Cyber crime is big business. In 2013, the global profits from cyber crime rose to $3 trillion, surpassing even the international drugs trade in marijuana, cocaine and heroin combined. The increase in the frequency, magnitude, and sophistication of cyber-attacks has become a significant security threat, prompting the NATO allies to recently agree to an upgrade of their combined strategy.
Yet how much can governments do, given that most of the infrastructure of cyberspace – from software, to hardware, to cloud services – is operated and supplied by the private sector? At the 2014 NATO Summit in Wales, allied governments adopted a NATO Industry Cyber Partnership (NICP) in order to enhance cooperation between the public and private sectors.
Twelve months on, what progress has been made on turning this commitment to public-private cooperation in cyber defence into reality? How can information-sharing between public and private sector partners be improved? Should NATO and the EU work towards a common framework for cooperation with the private sector in cyberdefence?
Want to learn more about some of the high-profile cyber attacks that have taken place recently? Check out our infographic below (click for a bigger image).
We had a comment sent in from Catherine, arguing that the Edward Snowden revelations about the extent of NSA spying and the collusion of European intelligence agencies have seriously damaged trust in private-public cooperation in cyberspace. What impact did the Snowden leaks have on the cyber security debate in Europe? Particularly in terms of cooperation between the US and Europe, and in terms of public trust about what governments are doing in cyberspace to protect us?
To get a response, we spoke to Jamie Shea, Deputy Assistant Secretary General for Emerging Security Challenges. What would he say to Catherine?
[…] The real impact is that there is now a massive demand for more encryption by individual consumers with the new generation of computing and 4G mobile phones. And companies like Google, Apple, and others feel the pressure to introduce that encryption. And, as we heard from the head of MI5 in my country, Andrew Parker, this week in a speech he gave in London, this is making the lives of intelligence services difficult if they can no longer monitor terrorist suspects because the communications are so well encrypted that code breakers cannot deal with it.
So, the big debate now is to what degree should the private sector, while recognising the need for privacy, nonetheless cooperates with governments where there is really a need to have access, because we are dealing with people, as Andrew Parker said, who really are seeking to harm us.
How else can governments and private companies cooperate on dealing with threats in cyberspace? Twelve months after the NATO Wales Summit, what progress has been made on turning the commitment to public-private cooperation in cyber defence into a reality? We asked Jamie Shea for his opinion:
It’s always a work in progress, as you know, particularly when you are dealing with people who perhaps didn’t have the same degree of interaction or cooperation 30 years ago when we were dealing with tanks, or aircraft, or missiles, rather than electrons. But we are moving towards the creation of the NICP (NATO-Industry Cyber Partnership), whereby we’re engaging industry in a much more intensified discussion on threats, intelligence, system configuration, how to build more resilient systems, how industry can put security into the product at the beginning – rather than as an afterthought when the product has been launched on the market, and involving industry in our training and exercises…
Should private companies work with governments to fight threats online? Should encrypted communications be banned online? Let us know your thoughts and comments in the form below, and we’ll take them to policymakers and experts for their reactions!
Do you consider NSA a company?
No, that is privacy suicide.
They already are cooperating. With or without our consent or knowledge. I’m kind of tired of this subject, the “international enemy evil hacker”. Go back to paper and typewriters, stamps and safe vaults ! Problem solved.
Probably already done! Stable bolted horse!
We computers don’t cooperate with corrupters…
the govts. are the biggest online threats
I dont trust intelligence agencys that arent under public scrutiny and control, as is the case now.
No ,the EU must enforce its privacy laws and not hand any information to any organization without a proper warrant from local authorities of the suspect.
No! Its called Privacy!
Threats and lots of lots of complaining that some seams do not understand to solve problems!!
Those who have nothing to hide, won’t be worried or disturbed at all :-)
21/09/2017 Dr. Mariarosaria Taddeo, Researcher Fellow at the Oxford Internet Institute, has responded to this comment.
21/09/2017 Dr. John Guelke, Research Fellow at the University of Warwick, has responded to this comment.
Absolutely no way. We need to have back the security online. Surveillance only thro court order on individual basis. Like it was before for normal crimes.
As it is now they are far worse than stasi.
They are also misusing the information to.
Is this organisation, ‘debating Europe’ funded by the EU? Yes/No ?
Of course not
That question seems a bit misguided because, in my opinion, the issue is not if they should or shouldn’t cooperate: each country have it’s own laws that regulates in wich cases private companies are obligated to cooperate. And once the order is issued, they are bound to comply. If, in one given moment and one given case, there are suspicions of illegal activities, then it will be up to lawmakers to build the legal framework that will guide on what terms, conditions and what instruments may be used to adress that (those) specific cases and up to public agencies/institutions to enforce it.
But this issue should not be an excuse for an Orwellian State-a-like. Individual privacy must be at the forefront of the debate for several reasons:
i) Historically, there have been some examples of (illegal/illegitimate) appropriation and misuse of private information by government agencies (driven by various reasons);
ii) That kind of legal limitation would only be applicable to ordinary citizens/ordinary companies. Terrorism or organised crime have the resources and manpower to create their own systems;
iii) limiting security (encryption) levels/services to the individual consumer, besides the privacy issue as a main principle in any democratic state, raises the question of liability: in the cases of being victim of cyber crime due to, partially, restrictions on security levels permitted.
Among many other issues and doubts…
What the US did tolerance and freedom and affecting our way of life Europe is now making the US did I wish good luck to all Europeans who seek our freedom of European internet rights
Privacy, safety and the right to self express.