xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 01.06.2011 BUDAPEST

1. ROBERT HAVAS VP Strategy and Business Development SecurityChairman of EOS(European Organisation for Security xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 01.06.2011 BUDAPEST

2. The cyberdefence capability in Europe: the rationaleof the mutualisation • Cyberattacks target citizen, critical infrastructures, government networks and IT, defence forces • Cyberdefence has therefore tight connection with sovereignty, blurring limits between security and defence • Speed of reaction should be very high: addressing cyber-threats and answering to cyber-incidents require the creation of a rapid reaction force, where “speed” is the operational word. • For these reasons,a top down centralised National or European approach is not feasible: each organisation has to put in place its own defence and deterrence system, sometimes also proceed to counterattacks(CERT‘s), the drawback being a fragmented approach. • Nevertheless, the concentration, at National level and/or European level, of expertise and tools, at disposal of everybody, is a must: from here comes the idea of Cyber Centers Title / Name

3. The European Cyber Center • Great countries can afford to build these centers, gathering experts and tools(example of ANSSI in France, now with extended competences and increased budget) • Smaller countries can not all afford it, by lack of the critical mass: the only way remaining is the mutualisation at EU level and/or NATO level • There are two practical ways to mutualise intelligence, expertise and tools: • Under a NATO umbrella • Under a EU umbrella The two ways may be different from mission and law enforcement point of view, but having more than one center helps to pool intelligence and expertise Title / Name

4. The missions of a EU Cyber Center • In practice both implementations will coexist, the multiplicity of competences and missions will not allow to choose one or the other exclusively • Mutualisation, through a EU Cyber Center, will concern all the MS’s, even those having implemented their own National capabilities • On top of that, a trans-atlantic cooperation may be activated • Smaller countries such as Hungary should play this kind of card, not neglecting nevertheless to keep some expertise at National level, to be able to take profit out of the EU Cyber Center and be able to interact with. Title / Name

5. What can this center not be ? • A cyberdefence capability: this center will not be the target of cyberattacks • A cyber counterattack capability, at least at the beginning, later on it could assist any MS on its request • What could be the missions of such a center ? • Security incidents are of multiple natures; victims are not willing to share their experiences, but their attitude is slowly changing ;it is important to address the standardisation of the incident descriptions in order to elaborate common defence strategies • A forensics capability: attacks and incidents are more an more sophisticated and heterogeneous, a common forensics toolbox could be of big help for the experts of the different MS’s Title / Name

6. 3. Cyber incident taxonomy elaboration and associated conformity tools Exchange of information and experience sharing is essential for: • improving the information systems resilience by sharing the most important information concerning alerts, • sharing the analysis efforts and conclusions concerning the impact grade of a new vulnerability. • To allow for a rapid sharing of critical information between experts, a common taxonomy has to be implemented • 4. Cyber Security Open Source Intelligence : Open source intelligence tools should focus on the cyber security threats in order to detect early on suspicious activities 5. A Cyber Defence training capability In order to get the appropriate behaviour in case of a cyberattack, IT operators have to get appropriate training and share experiences Title / Name