Cybersecurity: What are the risks?

With European policymakers mulling the deployment of 5G, MEPs hosted a public debate looking at how the continent can best prepare its cybersecurity for the digital age. Jonathan Benton reports.
"Cybersecurity: What are the real risks" event in the European Parliament | Photo credit: The Mission of China to the EU

By Jonathan Benton

Jonathan Benton is Political Engagement Manager at The Parliament Magazine

18 Nov 2019

@benton_jon


The fifth generation of communication technologies, or ‘5G’, has arrived, bringing with it the promise of enhanced global internet coverage.

It has the ability to connect everything around us, from our phones and fridges to hospitals and energy grids, driving economic growth and improving our everyday lives.

But there are also concerns that this radical transformation is fraught with risks and Europe may be unprepared for its challenges.

This was the main message of an event in the European Parliament in early November entitled “Cybersecurity: What are the real risks?”

The debate comprised of two panels led by MEPs Maria Spyraki (EPP, Greece) and John Howarth (S&D, UK), with the support of The Parliament Magazine and the Chinese Mission to the EU.


RELATED CONTENT


Kicking off the event, host Spyraki singled out “interdependency” as “one of the main issues that we will face during the implementation of 5G.”

According to a recent European Commission report, due to the interdependencies between 5G networks and many other systems in critical areas like health, autonomous driving, power, water supply and defence, the degradation of 5G services may lead to significant disruptions of these systems.

As such, with so many more goods, services and sectors connected to the internet and dependent on the capabilities provided by 5G infrastructure, their cybersecurity is becoming increasingly important with many panellists saying this can only be accomplished through global cooperation and standard setting.

However, according to Spyraki, the recent Osaka Declaration on the Digital Economy underlined that there are some divisions among countries on the very definition of cybersecurity and its standards.

This is because cybersecurity is seen as a national competence, therefore many are reluctant to share the information needed to enhance global cybersecurity.

China’s director of cyber affairs from the Ministry of Foreign Affairs, Yue Ping, felt that national politics was hindering development, saying, “we must not let fabricated provisional issues get in the way of digital economic development, even less allow political issues that undermine the multilateral efforts to generally improve cybersecurity.”

"We must not let fabricated provisional issues get in the way of digital economic development, even less allow political issues that undermine the multilateral e orts to generally improve cybersecurity" Yue Ping, Chinese Ministry of Foreign Affairs

With Huawei dominating the European market, there are concerns that a dominant foreign player could exploit its position to control others or even leave some countries vulnerable to attack, unless Europe sets out its own rules.

Professor Bart Preneel, a Belgian cryptographer, cyber expert and ENISA stakeholder, said, “We’re so behind that this [cybersecurity] would actually be a way to regain leadership, or at least to catch up.”

However, Portuguese S&D deputy Carlos Zorrinho argued that if the EU wants to compete in cybersecurity it first needs to establish a “digital identity” which encompasses Europe’s shared ethical values, such as transparency and putting citizens’ needs first.

“If Google, Facebook and Amazon want to work here, they can but only as a European company with a European digital identity and our ethics,” he said.

Another risk raised was that of ‘backdoors’ - undocumented portals setup by manufacturers to provide access to a device or network system.

These are also created to provide national security agencies and law enforcement with access to users’ data, meaning that one country might be able to access another country’s data, which in turn raises national security concerns.

This was a recurrent theme in the debate, with one audience member asking, “Huawei is like any other Chinese company, committed by law to cooperate with Chinese intelligence. So, can we build trust and common regulatory frameworks in this kind of situation?”

Ping responded by saying that she believes trust is an important issue, but blamed other countries for creating an atmosphere of mistrust when she asked, “who broke the trust?” The US Mission to the EU was invited to participate in the conference but had declined the invitation.

However, among the audience was Huawei’s representative, Sophie Batas, Director for Cyber Security and Privacy Policy, who said trust was an essential element in developing cybersecurity competence, adding, “We are trying to build trust and we work on any EU approach that does this.”

According to Miguel González-Sancho from the European Commission, cybersecurity is “at the top of the political agenda” and the EU is taking a three-pronged approach using legislation, funding and soft policy to establish European leadership.

"It is crucial to equip citizens with the necessary skills to be vigilant to so many of the challenges and threats encountered on a daily basis. This could well be an area of common ground for the EU, China and the US" John Howarth MEP

The NIS (security of network and information systems) Directive and the forthcoming Cyber Security Act provide legal measures aimed at boosting the EU’s cybersecurity competence and strengthening the role of the European Union Agency for Cybersecurity (ENISA), while greater funding is being proposed for the EU’s upcoming Horizon Europe and Digital Europe research and innovation programmes to look specifically at cybersecurity and competence building.

On soft policy, the Commission representative said work had already begun on a toolbox, or catalogue, of cybersecurity guidance and “mitigating measures” which draws on the input of EU Member State governments and should be available by the end of the year.

However, Professor Preneel was unconvinced by the Commission’s so-called “Cyber Diplomacy Toolbox”, describing it as “another name for common criteria”, internationally-set guidelines and specifications developed for evaluating and certifying the security of IT products.

This is an approach “that has failed for 25 years” and has resulted in “not one digital product being certified by the International Standards Organization,” Preneel added. With more devices connected to the internet, there are more opportunities for exploitation.

Chuck Davis, senior director for cybersecurity at Hikvision, the world’s biggest video surveillance company, warned, “When you buy a smart refrigerator, that means it’s a computer refrigerator … but now the risk has increased greatly when you connect this device to the internet, with 4.5 billion users worldwide.”

Closing the event, UK Socialist MEP John Howarth concluded, “It is crucial to equip citizens with the necessary skills to be vigilant to so many of the challenges and threats encountered on a daily basis, and this could well be an area of common ground for the EU, China and the US.”

This Event Coverage is sponsored by The Mission of China to the EU

Read the most recent articles written by Jonathan Benton - Deal reached on new Belgian government