Editorial: Cybersecurity - Europe Leads The Way

The world of tech in divided today into two giant blocs that determine where the ship is headed and who profits most. As in many other areas, the United States and China seem locked in an epic struggle for predominance, and IoT strongly feels the effects.
So, what role does – or can – tiny Europe play, crushed between these two titans? Maybe a bigger one than many believe.

Take the EU Cybersecurity Act (CSA), which author Stian Overdahl dissects in detail in the title story of this issue. For the very first time, it establishes common standards for the safety and security of computers, networks, and software that are binding, at least within the territory of the European Union.

Trade is now so deeply interlinked that a single cargo ship stuck in the Suez Canal can cause the complete disruption of global supply chains. Europe is, in effect, causing a similar chain reaction by establishing standards that the rest of the world must follow. The fact that the European Union is the second-largest economy in the world and that trade within the Union accounts for more than one-third of the world total means that, as a bloc, Europe boxes far above its weight in terms of global power.

What Europe says goes in many areas. Think of the much-maligned General Data Protection Regulation (GDPR), which is, by far, the toughest privacy law in the world. Though it was drafted and passed by the European Union, it imposes obligations on companies and organizations everywhere that target or collect data relating to Europeans.

The same will go for the evolving body of laws and regulations on cybersecurity. The ISO Common Criteria, a standardized framework with which computer companies can specify their security targets in terms of functional security and assurance requirements, Europe accounted for 1,612 such schemes, the US only 67 – and China doesn’t even show up. Ignorance is no excuse and even Chinese manufacturers will have to follow Europe’s lead, especially if the currently voluntary CSA rules become mandatory. Talk in Brussels indicates that this will happen sooner rather than later.

The trend is clear – hackers and cybercriminals aren’t going to let off exploiting what is an increasingly lucrative activity, especially as technologies such as artificial intelligence make it even easier for them to mount mass attacks and deploy more effective methods.

And despite moves by legislators to introduce standards that are consistent across the bloc, companies themselves need to step up and to take responsibility for their own network security. That requires more investment by private companies – both in ensuring that their technology is up to date, but also in training staff and engaging with specialist service providers such as cyber risk insurers.

The alternatives – such as in the case of Pilz Automation, who are interviewed in this edition – are not worth contemplating.

Europe also needs to build momentum in this space when it comes to innovation. There is the crucial issue of a “brain drain” of skilled workers. For years, many specialists have relocated to the US to complete research or fill lucrative roles working for Big Tech.

Complementing the regulatory overhaul in the EU is a ramp-up in spending and investments, including a network of security operation centers to monitor and anticipate network attacks, a major new European Cybersecurity Competence Center, expected to be located in Bucharest, and even deployment of a secure quantum communication infrastructure (QCI).

Nevertheless, it remains to be seen how effective such measures will be, and whether the EU will emerge a trailblazer – or if it’s just playing catch-up.

READ MORE ARTICLES