by Dr. Thomas Kremer*
Machines are also increasingly being connected to one another. The Internet of Things is growing faster and faster. These developments give us a unique opportunity to bring the citizens of Europe closer together. And we must not let this opportunity pass us by. At the same time, the digital networks are and will become an increasingly attractive target for criminal or state-controlled cyber-attacks. Deutsche Telekom’s systems have reported up to 70 million different attacks on a single day this year. A new, sad record! And a leap compared to the figures of 2018! Thanks to our efforts, these attacks are not getting through, but the number is vertiginous.
For a company like Deutsche Telekom, but also for all other pan-European or globally active companies, it means being vigilant. Companies develop security strategies across borders, in Europe and worldwide. Cyber security may have been the nerds’ paradise discipline in the past. Today, cyber security belongs at board level, as it does here at Deutsche Telekom. To protect the EU’s digital internal market and the digital sovereignty of European companies and citizens, cyber security must therefore also become a top priority in Europe. With her new team the new President of the European Commission Ursula von der Leyen is responding to this challenge and giving top level attention to Cyber Security. I welcome it.
We talk a lot about the consequences of digitization these days. However, I very much miss a discussion: The European Union must develop into a digital security union.
For this necessary further development, I see us all as having a duty. This is a common task for the EU, its Member States, its citizens and its businesses. Only together we will achieve a better level of security, keep Europe competitive as a strong business location and finally assume a stronger role as a technology leader again.
Networks were and are the locomotive of the European internal market. Network operators are expanding this infrastructure more and more – more bandwidth, more speed. They thus promote growth in Europe and bring people closer together. This requires both strong political backing and forward-looking regulatory guidelines. Then this approach can succeed.
Cyber security is a highly complex issue in Europe. We are looking at a colourful patchwork of European and national regulations. In Europe, for example, we have the Directive on High Network and Information Security, the NIS Directive, the EU Cybersecurity Act and the currently discussed E-Evidence Regulation. A similar picture emerges in Germany. There are the IT Security Act 1.0 and 2.0 and additionally the security requirements for telecommunications network operators of the Federal Network Agency, the Federal Office for Information Security and the Federal Commissioner for Data Protection and Freedom of Information. A comparable patchwork with partly very different security requirements exists in the European finance or energy industry. The situation is similar for security-relevant certifications and the evaluation of products and services. That cannot remain so. This complexity costs us too much strength and speed.
The initiative of the new Commission-President to establish a Single Market for Cyber Security with a Joint Cyber Unit, is a step in the right direction. And it is positive news that a strong Vice-President will be in charge of the Commission’s Digital Agenda. Responsibility, resources and budget need to be concentrated in one hand. The incoming EU Commission attributes highest priority to our Digital Security. The European Parliament should support this policy. We need clear rules for cyberspace that are uniformly applied in Europe. This also requires more efficient EU structures.
Exchange of ideas alone is not enough
On the question of “who should know that…”, we are fortunately one step further. The exchange between the central players in cyber security at state and private level has been intensified and improved in recent years. This applies especially to us in Germany. Nevertheless, significant improvements are still possible and necessary. The dialogue between industry, national supervisory authorities and national legislators is still too national today. This, too, is a direct result of the complicated legislative system. In the process, we need cross-border exchange more than ever on the way to a digital security union. This must be promoted. An agile body of experts consisting of state and business representatives from the EU member states is the logical consequence: network operators in dialogue with national and European institutions, with the task of drawing up concrete proposals. A pure exchange of ideas is not enough! And to avoid misunderstandings: Even in the area of cyber security, sovereign tasks cannot be taken over by private companies.
Looking for European standards
From a technical point of view, Europe’s level of security can be further improved, for example by trustworthy digital identities. Making people and machines unique on the Internet of Things is a prerequisite for secure digital legal and government transactions in the domestic market. And last but not least, this is the basis for citizens’ trust in e-government and digital services. You will already suspect it – here, too, every Member State is pursuing its own approach to solving the problem. That is not enough! Today, European citizens need a European digital identity, and not just ten years from now!
Instead of making cooperation more difficult, European network operators must be made easier to cooperate on security issues in particular. Secure networks are a prerequisite for the digital world, for a secure, digital Europe and for satisfied citizens.
And in general. For the digital space, analogue national borders are almost meaningless. The difference between digital and analogue is too often exploited by organised crime. For example, attacks via the Internet are deliberately launched from abroad in order to disguise the authors and elude access. How do we deal with this? Similar to the Schengen area in the real world, digital border controls can enable unhindered and secure data traffic to and from the EU to the whole world. In the event of a massive attack from outside the EU against the functioning of the internal market infrastructure, digital border controllers can be used to selectively prevent external attacks by means of technical filter lists.
There are still many unanswered questions. But one thing is perfectly clear: digital security is a top priority on the European agenda. Europe needs a shoulder-to-shoulder approach between European institutions and network operators to protect the digital world.
Europe needs a digital security union.
*a board member of Deutsche Telekom Group
**first published in: www.euractiv.com