Chief Data Officer, Telefonica.
The internet has transformed many aspects of our lives for the better, but this culture-changing innovation also brings with it new risks. That is why on 26 November European Voice brought together EU Home Affairs Commissioner, Cecilia Malmström; Boris Pistorius, interior minister of Lower Saxony; Enrique Blanco Nadales, global chief technology officer of Telefónica; Lambert van Nistelrooij, MEP and shadow rapporteur on critical information infrastructure protection; and Professor Jos Dumortier, head of the Belgian cyber-crime center of excellence for training, research and education, to discuss the threats to internet users and ways to tackle them.
Cecilia Malmström kicked off the debate by saying that cyber-crime too often goes unreported “which lets cyber criminals think they can operate with impunity”. Referring to a recent Eurobarometer survey, she added that 50% of people are afraid of cyber-crime. “This is bad for users and bad for the economy,” she said. But she mentioned that the European Commission is taking action. Last January the European Cyber-Crime Centre in The Hague was set up. Ten centres of excellence in fighting cyber-crime are now up and running and the proposed Network and Information Security Directive, currently being debated in the European Parliament, will allow law enforcement agencies to co-operate more easily, will criminalise botnets and will establish a reporting obligation for companies in the case of a cyber-attack. “We want to help member states build up the capacity to deal with cyber-crime. Some regions are great and have built up their capacity, but many have not. If a police station doesn’t even have a computer, how can it deal with cyber-crime?” said Malmström. “On the one hand the internet is just another tool for criminals to use, but it also opens the door for a new type of crime and this is where we have fallen behind,” she added. Speaking about the recent scandal surrounding the United States’ mass surveillance of EU citizens, Malmström said that perhaps it could have a positive effect since it has put the topic of data security on the table. “The NSA has grown into an uncontrollable monster. But we are working on a data protection agreement with the US, and hopefully this could lead to something that will improve the security of the internet,” she said.
Boris Pistorius explained that a survey of 40,000 citizens in Lower Saxony recently revealed that cyber-crime was the most under-reported type of crime. “Users do not take enough security measures with their devices,” he said. “Not every crime threatens every one of us. But awareness of the risks and dangers is essential,” he said. For example he pointed out, no-one would park their car in the street without locking it. “We should be as careful with the internet as we are with our cars,” he said. But law enforcement also has a role and the authorities need resources. Police forces’ efforts to catch cyber-criminals without sufficient data is like trying to catch a Porsche on a bicycle said Pistorius.
Enrique Blanco Nadales, said that customer trust is key to the success of businesses. Data traffic is growing by 68% year on year driven by media applications and social networks, he said. For this reason security has to be an end-to-end consideration: from devices, smartphones or tablets, to the mobile network, to the data-centre or cloud providers’ servers, he said. He said that security was integral to building a phone network: “No big operator would deploy without security.”
Lambert van Nistelrooij began by saying that public trust, surveillance and the use of personal data would be big issues in the 2014 European Parliament elections. “Citizens don’t make a distinction between data security, cyber-crime and surveillance. So what do we have to do to safeguard our values and to keep the internet open? It’s a coin with two sides,” he explained. While he praised new and emerging technologies such as the Galileo satellite system, which will be able to track devices much more closely than GPS, van Nistelrooij said these things need to be used “in adherence with our standards and values”.
Jos Dumortier explained that his cyber-crime centre works to coordinate knowledge, develop knowledge and distribute knowledge through training because “the end-user remains weakest link in the chain”. “I think the basic problem is that the internet was not designed for the use we are making of it today. And as a result we are making the life of the cyber-criminal much too easy. We need to make it harder,” he said.
Telefónica intends to be an important part of the solution. Therefore, we are already working to protect and ensure the availability of our end-to-end networks and services and the confidentiality and integrity of customer data.
- At present, we have 680 Network security professionals
- We have strict security certification processes with ours vendors, having launched a special project with a reference worldwide vendor which consists of a security working group creation to validate and enhance the security of the vendor’s equipment
- We also have 4 Computer Emergency Response Teams (CERTs), two located in Latin America and two in Europe, globally coordinated for joint management of cyber threats and the protection of our networks, services and customers
- We have also implemented an strict Internal Audit cyber-security plan, performed yearly, to ensure the effectiveness of our cyber-security model
Last but not least, we have recently created Eleven Paths, a company that aims to develop new, simple and easy services that make Internet more secure for everyone.