A European cybersecurity ecosystem
Europe’s continued ability to provide important public services and promote economic development is heavily dependent on digitalisation and information and communication technologies. However, the digital infrastructure required to enable this is increasingly becoming a target for attacks aimed at simultaneously undermining democracy and influencing governmental processes. Furthermore, the exposure of European citizens to disinformation and fake news is a major challenge; especially when physical events are coalesced with cyber-attacks and fake news, so called hybrid threats. To meet these challenges, the EU has launched the CONCORDIA project with the aim of building a European cybersecurity competence network. RISE and Ericsson are Sweden’s representatives in the CONCORDIA consortium.
In October 2016, a major cyberattack was conducted when the Mirai botnet closed down a large part of the internet, which affected Twitter, Netflix, CNN, leading Russian banks and all of Liberia. The attack used connected devices or Internet of Things (IoT) devices, such as surveillance cameras, to redirect internet traffic to data centres run by the company Dyn.
– “The Mirai attack served as a real eye-opener,” says Shahid Raza, Director of Cybersecurity at RISE. “Together with the attack on the power grid in Ukraine in December 2015, this showed that important societal functions and not just IT systems can be subjected to cyberattacks.”
Important step in cooperation
In December 2017, the EU institutions took an important step to strengthen internal cooperation in the fight against cyberattacks, and in 2018 the European Council launched negotiations with the EU Parliament to reach an agreement on the EU Cybersecurity Act, a law on cybersecurity certification for information and communication technologies.
In January 2019, CONCORDIA was launched as one of four pilot projects aimed at strengthening the EU’s cybersecurity capacity. In this context, CONCORDIA will focus on the establishment of a common EU competence centre for cybersecurity and cooperation within cybersecurity to build ecosystems that enhance research, development and innovation within the EU.
– “Currently, CONCORDIA is a consortium of 46 partners from 14 EU Member States, but another 10 have agreed to come on board with their own resources,” says Shahid Raza. “RISE is one of the Swedish partners, as is Ericsson. Among other topics, we work on cybersecurity for Internet of Things and AI, but with Ericsson’s involvement, security for telecoms and 5G also falls within our remit. RISE also sits on the management board for the whole of CONCORDIA and can in this way be involved in bringing Swedish perspectives into European work.”
‘Full stack security’
CONCORDIA’s work addresses all aspects of cybersecurity, known as ‘full stack security’.
– “We work with everything from cybersecurity for devices such as connected vehicles and surveillance cameras to network security, security for systems and software and application security, for instance services such as Dropbox or Office 365,” explains Shahid.
On top of the technical elements, there is also user-centric security, which may be the most important element of all.
– “Unfortunately, people are often the weakest link in a security system,” says Shahid.
Digitalisation relies on cybersecurity
At a time when digitalisation is becoming a feature of practically all aspects of society and is advancing at a furious pace, cybersecurity too is rapidly growing in importance, both in Europe and in Sweden.
– “Sweden undoubtedly leads the way when it comes to digitalisation; we are number 2 in the world and number 1 in Europe. But at the same time, when it comes to cybersecurity, we are way down in 32nd place. If we want to continue digitalising and taking advantage of all the benefits that digitalisation brings, we have to improve our cybersecurity culture and defences,” concludes Shahid Raza.
(by Shahid Raza, RISE)