The moderator of this session, Mr. Sebastien Heon, Director of Consulting & Political Affairs, Airbus Defense and Space Cyber Security, has been working in the security ecosystem for a dozen years, and yet he’s always hearing the same thing over and over again – threat and vulnerabilities are everywhere. Yes, it’s a fact that there’s threat and vulnerabilities but for him the focus should be on preventing the incident, and not just waiting for it to happen and then resolving it.

The session is focused on security progress all over the world, and we began with Ms. Sarah (Xiaohua) Zhao, partner at Perkins Coie LLP, China/USA. According, to Ms. Zhao, the biggest problem in China is the absence of a comprehensive legal framework for cybersecurity or privacy. There are local rules and administrative measures but they are improving gradually. Basically, every Government around the globe is trying to create or improve Cybersecurity, and the privacy law needs to be based on these 4 cornerstones:
• Enhancing the protection over privacy;
• Tightening the control over cybersecurity;
• Balancing between protection and control;
• Governmental initiatives and commercial opportunities over the market.

Mr. Patrick Curry, MACCSA, UK, brought to our attention the EU Council about cyber security called MAPPING (Managing Alternatives for Privacy Property and Internet Governance). His whole presentation can be summarized as «No to data protectionism! Yes to data protection!», and this should be the moto for every country in the world. «We should secure the foundation before thinking about the window or the roof. Security must be the base of our work. We need to speak the same languages and use the same rules».

Mr. Kevin Boyle from Latham & Watkins, talked about how security process could reduce your privacy, and why you should always try to avoid it unless it’s necessary. When you’re going through the security process you’re reducing the privacy of your employee because the programs you’re going to use will, for example, be reading inside email to prevent risks. According to Mr. Boyle, we need to go back to the first principles of privacy:
• Disclosure;
• Transparency;
• Least intrusion necessary (proportionality/necessity);
• Balance interest (security vs privacy).

According To Mr. Bror Salmelin, Adviser, Innovation Systems, Dg Connect, European Commission, the challenges related to Internet security have become ever more pressing. The economy is dependent on the level of Internet security since many businesses are now only done over the internet. Risks and incidents are on the rise because of lack of trust, economic losses and missed opportunities. The European Commission has developed a cooperation platform called NIS (Network and Information System) with the purpose of centralizing all the information about cybersecurity, and addressing the issue in a better way.

Mr. Oliver Väärtnõu, the CEO of Cybernetica AS from Estonia talked about how every part of the system in Estonia is entirely digital. Estonia’s digitalization can be illustrated by the following facts:
• Every Estonian has a digital ID;
• 95% of personal tax declarations are done online;
• 30% of Estonia’s voting process is done through the Internet
• e-residency offering state-proven digital identities that give access to services like: online banking, education and healthcare.
And it’s just the tip of the iceberg. To manage information from databases and services around the country they use X-road – Estonia’s homemade Secure Communication Layer.

Mr. Bertrand Lathoud, Information Security Officer, Paypal-Europe addressed the issue of complexity of threats landscape, infrastructures and usages which leads to an extreme vulnerability. He gave an example about innovation in usages. It feeds complexity because we want things available at anytime, anywhere, from any device. To avoid this vulnerability we need to shorten our decision cycle because individuals committing fraud don’t wait for regulations to be updated and then interfere with their criminal activities. A decision-making cycle based on the following four steps would be very effective: 1) observe; 2) orient; 3) decide, and 4) act. As Mr. Lathoud put it: « Security on the Internet is challenging but not impossible».

All speakers agreed on one major point – we need to regulate cyber security and privacy in a global way, and not do that on case-by-case basis so that we could prevent a situation where fraudsters had a lot more time to perform their criminal activities.