These years more than ever, cybersecurity is at the center of our attention. I am not making here any reference to the ever increasing recent “breaking news”, on the contrary, I would like to focus on several EU regulations which will positively impact our business and our lives.
Both the NIS and the GDPR directives1, whose implementation will have an effect way beyond the EU countries, are there to provide a better safety to States, companies and citizens, whose privacy and intimacy is clearly set as a priority if we examine the GDPR text. At the same time, we witnessed the recent publication of the Tallinn Manual 2.0, a reference volume materializing the great efforts carried out by the think- tank of authors aimed at offering to policy-makers a better understanding of cyber operations and legal contexts.
The United Nations’ITU has for several years embarked on a similar journey, focusing on knowledge building and information sharing, through development of good practices and assistance programs, within the framework of the Global Cybersecurity Agenda, hence covering key priority areas such as legal measures, technical and procedural measures, organizational structures, capacity building and international cooperation.
Paraphrasing the titles of two ITU publications, if we are in the “quest for cyberpeace”2 and we wish to see people living in a trusted environment during their day-to-day online experiences in their “quest for cyberconfidence”3, we need to make available the necessary knowledge.
Capacity building starts with being informed on the current situation from the challenges to the possible solution to mitigate and resolve such challenges. The same applies in the cybersecurity arena: cyber dangers can be countered through increased knowledge and proper use of the tools made available to us. Adult awareness is a major challenge, not easier and no less important that children awareness.
In this sense, the multiplication of efforts we witness on our continent – we can quote the very well done and easy-to-use the CERT-EU app4 – which is there to answer the citizens’ demand to be better and quicker informed on old and new threats and how to defend themselves against them.
Another relevant effort that I see is the “Coordinated Vulnerability Disclosure” initiative, within the context of information sharing, a topic which is now becoming a focus in several European states.
This is a very important public-private partnership that we hope we will see working as soon as possible.
1 NIS = Network and Information Security (directive); GDPR = General Data Protection Regulation
4 cf. bibliography at the end of the volume for more details