The cooperation between the EU Member States on the implementation of the NIS Directive, the fight against hybrid threats, and the preparation of workforce for upcoming challenges in cyberspace are the strategic directions for strengthening Europe’s cybersecurity. These are the conclusions of the CYBERSEC 2016 conference. Today, the Kosciuszko Institute publishes a post-conference report wrapping up the event’s main take-away points in four key thematic streams: State, Military, Future, and Business.

“The harmonization of the implementation standards for the EU Directive on security of network and information systems (NIS Directive) by the Member States will play a significant role in the process of building the European cybersecurity system,” emphasizes dr Joanna Świątkowska, CYBERSEC Programme Director.

The document pertains to securing critical infrastructure, comprising hospitals, power stations, airports, or banks, and imposes concrete obligations on operators of essential services. Today, the EU Member States face the necessity to adopt national laws regulating these issues. These regulations should take into account distinct characteristics of individual sectors and specific challenges they are facing; furthermore, the implementation of the NIS Directive will hinge upon several important factors, such as the effective work of the cooperation group comprising the representatives of all Member States, the active involvement of the industry itself, and the role of the European Union Agency for Network and Information Security (ENISA) which needs to be equipped with all the required instruments in order to effectively tackle the threats.

When it comes to challenges in the public sphere, experts highlight the necessity to invest in the cybersecurity sector, which, in turn, can contribute to making economies more innovative. “Along with financial support, it is also necessary to encourage close public-private cooperation, especially on legislation. A dialogue-based action model increases the chances for building a mature cybersecurity system that takes into account the interests of both parties,” adds dr Świątkowska. Apart from regulations, business will also have to self-organise and put constant effort into improving their safeguards.

The authors of the publication argue that the dynamically growing shortage of cyber professionals is one of the biggest threats facing modern states and the private sector today. The problem requires integrated and comprehensive action that will ultimately result in cybersecurity being recognised as a separate field of science. How to achieve this? The experts have identified four stages of this long-term process:

Conversely, in the military domain, the experts urge to focus on countering hybrid threats that can directly undermine the cybersecurity of NATO member countries. In this context, they stipulate that every single member state of the Alliance designates an institution to coordinate national efforts to counter information warfare. NATO should also put more emphasis on learning how to react and respond to unconventional threats, especially at an early stage (phase zero) when the view of the situation is unclear and the signs ambiguous. As we read in the publication, it is necessary to develop early warning indicators, which will require input from different actors equipped with technological, analytical, intelligence, and situation awareness knowledge and skills. Building and rehearsing different scenarios has been recommended as a good practice in this respect.

It needs to be noted that both public institutions and the private sector will play an essential role in solving the problem of terrorists using cyberspace for planning and launching attacks. In order to successfully fight cyberterrorists, state services must not only deploy digital instruments, but also learn how to effectively combine them with traditional methods of investigation.

The Kosciuszko Institute organises the European Cybersecurity Forum – CYBERSEC, an annual conference dedicated to the strategic aspects of cybersecurity.

The 3rd edition of the conference will be held on 9-10 October 2017 in Krakow, Poland.

Download the full text of CYBERSEC 2016 recommendations from here:

 

 

Project co financed by: