Matei Bogdan
Publicat în 26 mai 2021, 11:15 / 121 elite & idei

Dragos Preda: Cybersecurity risks – a new wave?

Dragos Preda: Cybersecurity risks – a new wave?

Thank you Professor @Daniel Daianu , thank you Professor Iulian Chifu, thank you Adriana Sauliuc, thank you dear Calin Rangu
Always a pleasure to be among dear colleagues and high level professionals/ experts as @Dan Cimpean and Yugo Neumorni
Cybersecurity has become a global problem, whether viewed in economic, humanitarian, or national security terms.
In economic terms, the 2017 WannaCry ransomware infected hundreds of thousands of computer networks in 150 countries, with losses totaling up to $4 billion.
The White House estimated that the total damages from NotPetya reached $10 billion.
According to the U.S. Council of Economic Advisers, malicious cyber activity caused between $56 and $109 billion worth of damage to the U.S. economy in 2016 alone.
Individuals, meanwhile, have become all too accustomed to losing access to or control over otherwise confidential information. Researchers identified 5,183 data breaches of 7.9 billion records in the first nine months of 2019, continuing the trend of worsening statistics.
Meanwhile, high-profile cyber incidents such as Stuxnet, Russian election interference, and the targeting of an Indian nuclear plant illustrate the national security stakes of cybersecurity.
In response to this threat, many stakeholders have turned to the idea of “cyber norms”—expectations of appropriate behavior in cyberspace—to regulate state behavior and limit damages from malicious cyber activity.
To develop and spread these cyber norms, various state and nonstate stakeholders have promoted different processes, including in multilateral, private, industry, and multistakeholder contexts:
👉 Multilateral norm diplomacy involves efforts by states to devise cyber norms for states. The most prominent efforts occur under the auspices of the UN General Assembly’s First Committee. Earlier efforts to identify and operationalize cyber norms continue today under a new UN GGE on Developments in the Field of Information and Telecommunications in the Context of International Security.
At the same time, the UN General Assembly has also constituted a new OEWG with a similar mandate, albeit for a more inclusive grouping of interested member states and UN observers.
Other organizations have, moreover, sought to prompt multilateral processes of their own, including the Shanghai Cooperation Organization, the G7, and the G20.
👉 Private norm processes involve groupings of high-profile experts from diverse backgrounds who study and offer recommendations on cyber norms for states or other stakeholders. Even though they may have past or present associations with states, firms, or other institutions, participants work in their individual capacities.
The Bildt Commission (formally the Global Commission on Internet Governance) marked an early attempt at this sort of process.
The Global Commission on the Stability of Cyberspace and Carnegie’s Cyber Policy Initiative are more recent entrants in this category of norm processes.
👉 Industry-focused norm processes involve efforts by industry to identify norms for industry vis-à-vis cybersecurity. The two most prominent examples to date of such processes are the Microsoft-initiated Cybersecurity Tech Accord and the Siemens-led Charter of Trust.
🧏🏻‍♂️ Multistakeholder norm processes refer to inclusive fora that offer multiple stakeholders, including some combination of states, international organizations, industry, civil society, or academia, opportunities to discuss, identify, or advance cyber norms.
Sometimes these processes focus on cyber norms indirectly, whether because the process is simply a forum for dialogue (for example, the so-called London Process or the Internet Governance Forum) or because its mission is related to, but separate from, norm making (for example, the Global Forum for Cyber Expertise).
In other cases, however, multistakeholder processes have openly campaigned for norms, whether for all stakeholders or specific subgroupings.
The NETmundial Initiative did this with a focus on internet governance, the Paris Call focused specifically on trust and security, and the Christchurch Call sought to coordinate normative expectations relating to online violent extremist content.
🇪🇺 The European Cybersecurity Center must use the zero-trust concept, which is imperative and highly topical in cybersecurity.
„The zero-trust concept implies total distrust, permanent verification. I know these things are scary, but I tell you that these are the international developments. Beyond the moment of implementation, or including it, the EU Cybersecurity Center must use the zero-trust model in its development, an imperative and highly topical concept in cybersecurity. Organizations follow zero-trust network principles to help address the security requirements of rapid digital transformation and the expansion of remote workforce. We also want to create an ecosystem that also incorporates much broader contextual information. This is why everyone is wondering why all this geopolitical rhetoric about 5G? 5G is no longer just a technology in the area of classic end-user broadband electronic communications. From now on it is an industrial technology, and hence the need for increased attention to our connectivity. Technologies that support zero-trust are moving into the mainstream. That’s why experts say it’s the best way to stop data breaches. The zero-trust network or zero-trust architecture model was created in 2010 and at that time it was an attempt to protect the systems not only against external vulnerabilities, but also against the internal vulnerabilities of the system operators,” said Dragos Preda.
The official mentioned that the zero-trust model has the role of looking for vulnerabilities without affecting the identity of persons.
„The zero-trust model is an operating model of this system we operate in. It’s a security concept focused on the belief that organizations should not trust anything inside or outside their perimeter. They must check everything attempting to connect to their systems before granting access, so this is not a monitoring process. For instance, amid the pandemic, the EU asked the operators to provide anonymised data on the pandemic situation, which means that the natural or legal person is monitored as an item, without affecting its identity. What is being sought is the vulnerability, not the person,” said Dragos Preda.
On the other hand, he cautioned that the cities are becoming increasingly more vulnerable to cyberattacks.
„With the convergence of both digital and physical infrastructures, activated also by the cloud size – now that we’ve been talking in the last year about the government cloud, the Internet of Things – cities are becoming increasingly vulnerable to cyberattacks, and cybersecurity practice in the smart city, smart community area assists all actors involved in this endeavor, both public and private, to address cybersecurity and privacy risks associated with connected environments, while adopting this solution provided by the new technologies, the next generation networks such as cloud, IoT, blockchain, artificial intelligence, machine learning. We are talking a lot about tele-school, telework, all these must be done by developing these infrastructures. At the same time, we know, there are things that are already obsolete in the field of post-crisis recovery: the switch from an L-shaped recession to a V-shaped recovery is done through the development of infrastructures. This means connectivity. And I am referring to all types of infrastructures, they must be seen as a whole,” said Dragos Preda
About half a year ago, I officially forwarded a National Broadband Investment Plan 2021-2027 following several informal meetings I had with Mr Marcel Bolos – at that time Minister of European Funding. We were prospecting to architect the access for every citizen of Romania to best current internet services.
The purpose of this plan of measures is to estimate the need for investments in broadband infrastructure for the next generation networks and to establish the necessary interventions on the market, so that Romania can meet the assumed objectives. It therefore describes the minimum rights and obligations aligned with the proposals put forward at European Union level to encourage the development of high-speed electronic communications networks and cross-sectoral coordination. The initiative also addresses a number of measures to encourage the development of next-generation networks (NGNs), including methods to reduce the costs of developing new-generation electronic communications networks. The investment plan focuses mainly on the new generation of access segment, the terminal segment of the new generation networks – this being the most difficult and expensive segment to develop – but also aims to highlight the necessary conditions for the development of transport networks (backbone ) and distribution (backhaul) already existing. The transmission and distribution networks in Romania are at a level of development that can be used and / or extended for ultra-fast NGA connections. However, in the case of rural areas in Romania, significant further developments of the distribution networks are needed to cover the “white areas”, and this is expected to happen through the RoNET project, as a necessary component of the National Investment Plan.
The new generation of Information Technology and Electronic Communications have an all-encompassing role in introducing communications and information in all economic and social processes and has an impact in all other high priority lines of action:
modernization of public administration and reduction of administrative costs
the use of open data in public institutions and ensuring interoperability digitization of the most important life events for citizens and the business environment the introduction of ITC in education, health, culture and creating social inclusion environments promoting national and cross-border e-commerce security of cyber networks
This plan will lead to the growth of an industrial sector whose purpose is the international spread of advanced solutions, in order to modernize the Romanian society and economy, increase its percentage in the GDP, due to exports from the technological sector and leading to increased export capacity of other sectors using new tech tools, made available as a result of the advance …

Ultima ora:

ObservatorVictor Vevera, Mireille Rădoi, Doina Banciu: 500 de ani de la „cel mai important document al culturii românești”. Simpozion la BCU „Carol I”

PoliticRemus Pricopie: Este politica o profesie serioasă?

EconomieNovel Research, Editura Club România: Trenduri în reglementări financiare

ExternIulian Fota, despre concluziile summit-ului Biden-Putin

SocialMarian Staș, despre criteriile pentru școlile-pilot: Cel mai important e să vrea și al doilea să poată

EvenimenteVictor Vevera, Mireille Rădoi, Doina Banciu: 500 de ani de la „cel mai important document al culturii românești”. Simpozion la BCU „Carol I”

CulturaFlaviu Predescu: Marile portrete ale lui Nadar. Expoziție la Timișoara

EditorialCiprian Stănescu: Educația viitorului în realitatea mixtă. Top 3 provocări pentru Generația Z

Club Romania | Elite si idei / - Open Source Internet Database part of a non-governmental project / Contact: office[at]oranoua[.]ro | Operated by CRSC Europe