EUobserver Opinion: 'Europe must play stronger role in cyber security'

The personal data of an estimated 18 million federal employees of the United States were recently affected by a cyber breach at the Office of Personnel Management (OPM).

This OPM breach is catastrophic for the US, both for national security and for the individuals whose information has been compromised.

Director of national intelligence, James Clapper announced that China is to blame, and this is not the first time the US is blaming China for severe cyber espionage and cyber attacks.

For Europeans it is most interesting to see how US will now react.

The United States earlier this year declared a strong cyber sanction policy against foreign nation-state hackers and published cyber deterrence guidelines in the Pentagon's new strategy.

Europeans are almost always following the US example in cyber security. But why are European countries not openly discussing their own sanctions policy against foreign hackers?

Washington is currently at the forefront of conceptual and political discussions, as well as practical actions, in cybersecurity.

Having spent at least a decade integrating the cyber domain into its security and social thinking, it has also taken the lead in using cyber attacks as a tool of foreign and security policy, thereby placing it far ahead of Europe.

Most European countries have cyber strategies on paper, but public discussion at policy and doctrinal levels and practical measures are not as mature as they are in the United States.

The difference between the United States and Europe is notable, and without serious efforts in Europe the gap is only likely to widen.

This would increase the potential for Europe to become the focal point for more serious cybercrime, espionage and even debilitating attacks.

Europe would be foolish not learn from the US but it is time for Europe to take more active and stronger role in cyber security - for its own sake.

Cyber security policy

Cyber security has entered the domain of foreign and security policy due to the ever-globalising world. In this digital domain, strategic advantage can be either lost or won.

The Cybersecurity Strategy for the European Union and the Eurpean Commission proposal for a Directive on Network and Information Security put forward legal measures and give incentives aiming at making the EU's digital environment the most secure in the world.

But it is not easy to deal with 28 countries and despite these steps at EU level, European cyber security remains almost exclusively a national prerogative.

There is still a long way to go before Europe becomes a real cyber power like the United States.

The reality is that Europe has much smaller role in global cyber security than it should have. Europe possesses all the prerequisites to become a much more important player in global cyber development, but for some reason it seems to be satisfied with its current role.

This must change.

The most important driving force for a new “cyber Europe” could be European industry. At the moment US companies and other companies outside of Europe are dominating the rapidly growing cyber security market.

For example, in the latest list of “cybersecurity companies to watch in 2015” there are few European companies in Top 100. Taking into consideration the European high level in education and know-how level in digital solutions, it is hard to understand why European companies are not among the most successful cyber security companies globally.

At the moment there is a special opportunity to European companies because there is a lot of suspicion in the market towards cyber security products from the United States, China, and Russia.

European companies would be able to enter the market as a more trusted partner.

If Europe would appear as an innovative and trustable solution provider in cyber security, Europe would be taken also more seriously as a cyber power.

US dominance

Europeans are very dependent on foreign internet services, especially GAFA, which stands for Google-Apple-Facebook-Amazon. For example, nine out of 10 Internet searches in Europe use Google.

Where are European alternatives for these companies? Nowhere. This dominance should worry Europe, even if the current situation works fairly well.

In the US, Google, Apple, Facebook, and Amazon are generally praised as examples of innovation and the same kind of innovativeness must be encouraged and supported in Europe.

The question is not only how much Google, Apple, Facebook, and Amazon dominate every facet of our lives, but also how important and precious the data they possess is in today´s world.

This data should be understood as a part of cyber power - and Europeans are letting it go abroad.

Europeans should be more cautious about the use of their private data, which is safer in the same continent where the people are - Europe.

Europe must stop being a secondary actor in the new digital world. If it wants be a credible cyber power in global scene and also increase the political interest in cyber security issues, European cyber security companies and digital platform industries must transform themselves and become more competitive.

It is also the job of politicians and lawmakers to protect both European industries and European digital rights.

Cyber security issues should be brought also more actively in to the political discussions in European governments and Europe must impress clearly its own policy to topical cyber security questions.

Europe must take a stronger role in global cyber security, which is becoming an increasingly important strategic arena.

Jarno Limnell is a professor of cybersecurity at Finland’s Aalto University and vice-president of Insta DefSec, a private firm