“Cybersecurity could be a showstopper”

coding code program coder programming work write man system web network html human hand key secrecy criminal concept - stock image

The European Commission has published recommendations by a group of experts, the Strategic Forum on Important Projects of Common European Interest, to boost Europe’s competitiveness and global leadership in six strategic and future-oriented industrial sectors: Connected, clean and autonomous vehicles; Hydrogen technologies and systems; Smart health; Industrial Internet of Things; Low-carbon industry; and Cybersecurity.

The report has the usual advice at hand, such as strengthening Public Private Partner Ships, a deeper integrated EU internal market or the usual pious hope to become more innovative overall.

But what does the report have in store for us from a security point of view? We think: a lot! Some recommendations we learned from the report as follows. They would indeed be game-changer:

  • Launch a European coordinated action to develop advanced cryptographic functions and protocols (fundamental research, and operational Proof-of-concept). EU has strong research base and cybersecurity ecosystem, but cybersecurity solutions must often rely and work with out-of-EU enablers (such as cloud) or components (antivirus). Technical challenge is to build global secure solutions with untrusted/unsecured components. Cryptography is the key technology to secure digital applications.
  • Take full advantage of the possibilities offered by 5G in terms of security by developing and deploying new cybersecurity applications on 5G. 
  • A pan-European campaign to educate and raise security awareness could also be valuable. 
  • Among the different verticals, EU car industry is a strong asset with world leaders located in the EU. This industry is facing multiple security challenges related to new car functions: connectivity, driverless cars, electrification and connection to smart grids. Cybersecurity could be showstopper.
  • Recent attacks show that hardware is a new entry point for attackers. The vulnerabilities exploiting hardware are hard to detect since they rely on proprietary specifications. The hardware founders could even add back doors (e.g. Hardware Trojan) without being detected by final users. Having an industry of electronic components in Europe would help to maintain strategic autonomy on these technologies. 
  • A roadmap or masterplan is needed, including plans for the development of regulations/ guidelines and policies for advancing the standardization and interoperability of healthcare data across Europe (European standards for HC Data and Health Data Exchange) to link data across multiple sources and to enable health data to be effectively collected, shared, used for learning and innovation at a large scale and a clear and coherent legal framework for collecting, sharing and accessing health data at EU level for research and public health purposes 
  • The question in Cyber security protection level is about Digital Trust. The EU could create its own certificate signature under a relevant certificate Authority name. 

The report concludes that the question in Cyber security protection is about Digital Trust. This should be increased, if  EU would create its own certificate signature under a relevant certificate Authority name. In order to have a true and reliable certification and not only another label with no actual effect, however, a number of things have to change in the European Union. The days of the borderless Internet are long gone. It is time for Europe to start protecting its cyberspace.

The detailed recommendations can be found here. (Download link)