How is cyber policy made by governments? And where is European Union cyber policy headed?

On the 24th of February, ETH students gained unique insights on this topic from Dr. Igor Nai Fovino. As deputy Unit Head of the European Commission’s Joint Research Centre, he has acquired over 13 years of experience at the European Commission. He talked to ETH students about his research covering IoT, blockchain, risk assessment, malwares, among many more areas. One current topic of his research he discussed was whether it would be possible to use blockchain technology to aid in the logistics of Covid vaccinations (yes!).

During the talk, Igor shared with students that the EU was working towards improving data protection as a human right – not simply as a set of rules with paperwork. Furthermore, an understanding of data protection and how it must be regulated is still developing, and will continue to develop further. As such, policymaking processes are a process of continuous negotiations. How has COVID affected cyber security in Europe? For one, healthcare and critical infrastructure sectors experienced increased attacks. Additionally, COVID has pushed Europe faster towards digitalization, and cybersecurity has now become more relevant in the EU Commission’ priorities.

The take-away from the talk was that cybersecurity is currently undergoing a paradigm shift. The ‘old’ firewalling approach does not work anymore because digitalization implies that it is not possible to close all the system’s doors. For example, the energy grid before the 90s was considered to be secure simply because it was a closed world. With the roll out of smart grids and other initiatives, it is not possible anymore to close the doors, because suppliers need continuous data floors for decision softwares. In order to do that, all devices need to be connected, and for this reason the grid is vulnerable.