In the last decade, we have seen a transformative change for the Internet. It has gone from promise to delivery; from a technical novelty to the backbone of our economy and society. But that ever greater usage carries an implication: in tomorrow’s world, if the Internet is not secured, nothing will be.
Every day, the digital ecosystem boosts productivity, drives innovation, and stimulates growth and high-quality jobs. In future, it will be not just a tool for social interaction and economic transaction: but will encompass more and more services, health and social care, education, transport and energy grids. In that world, a resilient and smooth Internet is essential to a stable and growing economy.
At the same time, threats are growing. Attacks are going up, more numerous and more serious. From those doing it for publicity or notoriety, to those involved in organised crime, spying or outright warfare.
We all need to take responsibility on this issue. So we need to act strategically, to give it attention at the most senior level, and we need to work together.
That includes the public and private sectors cooperating. The private sector owns or controls the majority of ICT infrastructure and is home to nearly all the ICT expertise. No plan for cyber security can ignore this fact. Because sometimes we need to share information on threats, on risks, on vulnerabilities. Sometimes that information is sensitive, I agree. But we need to be able to exchange good practices and provide each other with solutions.
Plus, users also have to be actively engaged in securing the Internet. Some users may be unaware of the risks they run online, but their actions, or inaction, may have real consequences for themselves and others.
And we recognised this importance back in 2009, when we set up the European Public-Private Partnership for Resilience, the so-called “EP3R”; as part of our strategy to protect critical information infrastructures.
EP3R is a forum where we can work together on these kinds of issues. Where sectors, private and public, can cooperate on strategic issues of the EU’s security and resilience. Where we come up with a common understanding of how to provide e-communications, continuously and securely. And how we can equip ourselves to deal with large-scale disruptions and botnets.
What’s more, because EP3R is European, we can deal with threats and attacks even when they cross borders – as they so often do. Because online attackers, online criminals hardly care which country you are based in: they will just look for the weakest link in the chain, and go for it.
But threats can cross more than just national borders; they can also cross the Atlantic. So we need to act internationally. And we’re doing that too. We’ve set up a joint EU-US Working Group on Cyber-security and Cyber-crime. It’s making significant progress – again, including on a common approach to Public-Private Partnerships. Here to read more.