Opening speech of Vice-President Schinas at the Forum Europe 9th annual cybersecurity conference

25 Mar 2022 01:03 PM

Opening speech given yesterday by Vice-President Schinas at the Forum Europe 9th annual cybersecurity conference.

"Check against delivery"

Dear Mr. Adamson, Ladies and gentlemen,

I am delighted to be with you for the 9th Annual European Cybersecurity Conference.

A year and half ago, when you invited me to the European Security Summit, we had spoken about our new vision for security in Europe that we had just outlined in the Security Union Strategy. A vision stemming from the need to break the security silos to address all types of threats, from organised crime and terrorism to cyber and hybrid.

Now look at where we are today.

War has returned in Europe, on the doorstep of our Union.

The principles on which we built our security architecture and which we considered inviolable are being trampled upon by a cynical and ruthless attack that strikes indiscriminately at military and civilians.

In addition to this territorial invasion of mortar fire and bombing, comes the more insidious but still highly destructive threat of a cyber invasion.

Yes, a cyberwarfare is ongoing in our neighbourhood.

Look at the waves of cyber-attacks that hit Ukraine's critical public and private entities in the weeks and days before the invasion, and which intensified when the war broke out.

Ministries, armed forces, banks, border crossing stations were all targeted, with a view to paralysing the country, without a shot being fired, at minimal cost, by an enemy whose face we cannot see.

This is the reality of today's world.

This is what our Ukrainian neighbours are facing.

This is what we must prepare for too.

First, because we cannot rule out the risk of spillovers to our Member States, to our European Single Market.

For instance, a targeted cyberattack carried out against the ViaSat satellite-based internet access provider, which was presumably aimed at disrupting communications of the Ukrainian military, had repercussions on nearly 30.000 satellite terminals across Europe, from internet services in France to the administration of wind turbines in Germany.

In the hours following Russia's territorial aggression against Ukraine, some European countries in the neighbourhood saw a significant increase in the number of cyber-attacks targeting their infrastructure.

Let me recall a word of caution here. We must be very careful and not fall into the trap of hasty analysis or over-interpretation. However, we must also not be naïve and unprepared either.

These attacks however are only the tip of an iceberg: below the surface and outside the media spotlight, there has been a particularly worrying and growing groundswell of cyber-threats starting before the war in Ukraine. Over the last year, Member States have been hit by a series of large-scale cyberattacks by malicious actors.

This summer, it was the Irish health system that was paralysed by a cyberattack; then, a ransomware attack against a software company and its customers led to the countrywide closure of a major supermarket chain in Sweden. In January, oil suppliers in Belgium, the Netherlands and Germany were targeted. Last month, a major telecommunications operator in Portugal.

This brings me to my second point. Our Union is built on the single market, where everything is interlinked and interconnected thanks to our digital transformation. But this also means everything could be a target.

And when cyberattacks hit infrastructures that are critical to the functioning of our economies and of our societies, they do not only disrupt our networks. They directly put at risk the lives of our fellow citizens.

We are at a crossroads. At a defining moment for our Union. I strongly believe that a new European Union is being born out of this war in the past days.

A Europe that is ready and capable of mobilising all the means at its disposal, all its strike force, to defend the values and principles it stands for.

For the first time, we are using the European budget to purchase and deliver military equipment to a country that is under attack.

Earlier this week, the Council adopted the Strategic Compass. This document is not an answer to the latest international developments, but a long-term commitment to increase the strength of the Union as a security provider, and a resounding message of unity and determination that we are sending to those who portray us as weak and divided.

This also means one thing for cyber: we need to take it out of its ‘tech' silo and put it at the core of our security and defence. To shield our economies and our societies against these threats. To be prepared, to be resilient, and to be able to respond.

First, preparedness. We must shield the most critical sectors of our internal market both physically and digitally, in a seamless way.

This is where our twin proposals, the NIS2 and CER Directives, come in. I know you will discuss this in more detail in the next panel, but let me just stress one thing: these directives are two sides of the same coin: our security against threats of all kinds.

That is why these texts, currently being negotiated by the co-legislators, must be adopted as quickly as possible, with the same level of ambition and wider scope that we proposed.

Second, resilience. We will only be able to shield our market and our societies from cyber threats if we ensure security by design in the digital products that companies and consumers increasingly rely on in their daily lives. Those products that are most often the loophole through which malicious actors rush in to breach us. This is about safety, and about trust.

For this, we need to put in place horizontal cybersecurity requirements, common standards, for these digital products. This, is the ambition of the Cyber Resilience Act. This Act will be presented by the end of 2022, but you can already contribute to its success by participating in the online public consultation, which was launched last week.

And lastly, response. I was in Athens last week for the inauguration of the new premises of the EU agency for cyber security, ENISA. And with its Executive Director Juhan Lepassaar – who will also address to you today – we stressed the importance for the EU and for our Member States to be able to respond firmly, in a united and coordinated way, to cyber threats. To speak and act with one European voice.

Imagine a large-scale cyber-attack that hits simultaneously one or more strategic sectors in several places in Europe. If we do not already have this culture of sharing information, analyses, and expertise between Member States, but also across the different cyber communities, we have no chance of winning the battle against those who want to shatter our unity and solidarity.

In this kind of situation, time is of the essence, and the smallest piece of information can be decisive.

This is what we need today at EU level.

We need a structure that brings together our best cybersecurity experts and response teams, from the defence, civilian, diplomatic and law enforcement communities, to work together and coordinate our action at operational level.

 This is where the Joint Cyber Unit has a place in our security ecosystem and we need to advance its operationalisation urgently.

No one can win the cyber battle alone. We can only win it together.

Dear friends,

The crisis in Ukraine is a wake-up call for our security and our defence.

Now is the time for us to take bold steps in cybersecurity to make sure that we are prepared, resilient and capable of responding to potential aggressors.

Working together, we will ensure that cybersecurity becomes another vital component of our Union's protective shield, ensuring the security of all our citizens.

Thank you.

Click here for the full press release