This rapid technological development and its extensive use comes with a responsibility for digital service providers, public administrations and all users to be dynamic in keeping track of the new security challenges and responding to them.
The concept of cyber security encompasses a wide range of technologies and fields from data security in social media, internet banking or online shopping sites to military systems and network protection. Public institutions such as ministries, or smaller structures such as hospitals, schools, kindergartens, business corporations and micro enterprises right down to individual computer users, are all cyber security “clients”. Therefore, the first steps and the most important tasks involve exchanging information among stakeholders, raising awareness and fostering cooperation in order to create a safe virtual environment in which to operate.
Cyber security forms an integral part of the defence industry. This industry and military resources often serve as an environment for new innovations. The new solutions found then play an important role in the civil sector and become the basis for the implementation of various critical functions in a country, such as telecommunications, energy supply or financial capital flows. To ensure that these and other functions operate smoothly, a state policy on cyber security and defence is implemented. The line between cyber security and cyber defence is also becoming increasingly blurred. Representatives from the civil and military sectors hold wide-ranging discussions at international forums about common security challenges and –increasingly often – about common solutions.
The Presidency of the EU Council and the preparations for it presented a unique opportunity for Latvia to gain an in-depth insight into the current cyber security and defence situation in the EU and individual Member States, and to develop a common policy, express its views and offer new solutions.
The task for Latvia was to continue work on the first legal framework on cyber security at EU level – the Network and Information Security (NIS) Directive. The Directive will set the minimum requirements to be met by Member States in developing the cyber security policy network and information security incident reporting.
Latvia addressed significant cyber security issues at different levels both in Brussels and in bilateral cooperation formats in European capitals. For example, in March Latvia and Germany co-organised a conference in Berlin on current cyber defence issues in Europe, and discussions were held in May in Riga on national cyber security policies and strategies in Europe.
To look for solutions regarding the safety of virtual space, a debate on the detection of computer incidents and vulnerability at both national and EU level was launched under the Latvian Presidency. This principle would enable any researcher or ethical hacker to report vulnerabilities in information systems, products or services, thus informing the owner of the risks or shortcomings and asking them to take action to remove them. Responsible detection policy is currently implemented mainly by global companies, but there are several countries, such as the Netherlands, where this policy is also implemented at state and local authority level. It does not require additional resources, but mobilises skills and talents already present in society and expands public participation in building a safer virtual space.
The most important event devoted to digital agenda issues during the Presidency was the Digital Assembly held in June in Riga. It focused on the European Digital Single Market and digital security as an indispensable prerequisite for the establishment of such a market. Unfortunately, there is still a large section of society that does not trust digital online services and their data security or privacy, so there is a need for the widest possible discussions on public awareness and confidence building, as well as on safe service and product creation in the virtual environment.
Given that 97% of all cyber security incidents occur as a result of deliberate or unintentional human actions that can be avoided or because of a lack of cyber hygiene, it is important to educate users. The Latvian and Estonian Ministries of Defence have launched an initiative to develop and implement cyber hygiene, and Austria, Finland, Lithuania, the Netherlands, Poland and the EU institutions have now joined the initiative. In practice, this will mean that upon taking up their duties, or over a fixed period of time, employees of various establishments will follow an interactive step-by-step programme that explains and teaches the basics of cyber security in everyday work with information technologies.
This year in May, in opening the seminar at which EU Member States' cyber security strategies were discussed, the State Secretary of the Latvian Ministry of Defence, Jānis Sārts, stressed that it is impossible to develop the digital economy and digital Europe without guaranteeing its security and defence. In the future, with the growing synergy of digital services in everyday life, a safe and reliable virtual space will be an important prerequisite for ensuring free and sustainable economic growth.