Launching the EU’s Cybersecurity Strategy press conference /Brussels
We are all here because we recognise the Internet is important: for our economy, for our values, and for our human rights. We all recognise that insecure systems could harm those benefits. And we recognise that we need to work together, within the EU and internationally, to achieve a safe and free internet.
We rely on the internet for ever more services – from shopping and socialising, to healthcare, education, and smart transport.
But the more we depend on it – the more we depend on it to be secure. Staying open and free is essential to online innovation. And there is no true freedom without security – not when you’re walking down the street, and not when you’re online.
As Cathy and Cecilia will demonstrate, there are many different actions to ensure cybersecurity. But they complement each other: for example, to be taken seriously by international partners, we must get our own house in order.
We are all familiar with cyber-incidents and their consequences. From phishing scams and identity theft; to the case of Dutch certification company Diginotar; to the outages for millions that can follow natural disasters like storms.
We need to protect our networks and systems, and make them resilient. That can only happen when all actors play their part and take up their responsibilities. Cyber threats are not contained to national borders: nor should cybersecurity be.
So our strategy is accompanied by a proposed Directive to strengthen cyber-resilience within our single market. It will ensure companies take the measures needed for safe, stable networks.
In the Diginotar case, they did not report that their systems were hacked, nor did they revoke the digital certificates. And that resulted in certificates being fraudulently issued and circulating online; ultimately undermining trust in the system.
Under our proposal, sectors using telecoms networks in ways vital to our economy and society – energy, transport, banking, healthcare, and key Internet companies – would have to manage risks; and report significant incidents, as we already require for the telecoms sector. Here to read more.