Speech by Commissioner Breton on cybersecurity at the High-Level Conference on Cybersecurity in the Republic of Korea
Honorable Minister Park,
Dear representative of the Swedish presidency of
the EU,
Ladies and Gentlemen,
I am very glad to participate to this conference on cyber security, here in Seoul.
Cybersecurity has become a global emergency.Every 11 seconds, an organisation around the globe is hit by a ransomware attack.In the first half of 2022, researchers recorded 2.8 billion malware attacks in the world. This is an 11 percent increase from the year before. Hospitals, ministries, universities, large infrastructures have been under attack in the EU and elsewhere.
Cyberthreats know no borders. And in a globalised and interconnected world, cyber malign attacks can spread easily. Cooperation is therefore the only way to increase our collective resilience.
That is why I am very happy to be here in Korea, to discuss with the government and with all the stakeholders, including the industry, on how we can enhance in concrete terms our cyber cooperation from a technological, industrial, operational and geopolitical point of view.
This is the sense of the initial step we took in the context of our EU/Republic of Korea digital partnership, but I believe we should now build a more ambitious partnership on cyber. I will come back on this.
Korea has a strong experience in responding to cyber threats. On its side, building on the assets and experience of its Member States, the European Union has step up its action to increase the EU-wide cyber resilience.
As the Commissioner in charge of this policy, I have been working over the last 3 years to raise the cyber resilience landscape of Europe at the right level. At the level required from a credible partner.
In this context, there are couple of messages that I would like to convey to you all today.
[Partnership with Korea on cyber]
My first message is that Europe & the Republic of Korea are facing a similar cyber threats landscape.
We all know of course the established cyber malware: viruses, ransomware, worms, Phishing, spyware or Trojan horses. There is a lot to be done just to deal with these, that are multiplying every year, often pushed by criminals eager to use a vulnerability to make profits. In a society and economy that will increasingly rely on digital technology this trend is a key challenge.
But our joint cybersecurity threat landscape is changing.We are not talking anymore only about well-known malware but also about cyber as an economic or military weapon, used to disrupt supply chains, threaten critical infrastructures, disorganize our societies, attack our democratic institutions and electoral processes, or simply spread disinformation. These hybrid attacks are raising in number and sophistication.
Every day, we are experiencing attempts, by authoritarian regimes and state-backed actors, to undermine the rules-based international order in cyberspace.
We see also a stark increase of malicious behaviour in cyberspace in recent years, endangering our critical infrastructures and targeting both civil and military assets.
As we face the same threats, we should work together to counter them.
And here is my second message today: the EU is ready to join forces with our advanced and strategic partners, like the Republic of Korea, to make the utmost to secure the open, global cyberspace and to work together to enhance our resilience to cyber-attacks.
And I am here in Seoul today to propose a more structured partnership on cyber.
I warmly welcome the inclusion of cybersecurity aspects in the Digital Partnership between the EU and the Republic of Korea.
Our Digital Partnership offers a very good cooperation basis. It prepares the ground to enhance information sharing among EU and Korean players for instance through our respective Information Sharing and Analysis Centres (ISACs).
This is key: Information sharing on tackling cyber-attacks, incident response, mitigation measures and preparatory controls is a requirement for improving cyber security.
The second aspect of our Digital Partnership is about establishing the foundations of cooperation in capacity-building exercises. We are eager to launch this with the Republic of Korea.
But I believe – and this is my third message to you: we should explore the opening of a new phase in our cooperation on cyber and launch a dedicated EU-Korea cyber dialogue of the same nature as the one we have with the US.
It shall focus on concrete operational cooperation and cyber resilience and serve as a forum for mutual exchange of experience on the necessary regulatory environment, the protection of critical infrastructures, cyber incident prevention, supply chain security, cybersecurity of products, as well as funding programmes.
In this perspective, I look forward to hearing more from EU and Korean stakeholders today on what would be necessary to structure this dialogue in the most efficient way.
[EU a credible actor on cybersecurity]
Over the last 3 years, in the EU, we have operated a true overall of the cyber cooperation to avoid fragmentation between our 27 Member States.
If cooperation is key for increasing our resilience to cyber, this is even more true in the EU integrated single market, where we are as strong as the weakest link when it comes to cyber. So, under my impulse, we have been working on several pillars.
First, we organised our single market to make it more cyber secure.
We set out high common requirements for essential economic operators so that they increase their cyber resilience, with strong risk management and incident reporting obligations.
We have also proposed to establish cybersecurity minimum requirements for any products (hardware or software) placed on the EU market, through a “cyber by design” approach. We are ready to work with our partners putting their products on our market to ensure a smooth implementation. These requirements will not discriminate between EU and non-EU originated products.
Second pillar, we are reducing our technological dependencies and security risk surface.
We have learned the hard way in Europe that any dependencies can be used against our own interest.
As part of a new economic and strategic approach on Economic security, Europe has decided to map its technological, supply chain and critical infrastructures dependencies and to work on reducing them to improve our collective security and de-risk its economic ties.
We decided to massively invest in certain technologies. In supercomputing, Europe has now the best infrastructure in the world for high performance computing. In Cloud, the industrial cloud and edge technologies are being developed. In Chips, we build on the excellence in research with IMEC and LETI, to be able to produce advanced node chips in Europe, perform advanced packaging and embed cybersecurity functionalities directly on the chips. In Quantum, we are putting forward a massive European plan to capitalise on the excellence of our research.
The security risk surface of our 5G networks, one of our key critical infrastructures is also at the centre of our preoccupations.
In 2020, we have recommended to all our Member States to restrict or forbid the presence of high-risk suppliers in the CORE and the RAN of their networks.
Indeed, we have strong concerns about the risks posed by certain suppliers of mobile network communication equipment, such as Huawei and ZTE, to the security of the Union. We will therefore exclude them from the 5G networks linked to the European Commission sites, and we will reflect this in our funding programmes.
As we strengthen the security requirements for 5G networks, we are also closely following technological developments, such as Open RAN and 6G.
Together with Member States, we looked at the security implications of OpenRAN architecture and concluded that while it might bring benefits, Open RAN also presents security risks, and is not yet a mature technology on security matters.
More investment in research and innovation in open architectures and their security and sustainability aspects is needed and Europe is actually leading on this front. We would be happy to partner with Korean actors in this field.
At the same time, we are investing on 6G development, and especially 6G standards. I believe this is a great potential source of partnerships between EU and Korean companies.
The Third and final pillar of our action is about our operational cooperation to face major cyber-attacks. For this we are building a European network of Security Operation Centres enabled with AI technology and a EU cyber reserve to contract cyber industry to support a Member States under attack. The war in Ukraine revealed the importance of involving the private sector if we are to be serious about countering cyber threats.
We are also working, in partnership with NATO, on increasing the resilience of our critical infrastructure, including from the cyber threats.We would be keen in opening a discussion with Korea on the cyber security of critical infrastructures, especially connectivity infrastructures such as undersea cables or space-based connectivity.
Cyber being dual by nature, we are stepping up now our EU cyber defence policy, recognising cyber as a contested area and fully part of our newly defined defence doctrine.
In this perspective we are investing massively into cyber defence capacities through the European defence fund. We also strengthen our cyber diplomacy toolbox to work on attribution and a more offensive sanction regime.
[Conclusion]
Ladies and Gentlemen,
Cyber security is a clear priority for Europe. While we are working at home to enhance our level of cyber resilience, we are also very much aware that Europe cannot do that in isolation.
We will continue our collaboration with our strategic partners to promote a global, open, stable and secure cyberspace, grounded in the rule of law, human rights, fundamental freedoms and democratic values.
Korea is a partner of first choice in this perspective.
I look forward to enhancing our cooperation with you in this essential domain.
You can count on me
Thank you.