IT Security Awareness Raising a Pan-European Challenge

The world is quickly embracing digital in every part of life. E-banking, e-health, e-commerce, e-education, e-everything are all now totally dependent on an open, safe and secure cyberspace. We are witnessing the development and deployment of smart manufacturing, the Internet of Things and computer controlled critical infrastructure. Digital is challenging the delivery of old business models, while at the same time providing opportu­nities for the new world. We see new challenges to old business models, ­where for example mobile phone manufacturers and internet search engine companies are moving into smart transport. Europe has to embrace this challenge and take the lead in the digital revolution by delivering disruptive business models, using innovative technologies and services in a safe and secure manner. Europe has to ensure the trust of its citizens and industry to have the necessary confidence to work digital.

At the same time trust in online services ­makes it a necessity to preserve the secrecy and integrity of electronic communication. It goes well beyond individuals’ rights: In a society that is ever more depending on the correct functioning of electronic communication services, technical protection of these services is mandatory, since otherwise criminals will abuse vulnerable services. From a technical standpoint, both confidentiality and integrity may be fulfilled by the same cryptographic mechanisms.

Europe has to ensure the trust of its citizens and industry to have the necessary confidence to work with digital.

Turn users into guardians

Also, more and more citizens and businesses are likely to suffer security breaches. This is due to vulnerabilities in these new and existing technologies, the move towards ‘always on’ connections and the continuous and exponential user uptake within Member States. Such security breaches may be IT related, for example through computer viruses or other malicious software, system failure or data corruption, or they may be socially motivated, for example through theft of assets or other ­incidents caused by staff. It is indicative that all industry sectors have experienced staff-related breaches, though technology companies fared better than most.

In an age ever more reliant on digital information, there is an increasing number of technological weak­nesses that can be exploit­ed. Re­cent incidents have highlighted that a considerable number of endusers are unaware of their exposure to security risks. Given the rising ­level of breaches seen recently, it is more critical than ever that ­organizations raise security awareness by turning users into a first line of defense. A significant step towards this is to prepare user posture in cyberspace by disseminating information about the current state of the cyber-threat landscape.

A joint EU advocacy campaign

The European Cyber Security Month (ECSM) is an EU advocacy campaign that seeks to raise awareness of cyber security among citizens and advocates for changing the behavior of ­citizens towards cyber-threats by promoting education, sharing of good practices and competitions such as the European Cyber Security Challenge. The European Union Agency for Network and Information Security (ENISA), the European Commission’s DG Connect and partners have been deploying the ECSM each October for the last five years.

Prof. Dr. Udo Helmbrecht ist Geschäftsführender Direktor der ENISA – Europäische Agentur für Netz- und Informationssicherheit und im Beirat von Deutschland sicher im Netz e.V. Prof. Dr. Udo Helmbrecht ist Geschäftsführender Direktor der ENISA – Europäische Agentur für Netz- und Informationssicherheit und im Beirat von Deutschland sicher im Netz e.V. © Xenia Fink

The Digital Agenda for Europe (DAE), adopted in May 2010, and the related Council conclusions highlighted the shared understanding that trust and security are fundamental preconditions for the wide uptake of information and communications technology (ICT) and therefore for achieving the objectives of the ‘smart growth’ dimension of the Europe 2020 strategy. The DAE emphasized the need for all stakeholders to join forces in a holistic effort to ensure the security and resilience of ICT infrastructures by focusing on prevention, preparedness and awareness, as well as to develop effective and coordinated mechanisms to respond to new and increasingly sophisticated forms of cyber-attacks and cyber-crime.

The ECSM was also foreseen in the EU-US summit final report and in the roadmap produced by the awareness-raising sub-group of the EU–US Working Group on Cyber-Security and Cyber-Crime in December 2011. DsiN (Deutschland sicher im Netz e.V.) is a strong partner implementing the ECSM campaign in Germany alongside the Federal Office for Information Security (BSI).

By promoting education, sharing of good practices and ­competitions such as the ­Euro­pean Cyber ­Security Challenge, the EU seeks to raise awareness of cyber ­security among its citizens.

The campaign concentrates on building together a joint EU advocacy campaign across Member States so as to generate broad awareness about cyber security, which is one of the priorities identified in the EU Cyber Security Strategy, as well as to promote the safer use of the internet for all users and increase the national media interest through the European and global dimension of the project. The campaign includes both the general public, acting as ‘EU digital citizens’, and specific groups focused on Member States’ stakeholders from public and private organizations e.g. IT experts, NIS authorities and educational institutions. Over the course of the month of October, a range of local activities and events are held across Europe to raise the security
awareness of specific target groups. These include, among others: workshops, conferences, social media campaigns, quizzes and roadshows.

High level of involvement

The main contact point to the Member States is through the National Liaison Officers (NLO) network, partners from public and private organizations, and networks of multipliers. The European Commission, other EU bodies such as the European Economic and Social Committee and Agencies continue to get involved and maintain their participation at a high level. The campaign creates a good environment for European but also international cooperation for cyber security public-private partnerships.

The community building process around the campaign is an important win. An example of international impact is the DsiN-Cloud-Scout initiative. Cloud-Scout is an online tool which provides European small and medium enterprises with tailored information and recommendations on their use of cloud services.

Cloud-Scout für Mittelständler – europaweit

Grundwissen im sicheren Umgang mit der Cloud ist Voraussetzung für ihre sichere Anwendung – von der Einführung bis zum Betrieb und möglichen Migration auf einen anderen Anbieter. Der DsiN-Cloud-Scout wurde 2014 für alle Anwender in Europa in acht Landessprachen verfügbar gemacht; im Cloud-Scout-Report werden landestypische Gewohnheiten sichtbar:

cloudscout.cloudwatchhub.eu


X

Sie verwenden einen sehr alten Browser.

Um diese Website in vollem Umfang nutzen zu können, installieren Sie bitte einen aktuellen Browser.
Aktuelle Browser finden Sie hier