Dear Minister Le Drian,
Ladies and gentlemen,
Thank you for your invitation.
First I would like to congratulate you and France for this initiative.
We should have done this in Europe much earlier.
Unfortunately other actors intervened first.
Insecurity, fear, instability.
In governments, companies and banks.
It is now proven beyond doubt, that cyberspace is one more battleground against organised crime and terrorism – whichever form this takes.
We are lagging behind. This is a fact.
We should have anticipated the urgency of cybersecurity.
Now we have to react.
And it is better late than never.
Cybersecurity is critical both to our prosperity and our security.
Cyber-threats threaten not only our citizens: they are threats to our democracies themselves.
With so many experts in this room, you do not need ME to tell you about the global threat posed by cybercrime.
As the European Commissioner in charge of Home Affairs, this issue is of course a top priority for me.
In the Internet-dependent societies we live, it is an issue of truly global dimensions.
In the last year, we had more than 4,000 ransomware attacks per day, a 300% increase compared to 2015.
The Wannacry attack in May affected more than 150 countries and over 230,000 systems. Even nuclear stations were affected.
The nature of these threats has grown and changed in importance in three significant ways.
First, by becoming strategic, because they endanger our critical infrastructure and threaten our democratic processes.
Cybercrime has become instrumental in geopolitics and conflict – hybrid and otherwise.
Second, by becoming endemic, as the threats spread like wildfire, from IT networks, into business-critical operations,and our critical infrastructure.
Thirdly, by becoming universal: our omni-connectedness means that threats are more difficult to contain across networks, devices, or geographical regions.
Inaction is therefore no longer an option.
This is an essential debate about the sustainability of our economies and our democratic institutions.
In the European Union, even with delay – we recognised the importance to act, and tomorrow in Brussels, we will present concrete actions to address our cyber-insecurity.
The actions are European, but the perspective is of course global.
This new cyber-strategy is built on three key pillars: – resilience, – deterrence, and – international co-operation.
The focus of all the actions in this strategy is first of all operational.
That is why the centrepiece of the resilience pillar of the strategy is to strengthen our operational Agency for Network and Information Security (ENISA), which is based in Greece.
ENISA gets a stronger mandate, more resources, and an operational role to support our Member States deal with cyber-threats.
A crucial aspect here is skills and expertise.
Hackers will only be deterred by people that can match their skills.
We need to ensure that programmes for education and training include cybersecurity as a core part of academic and vocational training curricula.
Cybersecurity is a responsibility for all of us.
From companies and governmens, to the last citizen using a connected device of any kind.
Just think that 95% of successful attacks are said to be enabled by “some type of human error – intentional or not”.
Cyber-hygiene for all therefore: awareness-raising, communication, training, skills-building, these are crucial and should be our priorities.
The second major pillar is deterrence.
Successful deterrence requires effective detection, traceability, investigation and prosecution.
We will only begin to turn the tide on cyber-attacks, when we increase the chances of criminals getting caught and sanctioned for committing them.
Here, the Council of Europe Budapest Convention on Cybercrime, is the cornerstone of our international partnership to exchange information and electronic evidence.
This is of course linked to the third pillar of our strategy: global cooperation, which is in my view the most critical – and the most relevant to our context this week at the United Nations.
Global cyber stability is a task that NO country, and NO region can promote alone.
It has to come from all of us.
The European Union will continue to advocate strongly that international law applies in cyberspace.
I said it before: our security systems will always be as STRONG as the weakest link in the cyber-chain.
The UN and NATO will be a key area of focus on the international arena.
Our cooperation with NATO will deepen, especially in relation to threats of the well-known, ‘hybrid’ type.
Ladies and gentlemen,
Cyberspace – this amazing medium of interaction and innovation – unfortunately also offers unprecedented opportunities for criminals.
Cybersecurity concerns all of us.
All of us may become targets or victims.
Our resilience, and our means to deter attacks, will be key to our future.
Our perspective can only be global, for a threat which is borderless.