European Cyberpolicy Forum: The whole is more than the sum of its parts: sharing and multiplying cyber threat intelligence

Arnaud Dechoux, Public Affairs Manager

Cybercrime is rising in frequency and sophistication. The connected nature of the internet requires efficient international cooperation to fight crime which knows no national borders. To protect individuals, organizations and critical infrastructure worldwide from the malicious intent behind cybercrime, the sharing and multiplying of cyber threat intelligence is absolutely necessary. Why is this so – especially in turbulent geopolitical times and the context of war? What can we do to increase cooperation in this field? The latest edition of the European Cyberpolicy Forum: The whole is more than the sum of its parts: sharing and multiplying cyber threat intelligence, organized within European Cybersecurity Month 2022, brought together high-level experts to discuss the role of cyber threat intelligence in building up cyber resilience.

‘Threat intelligence is a key asset for governments if they want to protect themselves against cyber threats,’ said Morten Lehn, Managing Director Northern Europe at Kaspersky, before adding: ‘we have the same goal – protecting people against cyberattacks - cybersecurity is therefore a team sport, and this is even more important today.’ This statement kicked off a lively and productive discussion on the current state of cybersecurity and how to improve cyber resilience both in the European Union and worldwide.

The experts agreed that the internet was developed to connect people worldwide, but increasing fragmentation has led to polarisation among actors. But as Christian Funk, Head of the Global Research and Analysis Team DACH at Kaspersky, pointed out, ‘while there is fragmentation in cyber space, this does not mean that cyber threats are isolated within their fragmentation. Threats will remain global, even if an attacker only wanted to target certain organisations.’ Threat intelligence and broader cybersecurity cannot be considered in a fragmented manner.

As explained by Professor Dennis-Kenji Kipker, Professor for IT Security Law at the University of Bremen in Germany, ‘cybersecurity regulation is slowly being understood holistically, and must be considered internationally.’ Professor Christos Douligeris, Professor at the Department of Informatics of the University of Piraeus in Greece, and member of the ENISA Ad-Hoc Working Group on Cyber Threat Landscapes, added that ‘cybersecurity is an international issue, and there are many actors to consider.’

Prof. Kipker suggested that new regulations, such as the proposed Cyber Resilience Act of the European Commission, reflect the need to think about cybersecurity as a whole ecosystem – both as vertical and horizontal integration during every step of production, but also noted that, ‘regulation on its own is not enough; the willingness of all actors to participate is very important.’ If enacted properly, the Cyber Resilience Act could be an absolute game changer in cyber regulation.

Threat intelligence is one of the key assets in fighting cyberthreats. To reach its full potential, all relevant actors – from governments and corporations to individuals – need to be brought together for open dialogue and to support interdisciplinary cooperation.

‘We want threat intelligence to be relevant, timely, and accurate,’ stated Prof. Christos Douligeris, while Christian Funk added that we need as much threat intelligence as possible, and that its analysis and reporting must be both factual and neutral in order to benefit everyone equally.

While threat intelligence plays an important role in fighting cyberthreats, experts also suggested that it has become an inherent political issue. As Prof. Kipker pointed out, we see attempts to regulate threat intelligence in the European Union accelerating information exchange among Member States. Further, legal certainty is an absolute requirement – especially for researchers and corporations regarding questions surrounding identified cyber vulnerabilities. A common political line, ideally enacted on an international level, would strengthen cooperation among actors and ultimately raise cyber resilience.

Looking to the future, Prof. Douligeris suggested introducing globally applicable cybercrime legislation to define minimum-security criteria. Further, not just politicians but also neutral experts - those who hold States accountable to globally applicable cybercrime legislations – are needed. Prof. Kipker agreed and added that regulatory gaps must be closed and proposed legislative measures made verifiable, but also warned that cybersecurity cannot be an instrument of geopolitical power alone. At the same time, governments must be careful that there is no over-regulation hindering economic innovation and the introduction of new technologies.

Christian Funk also called on private and public partners to create a two-way information exchange and noted that, while awareness of cybersecurity risks is rising, investment seems to be falling: a situation that must be solved quickly and efficiently.

Looking at the current geopolitical situation, the experts agreed that much trust among actors has been lost – risking the very foundation of cybersecurity. As a result, we face growing regionalisation and polarisation between actors. Anastasiya Kazakova, Senior Public Affairs Manager at Kaspersky, suggested that ‘trust starts with interpersonal communication, and then spills over onto the institutional level.’ Prof. Douligeris noted that dialogue between all actors must continue, and that ‘doors should never close.’ International cooperation, in an interdisciplinary manner, must be improved.

Click here to access the video recording of the event.

You can also find here an overview of Kaspersky’s contribution to the draft EU Cyber Resilience Act, including insights on how to bring more cybersecurity to digital products and services.

We look forward to hosting you at our next #EuropeanCyberPolicyForum. If you are interested in participating in forthcoming European policy-related events organized by Kaspersky, please send an email to policy.europe@kaspersky.com.