During last week’s EuroDIG, Olaf Kolkman and Tatiana Tropina moderated two animated and interactive sessions on the state of cybersecurity in Europe. The first session looked at the current initiatives in the area of cybersecurity, while the second focused on the possible ways forward.
Cybersecurity remains a topic that is hard to define. The discussion touched upon technical, governance and rights elements, and flowed between baseline principles and different operational aspects. The lack of clear definition makes the assessment of European cybersecurity efforts difficult, but our moderators succeeded in teasing out some of the good practices, concerns and frustrations that the participants had.
The participants recognised openness and transparency as fundamental, underlying principles for cybersecurity and as building blocks for trust. The multistakeholder model and rule of law based on democratic decision-making processes are already mainstream practices in most parts of Europe, but to what extent do they really prevail in the area of cybersecurity? The recent EU regulatory and policy initiatives on cybersecurity are a result of a democratic process. Open standards and the Internet Engineering Task Force (IETF) represent a good practice as a transparent way of setting a global technical baseline for security. However, it was not so easy to find good practices reflecting these overarching principles in the world of governance. Many, especially government-led, cybersecurity platforms or partnerships are still not by default open to all, and those that are open tend to be fragmented and publicized within trusted communities.
So how can we continue to build trust between the different communities in Europe for the benefit of a more secure Internet? Users worry about identity and control of their own data, which raises questions vis-à-vis the private sector and government. The European public appears to partially expect that Internet security is a matter to be dealt with by governments. In the real world, however, Internet operators and companies are the first line of defence against cyber incidents. And users carry an important responsibility over their own behaviour and actions on the Internet. Hence, awareness raising and capacity building are key elements of a more secure Internet. The technical community can also help build bridges between different communities through training of, for example, law enforcement and other government departments.
During the sessions a couple of participants asked: should we reboot cybersecurity in Europe? Building common security strategies and solutions is a slow process, but there are clear signs of improved collaboration between the different stakeholder groups. The Internet is a decentralised network of networks, and there is no one-size-fits-all solution to cybersecurity and no single party that can provide the solution. Building trust in the Internet; shared responsibility; and solutions built by consensus are in the heart of the Internet Society’s Collaborative Security approach, and these characteristics are reflected in the European discussions. So should we reboot? This is not necessary – we are already on the right track.
Image credit: Olaf Kolkman on Flickr