Cybersecurity Development Incentives Required in Europe
Incentives for developing cybersecurity in Europe need to be created, said panelists at the Digital Agenda Assembly 2012 in Brussels. “The Internet represents a set of opportunities for research, innovation, development of new products in security in Europe,” said Olivier Festor, director of research at European Institute of Innovation and Technology ICT labs. But the industry needs to be incentivized to enhance cybersecurity, said Sandeep Bhargava of CEF marketing and corporate affairs.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Lack of incentives has slowed reaction to vulnerabilities, Festor said. “We went through over 2,000 vulnerabilities. On average it takes more than four years before vulnerabilities [are] initially discovered and the time it is patched,” he said. Industrial control systems that have a 10 to 15 year life-cycle make the security of the infrastructure difficult to improve, said Joachim Schaper, vice president-research at AGT Group. “What we're currently working on is to find a way to … look at those infrastructures to … raise the capabilities of those who monitor it appropriately to understand where vulnerabilities are, as well as what particular countermeasures can be [implemented],” he said.
Companies struggle to find the necessary information and communications technology (ICT) security employees, which reduces cybersecurity incentives, Festor said, highlighting the need to foster academic interest in ICT. By 2015, about 700,000 IT positions in Europe will need to be filled, but “it’s difficult to find talent and people motivated in the ICT security area,” he said.
Programs should be designed to incentivize companies, Bhargava said. He recommended recognizing companies for the investments they have made in cybersecurity. He also recommended a risk-sharing investment program with the government and regulation minimization to promote innovation. While the Internet has seen low regulation and quick growth, telecommunication technology has been highly regulated and lagged behind, he said.
Informing the public about the vulnerability and safety of Internet services also drives demand for increased cybersecurity, Bhargava said. For example, the public should know that they pay for “free” Internet services by allowing the services to access their personal data, Festor said. “Making them aware would indirectly lead to some kind of demand from those areas. And the customer is willing to pay for it,” Bhargava said.