Cybercrime is a serious matter. The ability to protect and secure citizens and enable them to trust the Internet are however critical elements for economic development. In striving to reach this aim we must ask many tough questions; what should government and industry be doing to secure the IT infrastructure? How much should we invest and how? And should any investment be in technology, infrastructure or people? Or all three?
The cybersecurity strategy of Cecilia Malmström: a daring simplicity
On the surface they seem like such easy questions to which the answer is ‘yes’. But, as ever, the devil is in the detail and the good news is that. The "EU Internal Security Strategy in Action" adopted by the Commission on 22 November and presented by the Commissioner Cecilia Malmström provides the context and insight we need to start working out such details. One of the five pillars the strategy entails is to “Raise levels of security for citizens and businesses in cyberspace”. What is commendable, in my view, is that the Commission resists the temptation to enumerate or prioritize the threats that should be addressed, and focus on the actions:
- Lack of expertise – and lack of training programs to build and maintain this expertise
- Lack of data – and lack of ways for citizens and industry to report the incidents they see
- Lack of communication – and lack of platforms where law enforcement and the private sector can meet and share information under the rule of law.
Protection our society from attacks is a battle like any other. To win you need:
- Well trained personnel
- Intelligence and data on your opponents, and
- Effective communications between those who have the data and those who need it.
Although we still have much to do in the struggle to beat cybercrime, we welcome and actively support the European Commission’s strategy in many different areas, such as:
- To build expertise, Microsoft has been a founding industry member of the 2CENTRE project, a network of national centres of excellence against cybercrime bringing together academia, law enforcement and industry, co-funded by Directorate General Home Affairs. Today it is about to start in Ireland and France, Belgium should follow in a matter of a few months, and already other countries outside Europe look at this concept as a promising solution.
- To provide data, Microsoft chairs Signal Spam in France, a spam reporting centre bringing together the industry players that make up the email ecosystem - access providers, email marketing senders, security vendors and authorities, from data protection authority to law enforcement and including the networks security agency. Canada is about to launch a similar centre in 2011, and Signal Spam will be presented to the European Commission to see how its concept could be expanded in more countries in Europe.
- To provide a platform for communications, Microsoft was the first company to work with the Directorate General Home Affairs in launching CICILE, the Contact Initiative against Cybercrime for Industry and Law Enforcement.
2CENTRE, Signal Spam, CICILE, are three projects which are the result of many years of discussions with many other experts from industry and law enforcement. These projects are still in their infancy, they all need to grow and develop, but as small as they are today, they propose a new way of working together between industry and the public sector, and they are aligned with the strategic objectives of the European Union. For these very reasons I believe they will help to support the European Commission address the core issues of expertise, data and communications.
We look forward cooperating with the European Commission in strengthening the security in Europe.