The Growth of the European Cybersecurity Market and of a EU Cybersecurity Industry

Transcription

1 The Growth of the European Cybersecurity Market and of a EU Cybersecurity Industry Yves Lagoude, Director of European Affairs and Thales & Member of the Board of Directors of EOS

2 European Organisation for Security

3 Awareness raising? There is a risk that Europe not only becomes excessively dependent on ICT produced elsewhere, but also on security solutions developed outside its frontiers. It is key to ensure that hardware and software components produced in the EU and in third countries that are used in critical services and infrastructure and increasingly in mobile devices are trustworthy, secure and guarantee the protection of personal data. Joint EU Communication on Cybersecurity Strategy for the European Union (7/2/2013) The enabling effects of ICT and service integration can have lasting effects on smart and sustainable growth ( ) However, out of the top 20 data companies in the world 17 are from the US and only two from Europe ( ) Concretely Europe could benefit from ( ) sufficient ICT security : ( ) the Network and Information Security (NIS) Platform will provide the groundwork for the implementation of the proposed NIS Directive to achieve cyber-resilience in the EU and develop industrial and technological own resources for cyber-security. Commission Staff Working Document accompanying the Communicationfor a European Industrial Renaissance (COM(2014)14)

4 EU Cybersecurity Industry context THE MARKET A 56B worldwide market dominated by North America B 43 77% B 13 23% Defence markets driven by national players (Raytheon, LM, L3Com, BAE, Cassidian, Selex, Rhode & Schwartz, Secunet, Thales, Indra ) Some markets closed : China, Russia, 17% 14% 19% 50% Enterprise markets driven by global players: IBM, Microsoft, Cisco, Checkpoint, Symantec, McAfee, Kapersky, CA Sources : ASDReports, Gartner, Thales

5 EU Cybersecurity Industry context THE SITUATION Increasing demand to cope with risks arising from ICT pervasiveness new challenges coming from mobility (incl. payments and identity schemes), big data, cloud computing, M2M, physical-logical security interaction, e-supply chain, etc. 28 EU Member States with different regulations and approaches to managing network and information systems security and data privacy leading to a fragmented market and difficulty to reach critical size Sovereignty issues and civil-defence links reinforce national approaches Cybersecurity industry competitiveness hampered by lack of global end-to-end approach and insufficient uptake of comprehensive risk analysis ICT security still seen as a matter of buying the right products Complexity to access to funding for European innovators and difficult to move from innovations to markets R&D funding mechanisms too slow to keep pace with cyber threat Data protection: a constraint and an opportunity Low level of investment

6 EU Cybersecurity Industry future MOVING FORWARD EOS calls for a fast adoption and implementation of a European Cybersecurity Industrial Policy (CYSIP) in order to: Secure European societies with European technology Establish a competitive and efficient industrial base in cybersecurity Develop European solutions and services Boost the European cybersecurity market Sustain the development of the European digital economy

7 EU Cyber Security Industry policy WHAT COULD BE AN EU CYBERSECURITY INDUSTRIAL POLICY? As for any industrial policy, an EU CYSIP would build upon : A strategic vision based on market assessment and make-or-buy orientations An analysis of the technological dependence and its consequences on digital economic sustainability, societal impacts and sovereignty issues A coordinated R&D and innovation roadmap A coordinated public procurement policy For the protection of state-owned / operated infrastructures and large governmental ICT systems A business-oriented, balanced and technology-neutral regulation framework Ensuring a level-playing field throughout Europe Reaching the right balance between incentives and compulsory frameworks Compensating efforts by co-funding and labelling measures Promoting European standards without reinventing the wheel

8 EU Cyber Security Industry policy WHY DO WE NEED SUCH A POLICY? Example of the ICT domain : Most HW and SW products procured from outside EU Still strong supply base for services in EU (IT and telecoms) : IT applications development and operations reflect specific business models over-harmonization has benefits but also costs Cyber security business models are currently drawn from ICT ones With specific exceptions (e.g. encryption systems) or niche start-ups With an under-developed services market Why do we need an EU industrial supply? Because of data protection issue (personal and trade data) Because of a de facto link to cyber defence And because EU has already a strong supply base coming from the ICT or security industry on which a more extended market can build

9 EU Cyber Security Industry policy WHERE COULD/SHOULD THERE BE A SPECIFIC EUROPEAN PRODUCT POLICY? Not in commodity protection products, close to the ICT mass markets (firewalls, antivirus, IDS software ) where global mature suppliers exist Opportunities in specific areas such as probes and core network routers Opportunities in supervision and monitoring tools and security services centers deployment (SOCs), incl. cyber intelligence Potentially in niches from new markets (smart security systems, smart and secure mobility, smart and safe city, SCADA and ICS ) HOW TO ACHIEVE IT? From EU-funded R&D on key components development By encouraging harmonized public procurement for national assets and CIP through PCP EU showing the way through major cyber security investments that could be done on EUwide existing or forthcoming assets EU institutions ICT platforms protection Integrated maritime surveillance, satellite systems, air traffic management, etc.

10 EU CYSIP actions for success (1/3) ESTABLISH A COHERENT AND HARMONIZED SET OF EUROPEAN POLICIES Support the implementation of the NIS Directive Comprehensive and relevant scope National strategies and CERTs deployment Governance and adequate infrastructures Develop standards and certification (EU security label) Create a Cyber European Agreed Product list (e.g. managed by ENISA) ENCOURAGE PUBLIC PRIVATE DIALOGUE Encourage participation of the European cyber security industry at the NIS Platform Include private sector in EU-wide cyber exercises Leverage on and coordinate existing public-private initiatives (NATO, ENISA, NISP, EC3, EIP, KIC )

11 EU CYSIP actions for success (2/3) FOSTER DEPLOYMENT Protect European Institutions and major European Programmes Encourage deployment of EU based data centers and secured cloud services Use funding mechanisms for deployment of large programmes in MS Security of broadband networks and cyber security of large infrastructure in Cohesion Policy Internal security fund for cyber protection of law enforcement / border management systems Specific funds to accompany security new constraints for market operators and critical infrastructures Establish specific support mechanisms for cyber security SMEs Establish sector-based test-beds and pilots for the evaluation of CI (SCADA, ICS ) cyber resilience

12 EU CYSIP actions for success (2/3) RESEARCH AND INNOVATION Better derive work programmes and topics from gap analysis Ensure timely and simple administrative processes (cut the red tape) Implement PCP schemes to bridge the innovation-to-market gap and harmonize specifications Align multiple initiatives (TDL, CSP, Cyspa, ACDC, SecCord, etc.) into a consistent overarching strategy and roadmap And also AWARENESS AND TRAINING Awareness raising at all levels (including C ) of corporate Basic training to start at primary school levels (understanding what s behind the screen) Promote data protection and data privacy culture

13 Way forward? From Federal News Radio, early Aug : Department of Homeland Security has awarded contracts to 17 firms to provide continuous diagnostics and mitigation services, also known as CDM, to the federal government, creating a potential model for private groups to measure and adjust their own cyber security efforts ( ) (and) designed to defend public sector IT networks from cyber threats ( ) Booz Allen, IBM, General Dynamics-IT, Lockheed Martin, Northrop Grumman, Hewlett Packard, SAIC and CGI Federal Inc. (CGI)were among the contract winners. McAfee will provide the tool suites under many of the contracts. The contract is worth up to 6 billion $. And now?

14 EU Cyber Security Industry THANK YOU! FOR MORE INFORMATION AND SUGGESTIONS: EOS Cyber Security Working Group Yves Lagoude: Mari Kert : mari.kert@eos-eu.com