Each year, the European Cybersecurity Forum – CYBERSEC becomes a platform of dialogue on the most pressing challenges of the digital world. During lively onstage discussions, thought-provoking presentations and inspiring interviews, the holistic community of professionals and experts share their insights on strategic aspects related to cybersecurity. This year, debates were once again deeply informative, constructive and delivered highly valuable content. The leitmotif was Securing the World’s Digital DNA. It is not just a slogan – it is a call to action!

In times of the pandemic, when most of social and business activities moving to the Internet, cybersecurity becomes more essential than ever. CYBERSEC Team is honoured to present CYBERSEC CEE 2019 Recommendations & Key Takeaways, that aim is shaping policies, improving strategies and securing the World’s Digital DNA!

The publication contains the set of actionable and tangible recommendations that aim at shaping policies and improving strategies.

Key players, including public bodies, need to take a proactive approach and lead the way in adopting a responsible behaviour to tackle cybersecurity challenges, says the Kosciuszko Institute in the CYBERSEC 2019 recommendations.

It is in the common interest of like-minded countries and the international community to ensure the cyber peace and stability; all multilateral approaches that we are currently witnessing are the proof of that. Private companies and civil society, which are key players in the cybersecurity ecosystem, are increasingly contributing to the debate underlining the need to reach the international consensus.

In the process of developing norms of responsible behaviour in cyberspace, the questions of capacity building and digital maturity of countries arise. Countries are at different levels of development, face various challenges and have different levels of understanding of the cyber issues. Therefore, the discussion on awareness raising, education and creation of institutional framework is still valid and should be carried on. If like-minded countries want to promote the model of cyberspace which is open, free, secure and accessible, support and assistance in building local as well as national capacities should be provided.

5G will inevitably enable massive development and implementation of the Internet of Things and artificial intelligence solutions. It is of the utmost importance to demand that the producers create and deliver products which are secure by design and by default.

We should look beyond 5G and take advantage of the political will that developed around the subject. As 5G will also have wider implications for the whole digital ecosystem, including new use cases and applications, it will be a key link in the global ICT supply chain. Therefore, it is a political and strategical opportunity to look into the overall issue of increasing security of the digital supply chain.

Digital networks can’t be dependent on one vendor. Dependency on any single supplier and lack of diversity increases the exposure to a potential supply interruption. Diversification is therefore much needed and there is room for setting specific rules in this area. In this context interoperability will serve as an important factor that may help to avoid the vendor lock-in problem.

Regulations will always lag behind technological developments. A regulation should be designed in a way that is technology neutral. It should not be too prescriptive, but rather principle-based and risk-based in order to be able to properly apply to new technology developments.

All countries, especially developing ones, should encourage the development of their own national cybersecurity talents by designing high-level university programmes and building strong links between the universities and the industry sector. Furthermore, governments should foster the development of national cybersecurity solutions and brands and rely on them as much as possible to reduce dependency on foreign players.

It is crucial to ensure the security of the whole supply chain in the defence industry. Dependencies on foreign manufacturers are a major concern and it is a matter of policies and strategy to tackle this threat.
Three recommendations to implement:

  • use products of national origin or coming from allied countries;

  • buy proven products directly from reputable manufacturers from allied countries;

  • buy through reliable intermediaries to limit the possibility of interference between the buyer and the seller.

The concept of “smart city” should go hand in hand with that of “digitally secure city”. Therefore, cities need to adopt a digital safety mindset that includes:

  • plans, protocols and personnel in place as well as intelligence and data-driven tools to detect and prevent strikes before they start;

  • a thorough understanding of traffic flows to anticipate and neutralise anomalies;

  • an effort to reduce the attack surface and increase network segmentation in order to ensure that a single point of entry doesn’t collapse the entire city system.

Any attempt to develop a regulation on AI should be preceded by a thorough research about the actual state of play of the technology. Only a deep analysis will enable to draw up a regulation that protects the fundamental human rights and values and does not jeopardise progress and businesses which form the pillars of the European economy. The risk of overregulation should be avoided at all costs.