European Cyber Security Conference, “Securing the Internet Economy”/Brussels – 16 May 2013
Good morning Ladies and Gentlemen,
Cyberspace, and the internet in particular, have become an integral part of our lives. It is difficult to imagine how we ever existed without it, and the value of an open and free Internet is enormous.
However, the anonymity that cyberspace provides, the possibility to connect with almost anyone, anywhere, also brings with it a certain risk. Criminals can easily abuse these structures for their gain.
Today, they simply rent a “botnet”, a network of infected computers, in essence harnessing your and my computer’s processing power to send millions of spam messages and hacking attacks, targeting thousands of computers in hours to steal our identities, information and money.
The economic opportunities that cyberspace offers not only for legal but increasingly also for illegal activities have not gone unnoticed by criminals.
Our citizens are increasingly worried about cybercrime; Eurobarometer surveys point to growing levels of concern about cybersecurity, with 74% of respondents stating that the risk of becoming a victim of cybercrime has increased in the past year. One in five users says that the fear of cybercrime makes them less likely to shop online. In essence, the digital economy falls short of its potential.
The EU cannot remain inactive in face of this threat to our economic and social wellbeing. So we took inspiration from several EU member states which had produced cybersecurity strategies, and adopted a Communication on an EU cybersecurity strategy this February. When I say “we”, I mean my colleagues Vice-President Neelie Kroes and High Representative lady Catherine Ashton, who led the work on this strategy together with me.
The strategy has two overarching purposes. It provides a basis for greater cooperation between the different actors and – most importantly – shows the direction for future work.
In terms of content, the Strategy clearly affirms that there is no trade-off between security and freedom online. However, freedom in cyberspace must not be equated with impunity. For cyberspace to remain open and free, the same norms, principles and values that the EU upholds offline should also apply online.
We hope the EU strategy will enable a step-change in how we ensure cyber security. It is based around three main elements:
1. Drastically reducing cybercrime, I will expand on this point shortly;
2. Enhancing our cyber security resilience and response capabilities. This will require new legislation on companies reporting cyber-attacks.
One of the main features of this legislative proposal by Vice-President Kroes is an obligation on authorities that receive notifications of cyber incidents, to report to law enforcement incidents that are suspected to be of a serious criminal nature.
We expect this obligation – if and when adopted – to have a strong impact on one of the biggest hurdles in the fight against cybercrime: the current level of illegal activity that is simply not reported to the police.
3. Supporting the use of Internet as a freedom tool and building cyber security capacities around the world. An EU cyber defence component will also be developed.
While all three elements of the strategy are equally important I will focus here on how we can improve the EU’s capability to fight cybercrimes.
A central actor to help law enforcement in this fight has just been created four months ago, when I inaugurated the European Cybercrime Centre – EC3 – in the Netherlands. The EC3, being part of Europol, will strive to be the European focal point in the fight against cybercrime, equipped with state-of-the-art technology and a strong team of highly-qualified personnel.
The Centre will fulfil its mission by helping Member States to dismantle and disrupt more cybercrime networks.
– It will develop detection and forensic tools for cybercrime investigators;
– It will provide specialised threat assessments; and
– It will offer more focused training for law enforcement, judges and prosecutors. Here to read more.
