Policymakers' dinner

Monday, 30 January 2012, 19:30-21:30
Bibliothèque Solvay, Brussels

SDA Director Giles Merritt opened up this policymakers’ dinner with some tough questions about cyber-security: “What costs are involved, who will bear them? How do we balance between public and private? How do we try and create an international fabric of responsibility?” Such questions defy easy answers, but all panellists agreed on one basic principal. As Vice President of the European Commission responsible for the Digital Agenda, Neelie Kroes stated, “we need to exchange good practices, before we run out of time.”

Indeed, time is running out, agreed Assistant Secretary General for Emerging Security Challenges at NATO, Gabor Iklody. He argued that the urgency of immediate action would require new thinking about defence and security. “We should concentrate a lot more on prevention and resilience, the good old concepts of defence and deterrence do not work,” he said.

Continuing, he explained that the ticking clock of cyber-security will not wait for individuals to develop their capabilities, so collaboration is needed to get everyone up to speed. “That means we need to accept that we need help. The private sector own and operate cyber-space, they are the ones who can come up with solutions.”

Speaking from exactly that position, Microsoft Chief Research and Strategy Officer, Craig Mundie, spoke of some radical “home-truths” of the new cyber threat environment. “Defence agencies in the US and NATO are coming to understand that the speed of cyber-attacks, and their scale, is a force of magnitude faster and larger in effect than any classical mode of conflict.” Faced with this unprecedented pace of attack, Mundie was unequivocal.

“Active defence is going to have to occur without people in the loop… we need to think about the design of computers to which we will entrust active counter-measures - without awaiting further authorisation from people.” This, “will require a level of trust in computer systems people will not be very comfortable with”, he added, but that is the price we must pay to catch up with breakneck speed of ICT.

Harry van Dorenmalen, Chairman of IBM Europe, pointed out that time is not all we are out of – we are also out of money. “We all know we don’t have enough money to fix these problems in today’s climate, so we have to find smart and intelligence solutions”, he explained. To the industry representative, such solutions should focus pragmatically on best practices across Europe. “We really need to look at countries and companies that have solutions, that show leadership, and learn from them” In a frank speech, van Dorenmaelen asked some simple questions. “Is this working in the UK, or the Netherlands? If yes, we should take this and use it widely.” Above all, “we need a plan, an approach – there is no more time.”

Finally, Vice President Kroes outlined here priorities in this important policy area. “I want public and private stakeholders to exchange information on attacks and incidents”, because “the credibility of cyber-security in Europe relies on delivery of reports.” Above all, the Commissioner avowed the EU’s commitment to a robust budget in these areas. “We must invest in security technologies and innovation” in “all sectors, at all levels – we need to safeguard the security of the citizen.”