenda.
We are aware that we should protect ourselves, and equip ourselves. But do we know where to begin? Sometimes people just see security solutions as a restriction, a limitation, an extra cost. But quite the opposite: they are not a cost, but an enabler. It can enable competitive advantage. It can enable trust in digital opportunities. In fact the real economic damage happens if we cannot trust, if we hold back from digital secure innovations. The World Economic Forum puts the cost of that at over 2 trillion euros. That's far more expensive than the alternative. So let's stay safe and secure.
We need to step up our ambitions. It is about time that within Europe we say that we - pro-actively -are going to deal with cyber threats.
Here are three things we need to achieve.
First: we need to make online security the "new normal". As obvious and natural as locking your front door in the morning. Both for the citizen, companies, research organisations and the public services.
We don't start from scratch. We already have new rules for e-identification. That's a real way to make a difference. Building confidence and convenience for all kinds of online transactions; a gateway to our digital single market. And I know ENISA will be helping us put those new rules into practice.
But we need to go further. That is why we have proposed a Directive for more secure network and information systems. And I expect it to be finalised before the end of this year.
This legislation is about the three C's of Cyber: better Capabilities to avoid and respond to cyberattacks. A better Culture: more aware, more proactive, more transparent, with better checks and balances, based on principles of responsibility, accountability and transparency. And more Cooperation between EU countries, at strategic and operational levels. That is what our proposed NIS legislation would deliver. The European Council has made clear this is essential for a digital single market; the Parliament has given its views. Now we need to press ahead and deliver those safeguards for every European.
Second - we need a strong sector to supply security solutions. A trustworthy online world is essential to our innovative future in every area; likewise, a strong cyber industry is essential to our entire economy.
Just like electronics, or high performance computing, excellence in this area will support and stimulate excellence across the board, and help Europe find its own technology solutions . But a weak performance would hamper and hamstring everything we do. That is why I want to set out a strategy that uses public and private expertise, that aligns our industrial and innovation policy for cyber. Building on our strong industrial capacity, of large and small companies present here today, our strong Horizon 2020 investment, and our existing cooperation in the NIS platform.
To get there we will need to consult a broad base of stakeholders. Industry, institutions, member states and civil society. I am already discussing with my designated successor Günther Oettinger how this could be shaped, even in the short term, into an advisory group for a cybersecurity industrial strategy. It is an initiative which is demand oriented. It is an initiative which prepares the ground for future oriented developments in the digital world, such as the internet of things and cloud computing. It is an initiative which is at the core of our European Cyber security strategy, which was launched in 2013.
What is this initiative about? Digital products and services must resist cyber-attacks: only then can they achieve their value, economically and socially. You need to know and trust who you are talking to, and that your communications are secure and protected. With a secure 'communication backbone' across the industrial value chain. To achieve this, a Strategy Advisory group will develop and industrial strategy. for a stronger ICT security industry in Europe. It should add value, and could launch European industry as a powerful player in the future, forward-looking connected world, while safeguarding fundamental rights. And I invite Reinhard Ploss to share some of his ideas with us in the panel session.
Third - I don't want us to panic about new threats. But equally: let's not sleepwalk into a new kind of future. I want Europe to be aware, informed and equipped. Able to turn to the right experts, people who can tell us how to understand, manage and mitigate risks.
And that is why I see a much stronger strategic role for ENISA. The EU's Agency for network and information security. The EU's protection and safeguard in a digital age.
So for the 10 th birthday I don't want to just look backwards; let's look ahead. Let's plan the 20 th birthday. What achievements, what changes, what role will we be celebrating?
Here's how I answer those questions. Here's where I want to see ENISA leading in the next 10 years. Which role could they play in an industrial policy for Europe?
We need operational cooperation to help us stay secure. I hope our new Directive will give us the foundation we need. But what about a fully-fledged mechanism to deal with cyberthreats? That will take time. But in ten years from now, I expect that Member States will engage with each other across the board; including on sensitive matters, for a true EU level capability. And ENISA is well placed to lead to provide essential strategic support for this.
Enisa should help us strengthen our defences when it matters most. What about the millions of smaller businesses in Europe? They are the backbone of our economy; but also its weak ankles, when it comes to security. Enisa can be the strategic partner to strengthen the value chain for them.
Most of all, faced with so much uncertainty and worry, we need a thought leader, able to give intellectual command, and authoritative advice. ENISA is well placed to do that.
In short: I don't want ENISA to be a forgotten backwater of the EU's institutional machinery. I want it to become Europe's top brand name in online security. Something everyone has heard of. Somewhere everyone can trust. A place where everyone can go to: everyone who cares about cybersecurity in Europe, a name on everyone's lips.
To conclude, I would like to give you one clear and strong message, as a Commissioner who will hand over this important portfolio in the next coming weeks: Europe's Member States should take the full responsibility in making the Digital Single Market a safe and secure zone to do business. Looking at the fast changing cyber-landscape and the fact that cyber-threats are becoming more and more sophisticated, this is the moment to act pro-actively. This is the moment to act in a united way.
We are not there yet; getting there will take a sustained effort and active ambition. But together we have an opportunity to make Europe the world's safest, securest, most open online space. I want you and a much more ambitious Enisa to be at the heart of that. Let's make ENISA's 20 th birthday really something to celebrate.