EU official: the internet was not built for cybersecurity


Society can be cyber resilient only if it is fully digitized. Further, cybersecurity should not come at the price of losing internet freedom, experts at the EU Cyber Forum said.

“The Internet was not built for cybersecurity,” said Juhan Lepassaar, the executive director of the EU Agency for Cybersecurity.

While introducing the security measures, we need to make sure that the internet retains its role as a promoter of peace and freedom, he elaborated.

ADVERTISEMENT

Director General of ETNO Lise Fuhr said that Europe has to put ethics at the heart of every technology and to be very mindful of internet freedom and privacy.

Risk-based approach

Juhan Lepassaar argues for a risk-based approach globally, nationally, regionally, and individually.

To build cyber resilience, every economic actor - from producers and manufacturers to consumers and citizens - should consider carefully how they interact with digital systems while buying or selling anything online.

“What are the risks? How can we mitigate them?” asked Juhan Lepassaar. When online, he argued, we should behave like we do before crossing a street - first to look left and right for any passing cars.

“These things need to be ingrained in the educational system so that people become aware of the risks, and they also can take mitigating actions themselves,” he said.

The internet was not built for cybersecurity, but we need to make sure that it becomes cyber-secure without losing its value as a promoter of peace, freedoms, and openness,

said Juhan Lepassaar.

Luhan Lepassaar stressed the importance of internet freedom.

ADVERTISEMENT

“This is something essential. The internet was not built for cybersecurity, but we need to make sure that it becomes cyber-secure without losing its value as a promoter of peace, freedoms, and openness,” he said.

Meanwhile, every manufacturer should make sure the product they are putting into the market is reasonably cyber-secure.

“We are not talking about absolute cybersecurity. It can’t be attained anyway. We need to talk about a certain level of insurance so that when consumers buy these products or interact with these services, they can be reasonably assured that these interactions will not be misused, that the data is not going to be hijacked, that personal privacy is protected,” he said.

ENISA tweet screenshot

Does resilient mean fully digital?

“There’s no society that’s resilient unless it’s fully digitized,” Lise Fuhr, director general of European Telecommunications Network Operators' Association, said at the EU Cyber Forum.

“How many people could we have diagnosed in a timely manner if e-health was already a reality across Europe? How many SMEs could have survived lockdowns if they were on the cloud?” she elaborated.

According to Lise Fuhr, it is essential to put ethics at the heart of technology and be very mindful of internet freedom and privacy at the same time.

“Connectivity is more than just another service. In times of lockdown, it was a lifeline to many people. Just think of teachers and students, also businesses, and, of course, healthcare providers,” she argued.

When governments around the world start asking telecom operators to shut down the internet, this is a bad sign for societies - from Hong Kong to Belarus. We’ve witnessed too many such requests, and they are truly troublesome. We need European diplomacies to work so that internet freedom is not curbed, and telecom companies are protected from these bullish requests,

said Lise Fuhr.
ADVERTISEMENT

If world leaders postulate that societies are more resilient when they have access to digital services, we “need to do everything in our power to ensure that networks are inclusive for all.”

Also, while building a resilient society, it is important to think of internet freedom and human rights.

“When governments around the world start asking telecom operators to shut down the internet, this is a bad sign for societies - from Hong Kong to Belarus. We’ve witnessed too many such requests, and they are truly troublesome. We need European diplomacies to work so that internet freedom is not curbed, and telecom companies are protected from these bullish requests,” she said.

Technologies, such as 5G and fiber, will make societies more resilient. It will contribute to the stability of networks, and they will become more energy-efficient and less pollutant.

But first, you need... electricity

Cyber resilience goes far beyond the cybersecurity aspect, reckons Katherine Getao, chief executive officer of the ICT Authority in Kenya.

“There’s the resilience of infrastructure. Energy became an issue because you do need an energy source, an electricity source, and in Kenya, not all regions have good electricity,” she explained.

So it’s hard even to start talking about cyber resilience when it’s hard to get on the network.

“If you are just having a conversation, and the network breaks, usually you can wait until later. But if you are doing an examination, or you are listening to an important class, or it is a government business meeting, and the network breaks, then you can have very deleterious consequences for the actors involved,” she explained.

So, to build a cyber-resilient nation, first, you need to build resilient infrastructure, hardware, networks, and policy.

ADVERTISEMENT

There’s the resilience of infrastructure. Energy became an issue because you do need an energy source, an electricity source, and in Kenya, not all regions have good electricity,

said Katherine Getao.

“We also need resilient people who have the capacity to use these networks,” said Katherine Getao.

She explained how Kenya faced major challenges during the COVID-19 lockdown. For example, teleconferencing became a whole new realm as people didn’t know how to do it properly and safely.

“Are you required to tell people that you are recording a session? Are people careful about who they are allowing into the session? Now we have waiting rooms, but before people would just log in, and, if the chair was not aware that he needed to look at the list of participants, an intruder could easily get into that session and listen in to government business,” said Katherine Getao.