Cybersecurity set to be hallmark of 2017 digital policy

Cybersecurity

9 January 2017. By Magnus Franklin

With the world still buzzing from the suggestion that digital attacks have interfered with the US election, and the prospect of the same occurring across Europe this week, cybersecurity is set to become the leitmotif for EU digital policy officials as they return to work this week.

For EU security chief Julian King, online threats are among the top items on his 2017 to-do list — and it’s not just about fake news and the other cyber-warfare techniques leveled against the US in recent months.

King has pointed to the recent spate of terrorist incidents in highlighting the extent to which novel online tools are used for communications and propaganda by terrorist groups, such as the Islamic State.

The European Commission believes this is the year the EU will have to deliver on expectation to match its cybersecurity rhetoric with action.

But the upshot of all this, inevitably, will be that private enterprise will need to be seen as doing its part. Companies across Europe will have their security protocols thrust into the spotlight, and any mistakes they make will be seized upon, as fodder in a noisy political debate.

An additional factor in the politicization of EU cybersecurity will be the vacancy left by the EU’s digital commissioner, Günther Oettinger, who will this week take over the EU budget responsibilities from departing commissioner Kristalina Georgieva.

Most of the commission’s digital policies have been issued, meaning any replacement commissioner would need a fresh dossier to leave his or her mark on — and cybersecurity could be just the ticket.

It could prove a formidable challenge. Rapid digitalization has meant that society is increasingly reliant on digital platforms and services, increasing its vulnerability to attack.

Both EU and national officials know that having a robust cybersecurity strategy in place is no panacea, but that if ever there was a time to draft such policy, this is it.

In the past, a hacker attack could mean leaked personal details or credit-card numbers, or perhaps a few hours’ downtime for a photo-sharing website or e-mail provider. But future attacks could inflict much greater damage by compromising traffic systems, electricity grids or hospitals connected to the web.

The fact that such a policy is not even on the drawing board buys companies some time, ahead of probable regulatory demands from European lawmakers.

But that doesn’t mean private enterprises are off the hook. Until there is a legislative proposal on the table, any compromised customer databases, denial-of-service attacks or other incident that suggests a company has been slow to adopt the necessary safeguards will get caught up in the politics of the cybersecurity debate.

Ensuring this doesn’t happen is as much a national priority as a European one, which is why the cybersecurity chatter in the corridors of Brussels is being matched by interest in national capitals. The topic is now high on the agenda in London, Stockholm, Paris, The Hague and Berlin.

And if the economic and societal threat wasn’t enough to focus politicians’ minds on the subject, the recent experience of the US — the raft of fake news, e-mail hacking incidents and other events that sought to influence the election — is set to be repeated as the Dutch, French and Germans go to the polls this year.