How is cyber policy made by governments? And where is European Union cyber policy headed?
On the 24th of February, ETH students gained unique
insights on this topic from Dr. Igor Nai Fovino. As deputy Unit Head of the European
Commission’s
Joint Research Centre, he has acquired over 13 years of experience at the European
Commission. He
talked to ETH students about his research covering IoT, blockchain, risk assessment,
malwares, among
many more areas. One current topic of his research he discussed was whether it would be
possible to
use blockchain technology to aid in the logistics of Covid vaccinations (yes!).
During the
talk, Igor shared with students that the EU was working towards improving data protection as
a human
right – not simply as a set of rules with paperwork. Furthermore, an understanding of data
protection and how it must be regulated is still developing, and will continue to develop
further.
As such, policymaking processes are a process of continuous negotiations. How has COVID
affected
cyber security in Europe? For one, healthcare and critical infrastructure sectors
experienced
increased attacks. Additionally, COVID has pushed Europe faster towards digitalization, and
cybersecurity has now become more relevant in the EU Commission’ priorities.
The
take-away
from the talk was that cybersecurity is currently undergoing a paradigm shift. The ‘old’
firewalling
approach does not work anymore because digitalization implies that it is not possible to
close all
the system’s doors. For example, the energy grid before the 90s was considered to be secure
simply
because it was a closed world. With the roll out of smart grids and other initiatives, it is
not
possible anymore to close the doors, because suppliers need continuous data floors for
decision
softwares. In order to do that, all devices need to be connected, and for this reason the
grid is
vulnerable.