Taking stock of the discussion so far (Group 7)
The security group has attracted 46 members who have initiated and participated in 22 discussions. All participants provided comments, insights and raised vital questions on four key questions identified by the European Commission.
On the first key question regarding strengths and weaknesses of European ICT industry, Michele Cimmino stated that “The EU Security industry has the technology to respond to these threats, and the Digital Agenda can be a good opportunity to turn EU companies in market leaders”. At the same discussion Sathya Rao stated that “The need of the hour is collaborative working and better international standards”. Similarly to this topic, another discussion regarding A competitive European ICT security industry has been created where Michele Cimmino asks if “EU has the potential to grow a competitive ICT sector”.
On the second key question regarding barriers to a vibrant ICT security market, discussion titled “Focus on change instead of invention” Stephan Engberg comments that “bureaucracy and commercial infrastructures focus on controlling and preventing innovation rather than value creation”. As the discussion progressed he also commented that “EU needs to get its act together and align the elements to get citizens needs and demand in front of the value chains”.
On the third key question regarding incentives for more European investment in ICT security to limit risks, Chronis Adreas proposed “European Union could identify some major risk categories and make an open invitation to european vendors and startups for ideas - solutions or mechanisms that could somehow contribute to risk reduction”. Apart from this two discussions regarding Raising Security Awareness and Avoiding Misuse and SMEs Security Awareness Level which both addressed the need for measures that would raise awareness in both individuals and SMEs. Finally, a discussion regarding cyber-attacks proactiveness was started by George Pentafronimos where Rossella Mattioli stated that “The problem is not developing new systems but to educate CERTs and align both organizational and information exchange practices.The ENISA reports are a good starting point but without a real coordinational and operational power of ENISA all these efforts risk to be vain.”
On the fourth key question on how to stimulate further European Innovation and competiveness and reduce the research-market gap, Stephan Engberg commented that we should “Stop abusing "Need for Research" instead of dealing with issues that have nothing to do with research” while Costas Lambrinoudakis commented that EU should “introduce challenges and support start ups in a way that would engage researchers into a more applied research direction”. Another discussion that has drawn a lot of attention related to Cloud-based Public Administration where Michele Cimmino wondered if we “can aim at the creation of a shared EU public administration hosted in the Cloud”. Among others Theodoros Stergiou responded that “we will need to assess risks posed by personal information being used and the adoption of controls for preserving their C.I.A. according to the EU data protection directive, and so on...” and Axel Schultze replied that “Research says that over 60-80% of security threats come from inside and as such the cloud maybe even more secure”.Apart from those four key questions, discussions have also evolved around data privacy and traceability where Paul Bernal commented that “privacy needs to be a selling point - if businesses can make more by helping privacy than they make by invading it, they'll make that decision. Until then....” and Data Privacy and Security proposed EU regulations .
Group audience:
Comments
Where is the lacking
Where is the lacking constructive agenda of Empowering citizens?
There is one key focus that should be included - if you look to present action points (a bit black/white), their effects are
counter-productive to goals -both economic growth and security. There is clearly a serious lack in problem analysis, issue decomposition and causality understanding in order to guide action.
E.g. "Privacy" can never be a "selling point", when security in infrastructure starts by eliminating privacy and data security. Data Protection Regulation is a joke when Data Retention require dis-empowerment and no secure payment mechanisms are allowed or available. What is happening presently and will be further worsened is digital networks as hunting ground for predators with citizens as defenseless prey and market innovation processes as the inevitable wictim.
Society does NOT benefit from everybody fighting over who is best at profilling and behaviour-manipulating citizens to go for instant gratification or bad solutions to real needs !!
Non-the-less this is EXACTLY what the present strategy is doing and will worsen futher - forcing citizens to become prey if they want to paticipate use the digital networls and companies to loose competitiveness through intermeditation by the commercial predators in infrastructure using non-legitimate and market-damaging means to profit. It is sort of neo-feudal game where power concentrates and society
Society need to re-empower citizens to ensure markets focus on value creation according to real needs instead of focus owning and controlling people. The power of saying and enforcing a NO is the real power which empowerment is about. And neither citizens nor regulation can enforce a no when citizens are identified because control has transferred.
No company (and apparantly especially not government institution) likes competition, no company will voluntarity give up elements of power unless forced by regulation, competitors or customer choice. When regulation that require surveillance and kartel standards that prevent innovation dis-empower citizens and new alternative providers to enforce change through free choice, the outcome is an increasingly worse functioning market.
Security is where we design society - decide WHO is in control of what and how or if change can occur - and have been doing a terribly bad job since the fall of the wall and the emergence of internet. All the fundamental values, principles and value-creating innovation processes have been rapidly eroding
The 1970s and earlier fear of "Big Brother" ia reality in some countries and a vast understatement of the kinds of political controls that with present tehnlogies COULD implement. But behind this has emerged two much more real and active attacks on society in the form of narrow interests in commercial infrastructure and bureaucratic public administration accumulating power resulting in Command & Control Economics eroding liberal democracy and markets.
The perimeter security paradigm has failed and become an increasingly bigger part of the problem.
Europe might have the securing technologies to Empower Citizens but regulation and standards are preventing them from entering the market. E.g. SEPA is not ensuring Digital Cash is made available as payment mechanism meaning that no Empowering payment option is available. You are not allowed to make safe mobile phones turning mobile phones into trojan horses to control people. eSignature is a dictate of Dis-Empowerment.
There need to be a "renaissance" - a return to the values so dearly and costly learned over the centuries and so rapidly eroded by bad technology design and regulation favoring surveillance and control over empwerment and security.
"there are far more good
"there are far more good neurons on the planet than bad, and at all costs we must never let the dark side win" via @petercochrane on link here:
http://www.techrepublic.com/blog/cio-insights/virtual-hacks-how-the-dark...?
"There need to be a "renaissance" - a return to the values so dearly and costly learned over the centuries"
amen