EOS/ENISA - Smart and Secured digital Europe

Introduction and welcome: Michal Boni (8-10 min)

Welcome
Two years ago the Cybersecurity strategy was adopted and it was
first such document in the EU that gathered all aspect of security in
the cyberspace and the first one that tackle all threats to this security,
threats that are different in nature and that are coming from
different directions.
The strategy set 5 priorities: to achieve cyber resilience, to raise
awareness to make sure that people protect themselves and
strengthen the effect of actions taken, to reduce cybercrime, to
develop cyberdefence policy and capabilities, to develop industrial
and technological resources for cybersecurity and to establish a
coherent international cyberspace policy.
A lot has been done but a lot remains to be done or is a constant
action to be taken like raising awareness or develop technical
resources, fighting cybercrime.
In the meantime we have adopted the NIS Directive, the Data
Protection package.
Today, I would like us to talk more about practical implementation,
practical steps that should be taken to make Europe Smart and
Secure.
Developing or strengthening the public-private cooperation to create
necessary tools is needed. And I believe this is one of the examples we
still have to work on. I hope today's event will give us more
information about what is in place, what is needed and what are the
needs from all stakeholders.
All this is necessary as digital economy is growing fast, big data
sector, Internet of Things, Internet of Everything, and Cloud
solutions are developing fast and not waiting for the legal framework.
We do not want that Europe miss the train and loses its chance to be
competitive.
Not missing this train means a great opportunity for the economy,
new possibilities to grow, to develop. New space for companies. The
idea of digital single market works as a multiplier. And gives us the
additional part of added value related to the potentiality of the digital
drivers present in all sectors of the economy. There is not only the
ICT sector development, we can see now - it is the ICT development

in all sectors, all branches of the economy. The doubled added value
is coming from growth of the digital factors in the modern world.
But we need to be prepared for this, not walk in blindly. We observe
the increasing sophistication and complexity of cyber-attacks. It gives
us idea that the dark side of Internet is developing and improving in
skills.
That is why security is the important side of the digital economy
development. It is related to data protection as a necessary condition
for data processing. It is also related to the guarantee, that all
processed data are safe and secure during the processes of their
analysis, crossing, exchanging, comparing under different kinds of
algorithms and under clear standards, and in all storages. The
security and data protection are the same conditions building the
trust, as they are fundamental basis for this, data-driven industry
growth.
I am pleased that General Data Protection Regulation, so-called
GDPR is finally adopted. Now, I believe is time to focus on digital
development, ensuring Europe's competitive position on the global
market without sacrificing our values or privacy and security. I
believe we can ensure that privacy and data protection as well as
high level of security of services become our competitive advantage.
We can even go that far as to call it European legacy, European input
in standards that will, let's hope, become global. I am sure that
consumers should and will demand it from all digital services and
products.
But let's come back to more practical approach.
Today I have a pleasure to introduce our distinctive panelists, Luigi
Rebuffi, CEO of European Organisation for Security. Mr Rebuffi
has years of experience in cybersecurity and EOS is strongly involved
in many initiatives that will lead to building Smart and Secure Digital
Europe. We will learn more today about their flagship initiative on
cybersecurity and other initiatives.
Our second speaker is Udo Helmbrecht, Director of ENISA. I don't
think I need to talk more about ENISA as I believe we all know it
very well. As well as Prof. Helmbrecht with his 35 years of experience
in the field.
As a third speaker, we are happy to host Mr Jakub Boratynski, Head
of the Trust and Security Unit in the DG Connect, European
Commission. We will be more than happy to get to know

Commission's views and plans on how to cooperate with industry and

build on Digital Single Market and make it safe.
And last but definitely not least, Luukas Ilves, Counsellor for Digital
Affairs at the Permanent Representation of Estonia from whom I am
hoping to hear some of Estonian national experience in the matter.
We will start with short presentations from the speakers which will
be followed by questions and answers session.
I would like to ask all the speakers:
How to build the European Digital market that is competitive on the global
market without losing the EU values and standards, for instance
concerning data protection??
How to make the world of privacy and technology meet and understand
each other?
Introductory speeches from the panellists:
Luigi Rebuffi, Chief Executive Officer, European Organisation for Security (EOS) (8-10 min)
Udo Helmbrecht, Director of ENISA (8-10 min)
Jakub Boratynski, Head of the Trust and Security Unit, DG CONNECT, European
Commission (8-10 min)
Luukas Ilves, Counsellor for Digital Affairs at Permanent Representation of Estonia to the
EU
Part two - Questions and answers:
Thank you to the panelists, opening the questions and answers session with a first
question from the chair:

To start the debate, I would like to focus on the concepts of privacy and
security by design. The notion is more and more visible in the European
debate, we could even say it is fashionable. But is it only fashionable and
only a political need or it is a real global market need?
Then questions from the audience
In case of sudden silence, additional questions for the speakers for MB to ask:

[For Luigi Rebuffi]In many sectors we are talking about end-to-end approach
with users generating requests that go through the cycle of research and
development till new product and back to users that assesses it and might have
additional requests. How do you see the role of this approach for cybersecurity?
Is it a valid approach in this field?

[For Udo Helmbrecht] How do you see the role of ENISA evolving in terms of
working with industry to improve the cybersecurity of key economic sectors
(transport, energy, health,) and contributing to IoT security or cloud security?
[For Jakub Boratynski] 1) Will the Commission issue a cybersecurity industrial
policy to support the envisaged activities of the cPPP and the growth of a
competitive cybersecurity industry in the global market?
2) What does the Commission see as the key obstacles EU cybersecurity
companies are facing to successfully compete on a global level?
[For Luukas Ilves] Estonia is one of the examples of a well-developed egovernment solutions with digitisation of all public services that citizens can get
access using their national ID cards. Could you share with us Estonian
experience with cybersecurity in this field? How did you make it smart and
secure at the same time?

Extra questions:
Besides instruments such as the cPPP, what other enabling conditions would be
needed to support the EU cybersecurity industry?
When we talk about privacy by design, we often equate it with the use of specific
privacy-enhancing technologies (PETs). Do you think that the use of PETs can be
both a market enabler and a tool for the preservation of human rights and data
protection?
Give concrete examples of how EU and national authorities can work together with
industry to boost competitiveness and innovation in a dynamic way that could keep up
with the fast paced nature of cybersecurity
Cloud computing is one of the most important emerging areas today and is something
which offers a great range of possibilities. Yet, there are barriers to the adoption of
cloud computing solutions which relate to information privacy and compliance with
data protection legal requirements. In your view, does the GDPR sufficiently tackle
these barriers and does it facilitate the use of cloud solutions and IoT?