THE EUROPEAN – SECURITY AND DEFENCE UNION
We need more efficient cybersecurity capacity building worldwide
Cybersecurity should be considered a transversal issue in development and cooperation
by Carlos Bandin Bujan, Programme Manager, DG DEVCO, European Commission, Brussels
E
ver-evolving Information and Communications Technologies (ICT) have revolutionised the way we live and interact in our society. Over the past 20 years, ICT has evolved to become in many cases a determining element in a variety of policy areas. Cyberspace provides the underlying platform for development, distributing transformative digital technologies, with profound global implications and many human, economic as well as social benefits1.
Our vulnerability to intrusion and manipulation Nowadays, two thirds of internet users are said to live in the developing world, where access to the internet is growing almost four times faster than in developed countries. It is estimated that by 2020 the number of devices connected to the internet will reach 50 billion – all potentially vulnerable to intrusion and manipulation. Businesses, banks, utility services, critical national infrastructure, and government agencies – all rely on IT systems to provide a flow of information that enables fast delivery of services across national and international territories. But these, and even our personal social media systems and personal appliances, leave us more exposed to potential harm. Nevertheless, there is increasing awareness that the benefits of ICT cannot materialise in a vacuum. The increased number
28
of cybersecurity incidents that cause major economic damage to the global economy and security underscore the need to prioritise measures addressing such threats and promote secure digital services and infrastructure. The landscape of threats can be categorised into three main areas: • The threat to critical infrastructure: due to the increasingly digitalised environment we operate in, it has expanded in scope in comparison to a decade or more ago. Potential damage of this typology of security incidents can cause thousands if not millions of casualties and/or billions of losses; • Online criminal activity (cybercrime) in relation to digital content, ranging from ID theft and non-cash payment fraud, to online terrorist propaganda and child exploitation etc., and last but not least; • Cyber as modus operandi and enabler of many other threats, including hybrid attacks. This is particularly worrisome with the prominence of the crime-as-a-service business model.
The EU Cybersecurity Strategy In the 2013 EU Cybersecurity Strategy and its 2017 revision, it is highlighted that external cyber capacity building is a strategic building block of the EU’s cyber policy. This was also brought forward as a key ingredient in the 2015 European Agenda on Security. It also contributes significantly to creating operational cooperation frameworks between partner countries and the EU (ensuring an internal-external security nexus), which ultimate-
