A topic related to this, "Cyber Security and Resilience" was under discussion at the Engineroom project's expert workshop in London, March 2018. Four distinct areas of discussion were elicited:
- General thoughts;
Cyber Security and Resilience
Described as: There is a need for secure internet infrastructure and protocols which are resilient against cyber-physical attacks with future-proof encryption.
- The incentives of actors in cyber security need to be realigned.
- There is a trade-off between resilience and efficiency. Everything is currently optimised for efficiency which is not suitable for cyber security in the long run.
- Cheap technologies are not necessarily secure because they cost less. For example webcams and other such kind of devices can be turned into nodes in botnets as happened with the Mirai botnet.
- Cybersecurity is seen as very complex, so people tend to disengage. People need to take this issue very seriously.
- Lack of accountability and regulation, and insufficient public awareness leads to higher risk of cyber threats.
- New business models are needed which include incentives to put cyber security and resilience at the core of the products.
- Need new regulation, for example the EU’s upcoming NIS directive, equivalent to the GDPR but for cyber security and CNI.
- European tech should be known to the secure-by-design. Europe has a real opportunity and potential in developing secure technology.
- This will also be an opportunity to bring back hardware production to Europe and to set global standards.
- There is a good opportunity for European start-ups to fill the gap in the market looking at tamper-proof ledgers, and other emerging solutions.
- Equifax (example of what not to do!) was a massive data breach caused by shoddy security standards.
- Shopify has been working closely with small retailers to collaboratively build safer systems.