The European Commission steps up its efforts to tackle cyber threats

The European Commission has signed an agreement to launch a new public-private partnership that will see EU member states working with private cybersecurity firms. The partnership is being launched as part of a series of new initiatives to better equip Europe against cyber attacks and make its cybersecurity sector more competitive.

The partnership involves the EU investing an initial sum of €450 million under its research and innovation programme Horizon 2020 with cybersecurity market players, represented by the recently formed European Cyber Security Organisation (ECSO), investing three times more than this. 

With these combined contributions the total investment amount is expected to reach 1.8 billion by 2020. This money will be distributed to businesses, universities, and researchers interested in investigating cybersecurity problems in order to “foster cooperation at early stages of the research and innovation process and to build cybersecurity solutions for various sectors, such as energy, health, transport and finance.” The first calls for proposals is expected to be announced in 2017. 

There are a number of areas that the European Commission says the partnership will aim to focus on, including technical issues such as improving the security of the cloud infrastructure and securing individual identities online, as well as some non-technical issues like improving and developing the skills of individuals in the field. 

Due to the results of the Brexit vote,  Kevin Bocek, Chief Security Strategist for cyber-security experts Venafi laments that British cybersecurity firms are set to lose out on the benefits of the investment. 

However, he also says that there are concerns over whether or not the investment is going to be directed to the right places: “One of the key areas identified that the public/private partnership will focus on is ‘securing identities online’ – however, I think beyond this they need to recognise the need to secure identities of machines, software, devices and the foundation internet itself, not just people. ”

Bocek says that beyond securing individual identities, we must secure the digital certificates and cryptographic keys used to authenticate our systems. If we don’t secure these certificates and keys, Bocek thinks that there’s a real danger terrorists could begin to use them against us and “use the internet to take control of physical assets ranging from cars to planes to power plants and even the slew of devices that are now starting to control our homes [...] This is the cyberweapon of the 21st century that strikes at tricking identities of software and devices. This is what we must focus on, not just people.”

That said, it’s not just individual project investment that Britain will be missing out on – a further aim of the partnership is to support and facilitate strategic cooperation between EU member states through the Network and Information Security Directive. The hope is that a more open approach to exchanging information will strengthen Europe against large-scale cyber attacks.

Andrus Ansip, Vice-President for the Digital Single Market, said: “Without trust and security, there can be no Digital Single Market. Europe has to be ready to tackle cyber-threats that are increasingly sophisticated and do not recognise borders. Today, we are proposing concrete measures to strengthen Europe's resilience against such attacks and secure the capacity needed for building and expanding our digital economy.”

Comments