EU’s Road to Digitalization & Network Security

Introduction: Tieke Dialogue known as TI Tech Dialogue, is a communication mechanism that aims to not only conduct academic dialogue and discussion on cutting-edge fields such as hard technology, but also cover more lively and interesting topics. A special virtual TI Tech Dialogue themed with EU digitalization and network security was held recently, with the main points of views as follows:

 

List of Keynote Speakers:

  • Thorsten Jelinek, Director of Taihe Institute Europe Center and Associate Director at the World Economic Forum (2011-2014).
  • Shi Minyong, Senior Fellow of Taihe Institute and Dean of Computer Science of Communication University of China.
  • Chen Jianglong, Senior Fellow and Vice Editor-in-Chief of Taihe Institute.
  • Zhang Yu, Fellow of Taihe Institute and Head of Business Intelligence Team, Department of Strategy & Innovation, Nokia Shanghai Bell Co., Ltd.
  • Yi Di, Vice Chairman of Taihe Institute.

 

(Mr. Thorsten Jelinek)
 

I. Major Network Attack Modes and Respond Measures of Countries

Since the Fourth Industrial Revolution, the acceleration of digital development has led to a worldwide expansion of the network attack coverage and an increase in network attacks volume. The ever-expanding digital economy means that an increasing number of people and devices continue to be connected at a fevered pace, resulting in massive data transfers and an expanded global data circle. Existing threats increase and new threats continue to emerge as the digital economy rises. As a result, network governance of individuals and companies faces many security risks, with related incidents surging geometrically and its nature and complexity increasing massively. In the past 20 years, network security issues have developed from simple attacks to multi-vector and large-scale complex network attacks by using encrypted ransom-ware.

 

According to the European Network and Information Security Agency’s Threats Landscape Report 2020, from the end of Year 2019 to May 2020, due to the social isolation caused by the COVID-19 pandemic, there is an increasing number of network attacks on households, businesses and critical infrastructure by malicious software such as phishing, ID theft and extortion, which has become the number one network threat in the European Union.

 

1. Modes of Major Network Security Attacks

The previous attack modes are mainly network-driven, and compared to the application-driven attack mode developed recently, these network-driven attacks have more rapid and complex development. Concurrently, there have also been social engineering attacks, that is, obtaining bank account numbers and passwords through social disguise. In fact, many cybercrimes are more “like” a kind of service.

 

Attackers do not need to develop software on their own, instead, they provide rent and purchase services, which forms a highly advanced network security ecosystem, increasing the difficulty of law enforcement. These attackers have been known to employ high-tech methods such as artificial intelligence to use different accounts while using encrypted electronic currency globally, making it extremely difficult to track.

 

2. Characteristics of Countries Respond Measures to Network Security Threats

As we see the deeper integration of cyberspace today, network security centers in countries and regions are establishing mechanisms for managing global network activities from legal, technical and organizational aspects to change the current fragmented status of network governance mechanisms.

 

All countries have invested more in network security. First of all, in 2020, the U.S., Western Europe, Japan and other countries and regions have spent considerable resources on network security and risk management in products and services, especially in the field of infrastructure. And Chinas spending in defending the Motherland against network threats has also grown substantially, which will form a larger market for network security management in the future.

 

Secondly, governments across the vast spectrum of the international community are solidly committed to improving security resilience to ensure their own national security. Some have adopted stringent measures in legal, technical and organizational aspects while expanding the scale of corresponding capacity building and talent training.

 

Thirdly, nations have also been actively engaged in international cooperation in fields such as AI and 5G facility construction that should involve multiple interested parties, such as G7, G20 and the United Nations to participate in, as these cannot be done independently. However, the current organizational structure is loosely formed as countries still maintain their own governance.

 

3. Similarities and Differences of Digital Strategies in Major Countries

Throughout the global governance system, the U.S., the European Union, and China have played major roles in the field of network security. Specifically, the U.S. has recently launched The Clean Network Operation, Economic Prosperity Network Operation and The Quadrilateral Security Dialogue to integrate national defense, security, and economic issues. The European Union calls for the establishment of digital sovereignty and the organization of the China-CEEC Spokespersons Dialogue in Budapest and other network security communication mechanisms. Besides, China proposed the Global Initiative on Data Security and the concept of the Digital Silk Road.

 

What the U.S., Europe, and China share in their digital strategies is that the three parties have adopted digital sovereignty strategies to strive for dynamic economic control. However, each of these three parties holds different value points. The U.S. values individualism and has more liberalized policies in network security; the European Union prefers their own modified “American Approach” though it generally stands in the middle, while China prefers to adopt a centralized and unified approach to maintain network security. Consequently, in dealing with the issue of the multilateral framework of network security, the U.S. has expressed its intention to withdraw from the existing multilateral mechanism, while the European Union plans to further strengthen the existing multilateral framework. On the issue of improving relevant laws and regulations, China has circulated numerous laws, regulations, and policies concerning network security. The same applies to the EU which enjoys the largest budget from both national and EU governments among these three parties. However, the U.S. does not currently have any separate legislation on network security at the federal level and most of its existing laws are aimed at specific industries or on the individual state level.

 

For the European Union, the main challenges to be resolved are rapid detection, response and protection networks, information infrastructure, as well as economic, social and political functions. On the one hand, the EU needs to realize digital sovereignty and transform into a digital economy. On the other hand, the European Union's maintenance of network security requires joint efforts between public and private sectors and of various interested parties across organizational, national and regional borders. Interested parties need to determine their respective responsibilities, collaborate under the guidance of sharing principles and regulations, and strike a balance between security and autonomy to eventually realize the digital governance.

 

(Credit: sohu.com)

 

II. Network Security Strategy Within the European Union

1. Advantages and disadvantages of EU Digital Strategy

It has today become a global consensus that the digital economy can promote development and employment. Data is very much a global “asset” but EU member states have insufficient resources to develop applications and algorithms. The large number of EU member states makes it difficult to carry out coordination work and also less competitive in the global digital competition. Equally challenging is AI that triggers new security and transformative risks. In the future, there will be more challenging threats that are effective and precise than before, which will greatly change the status quo of network security.

 

However, the EU has its own unique advantages in developing digital strategies. As one enormous collective marketplace, the European Union is massive, with a population of more than 550 million, and the EU’s R&D capabilities top the world list. Although some people worry that the EU’s excessive supervision of enterprise access may impact network innovation, it also shows that the EU has adequate protection in terms of security and privacy.

 

2. The Pillars of EU Network Security Strategy

In order to build a strong EU security ecosystem to ensure the security of the digital environment, respond to evolving threats and combat terrorism and organized crime, European Union agencies and departments will jointly develop a series of tools and measures over the next five years to strengthen international and domestic networks dialogue to promote EU security integration. In recent years, the European Union and its member states have placed network security on the agenda to improve overall network resilience. The European Union has made digitalization its priority for the next five years (Years 2019-2024). Mr. Ursula von der Leyen, European Commission President, proposed that in the future, the EU needs to establish a geopolitical committee and a digital leadership package plan to support digital and technological sovereignty as well as network security and privacy. The EU aims to transform from its original role of importer to an exporter and sell its digital products to other countries with the construction of the safest digital environment in the world. At the macro level, the EU’s network security approach is based on the openness and fundamental rights pursued by its values and its digital sovereignty strategy seeks to strike a balance between market dynamics, privacy, and demands.

 

The EU’s network security strategy mainly focuses on three aspects:

The first is the EU network security policy. Recently, the European Unions network security policy has gradually evolved from focusing on the single market to comprehensive planning. As far as the participants are concerned, in the past, network security was a secret government action that was shielded from the public.

 

But for today, network security-related government departments in the United Kingdom and France continue to open up their network security researches. In terms of policy coverage, the European Union’s network security policy was mainly driven by the single market in the past. However, due to the increasing number of network attacks in recent years, the EU intends to integrate the four main policy areas of the single market, domestic affairs, defense security and foreign affairs together.

 

With the continuous strengthening of Internet cooperation, the dimension of EU network security policy has gradually extended from personal data privacy to infrastructure and borders, as well as social and international cooperation. To this end, the EU has taken the EU Security Union Strategy for 2020 to 2025 as the basis for cooperation and joint actions in security in the next five years.

 

The second is EU network security laws and regulations. The key to the EU’s network security strategy is to establish and maintain a single digital market. Legally, it is necessary to implement the single market terms in order to drive the development of the digital market with the EU as the main body. In order to become the worlds leading lawmaker of network security rules, the EU is strengthening legislation related to the digital economy. In comparison, EU legislation is more inclined to security fields and it may come at the cost of development.

 

At present, a number of key regulations on network security and privacy have been issued within the European Union covering personal data, non-personal data, mixed data, critical infrastructure data, trade secret data and many others. The three key regulations are the General Data Protection Regulation (GDPR) which focuses on personal data security, the Network Information Service (NIS) Directives that focuses on network and information security, and the Network Information Security Directive (NISD) Law focusing on coordination and certification.

 

The third is the EU investment and allocation plan in network security under the EU fiscal framework. In order to enhance the competitiveness and security of the single EU marketplace and realize its economic model and values, five major funds have been established under the EU’s Multiannual Financial Framework. The amount of each fund has not yet been finally agreed though. The Digital Europe Project (DEP) Fund mainly focuses on the deployment of new technologies, and Horizon Europe Funds (formerly Horizon 2020) mainly supports the basic research on supercomputers, AI, network security, and digital skills. Allocations for these two funds were 1.8 billion euros and 1.4 billion euros respectively.

 

3.  EU 5G Deployment Plan

5G has become the backbone of the EU’s digital transformation. Take the EU’s 5G deployment as an example. Since October 2019, the European Union has gradually measured the security risks of 5G implementation and established a 5G toolbox to help member states deal with network security, infrastructure and 5G related issues. As of June 2020, 14 EU countries have deployed 5G commercial services. It is expected that by the end of this year, all EU countries will deploy their 5G commercial services. Although the 5G business has now become overly politicized, the EU cannot actually bear the consequences of the delayed 5G commercial progress due to the politicization of 5G. EU 5G mobile operators need to comply with the EU telecommunications framework to ensure the effective implementation of security policies.

 

(Credit: sohu.com)

 

III. Prospects for China-EU Digital Economy Cooperation

China and the European Union have issued corresponding laws and regulations to secure privacy and network security, protect digital trade and strengthen digital cooperation. Both parties wish to transform from physical transactions to digital trade but the basic premise remains to achieve digital security.

 

Therefore, the priority is to establish digital security rules and channels and strengthen digital governance. Here in the 21st Century, the U.S., the European Union and China have different development paths to achieve their digital governance. The open Internet era has passed and the future may be an era of joint cyberspace, with secure channels based on shared norms, standards and rules.

 

Many organizations are currently formulating new security standards and therefore each generation of network security standards will continue to improve. Currently, the number of international organizations defending multilateralism is decreasing, and even the major stakeholders are excluded. For example, the G7 nations may hold network security discussion without the participation of less relevant participants (such as Russia and China). With the function of WTO becoming weaker, new rules need to be reached to achieve cooperation and avoid the tendency of making “the emphasis on digital sovereignty” a protectionism.

 

Affected by the COVID-19 pandemic, China and the European Union need to enhance online dialogues, and more stakeholders like governments, companies and even think tanks should get involved in the process. Both parties should realize that the key to solving the problem is not from the technical level, but from the governance level, which lies in achieving a more inclusive discussion and respecting differences. At present, China and the EU can cooperate in this regard and conduct digital exchanges on the basis of protecting the digital economy and digital content within the scope of sovereignty.

—————————————————————
ON TIMES WE FOCUS.
Should you have any questions, please contact us at public@taiheglobal.org