100 likes | 121 Views
European Security Policy a snapshot on Surveillance and Privacy DeSSI workshop, CPH 24 June 2014. Birgitte Kofod Olsen, Chair Danish Council for Digital Security. Current Security Challenges. Increase in cyber attacks Easier to conduct cyber crimes
E N D
European Security Policy a snapshot onSurveillance and PrivacyDeSSI workshop, CPH 24 June 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital Security
CurrentSecurityChallenges • Increase in cyberattacks • Easier to conductcybercrimes • Cyberwarreplacingconventionalwar • Impactacrossborders • Potential risk for criticalinfrastructures • Effectscitizens, consumers, nations, organisations and businesses
Threats in Cyber Space 2800 DDOS attackseachday Floods of nuisancetraffic (pings), which - slowsorcrashes the victims’ websites - leavingthem offline - unable to send e-mail, processorders, make bank transactionsor for governments run the country
Surveillance of citizens • Suveillance of criticalinfrastructure by national CERT agencies • Surveillance of data and telecom by National Intelligence Service agencies • Registration of tele and data traffic by Telecom Operators • DK: Willingnessamongcitizens to accept surveillance • USA and EU: citizensoppsingsurveillance
EU Responses • CyberSecurityStrategy of the European Union: An Open, Safe and Secure Cyberspace” (JOIN(2013) 1 final): • Cyberattacks and cybercrime • The protection of fundamental rights is as important in the virtual world as it is in the real world • Trust and confidenceshouldbeimproved not onlybetweenstates, but alsobetween private and public sector • Cooperationbetweendifferent EU policy areas, and promotingcoordinationbetween the military and civilian sides
Priorities • The strategyarticulates the EU's vision of cyber-security in terms of fivepriorities: • Achievingcyberresilience • Drasticallyreducingcybercrime • Developingcyberdefence policy and capabilitiesrelated to the CommonSecurity and Defence Policy (CSDP) • Developing the industrial and technologicalresources for cyber-security • Establishing a coherent international cyberspace policy for the European Union and promotingcore EU values
Network and Information Security (NIS) Directive • The proposedDirectivelaysdownmeasuresincluding: • (a) Member State must adopt a NIS strategy and designate a national NIS competentauthoritywithadequatefinancial and human resources to prevent, handle and respond to NIS risks and incidents; • (b) Creating a cooperationmechanismamongMember States and the Commission to shareearlywarningsonrisks and incidents through a secureinfrastructure, cooperate and organiseregular peer reviews; • (c) Operators of criticalinfrastructures in somesectors (financial services, transport, energy, health), enablers of information society services (notably: app stores e-commerce platforms, Internet payment, cloudcomputing, searchengines, social networks) and public administrations must adoptrisk management practices and report major security incidents ontheircore services.
EU RegulationonPersonal Data Draft General Data ProtectionRegulation 2012 • The new proposalswillstrengthenindividualrights and tackle the challenges of globalisation and new technologies • Context: • Rapid technologicaldevelopments have brought new challenges for the protection of personal data. • The scale of data sharing and collecting has increaseddramatically. • Technologyallowsboth private companies and public authorities to makeuse of personal data on an unprecedentedscale in order to pursuetheiractivities. • Individualsincreasinglymakepersonal information availablepublicly and globally. • Technology has transformedboth the economy and social life. • Building trust in the online environment is key to economicdevelopment. • Lack of trust makesconsumershesitate to buy online and adopt new services.
CyberWar – a new challenge? • Cyber actions and attacksagainst nations and their administrations • Come as part of a coordinatedassaulton a nation or as a malicioushacker’sidea of a joke • distributeddenial of service attacks (DDoS) • computer viruses • spying and infiltration • A need for international regulation of cyberwarfare?
Contact info www.digitalsikkerhed.dk Chair and Vice Chair birgitte.kofod.olsen@digitalsikkerhed.dk shehzad.ahmad@digitalsikkerhed.dk Secretariat bjorn.kassoe.andersen@digitalsikkerhed.dk