Following an introduction from Marc Weinmeister, Secretary of State for European Affairs of the State of Hessen and Kai Rannenberg, Goethe University Frankfurt and co-ordinator of CyberSec4Europe, moderator David Goodman from Trust in Digital Life introduced the panellists:
- Miguel González-Sancho, Head of Cybersecurity Technology and Capacity Building, DG CNECT, European Commission
- Ramona Niță, Counselor Telecommunications, Cyber Security, Digital Internal Market, Postal Services, Permanent Representation of Romania to the EU
- Stelian Brad, President, Cluj IT Cluster and Professor, Technical University of Cluj-Napoca
- Monica Florea, Director of European projects, SIMAVI
- Virgil D. Gligor, Professor, Electrical and Computer Engineering, Carnegie Mellon University
The goal of the evening’s discussion was to explore both how Europe proposes to achieve its cybersecurity objectives over the coming two to three years as well as its impact on the industrial and academic cybersecurity community across Romania – not only in Bucharest, but also in Cluj-Napoca, home to a vibrant technology community that includes ten universities.
Miguel González-Sancho introduced the topic with insights into how the setting up of the Centre is progressing.
During the evening of 9 December 2020, a decision was made by the European Council to locate the EU's much anticipated cybersecurity centre in Bucharest, which was ratified a few days later at the final trialogue meeting. The regulation itself – for a European Cybersecurity Industrial, Technology and Research Competence Centre – is expected to be formally adopted in April, although work has started already.
As proposed, the European Commission is to facilitate the setting up of the three levels referenced in the legislation: the Centre, the Network and the community. Work is ongoing in the administrative aspects which include finding a suitable building in Bucharest, making a hosting agreement between the Centre and Romanian authorities and there are numerous discussions taking place with other relevant parts of the Commission regarding financial arrangements, staffing and building issues. There is an awful lot to go through in setting up a new EU body, particularly one with responsibility for distributing EU funds! It comes with a lot conditions and requirements, so that although all the parties involved are moving as fast as possible, it will take some time before the Centre is autonomous, although work will start well before that.
The second dimension are the Member States, represented by the National Coordination Centres, who together with European Commission are partners of the Centre. The first step has been to set up a Governing Board which will be ultimately responsible for making all decisions – nothing can be achieved without it. Until the regulation is adopted, legal decisions cannot be made so at present a ‘shadow Governing Board’ is being put in place with nominations for members being solicited from Member States. Representatives will be chosen on the basis of cybersecurity expertise as well as experience in investments. Creating the atmosphere for the coming years is of course difficult without being able to meet in person. Decisions on the Director of the Centre and matters of strategy will be the responsibility of the Board. A key piece at this level, the role of the National Coordination Centres is vital as they will also be tasked with financial responsibilities.
Preparation of the work programmes relating to cybersecurity will be a job of the Centre, but already the Commission has prepared the programmes for Horizon Europe and Digital Europe for 2021/2022, both of which have strong cybersecurity components.
The third level is the community, where the pilots come into play alongside ECSO and ENISA, all of whom have extensive communities. The Commission is working hand in hand with them all to collect all the relevant inputs to be handed over to the Centre in the future.
The ultimate goal of the Centre is to create a common approach to decide about cybersecurity investments in Europe: these discussions will start already this year.
Ramona Niță represents Romania in matters relating to cybersecurity in Brussels and is in a unique position to observe what is happening on the ground in Romania as well as political and strategic decisions being made in Brussels, as well as the emerging relationship between Brussels and Bucharest. The setting up of the Centre is of major importance to Romania and there is already a task force in place that will ensure the logistical and administrative arrangements to enable the Centre to become operational in as soon as possible. Romania is strong in technology through its industrial and academic community which has long been recognised internationally. The Centre will also open up opportunities for cost reduction of products and easier access to the investment community, providing a huge help to, for example, micro-enterprises. The Centre also represents competencies, which is of enormous importance for Europe, as well as a driver of collaboration between all stakeholders providing access to resources for researchers from academia and industry.
Although many may not have been aware previously, one of the compelling arguments for Bucharest’s successful bid is that Romania has a strong digital mentality, a strong cybersecurity eco-system, and an excellent digital infrastructure: it is one of the best networked countries in Europe. Also Bucharest is one of the best cities in terms of connectivity, and boasts many major companies. In short, it is one of the best cities, not only in Europe, but in the world!
Stepping away from Bucharest, Stelian Brad is President of the Cluj IT cluster and a professor at one of the universities in Cluj-Napoca in north-west Romania. The cluster is of particular interest to CyberSec4Europe which has developed the concept of CHECKs – Community Hubs of Expertise in Cybersecurity Knowledge. Cluj-Napoca has the largest community of IT experts outside Bucharest, but the biggest in terms of density: more than 20,000 IT specialists, with over 1,200 IT companies located in the city, including many enterprises operating worldwide, as well as the ten universities with more than 100,000 students. Cluj-Napoca works closely with Bucharest and other communities beyond Romania: a city of cluster initiatives with a strong culture of cooperation. To build up the Competence Centre will require a lot on the institutional side, in particular a network aligned to a common goal, an expertise which Cluj-Napoca can contribute to, an example being a recently formed national framework on distributed ledger technologies the results of which can be shared through the Centre. There are also plans to set up a national initiative on cybersecurity which could be internationalised with links to Central and South America as well as Africa – another reason for basing the Centre in Romania.
As already indicated, the community is one of the most important pillars, and Cluj IT is driving innovation ideas for small businesses through the H2020 cyberGEIGER project.
The cluster is both an organisation and a network and could be a model for the operation of the Centre. It started from a bottom-up approach to change the paradigm from services to intellectual innovation, making competitors collaborate on certain initiatives to open new windows of opportunities which raised attention at a European level. The set-up of the administration and specific task forces is a major challenge but vital and comes down to a code of ethics and intellectual property synergies between companies.
Monica Florea has had a long-standing relationship with the Romanian IT sector with close connections to Brussels, form both a technical and business perspective, and has seen the role of the community in Romania grow over many years. As head of European projects of SIMAVI, a spin-off of SIVECO which covers a wide range of domains, Monica is engaged in research innovation projects and is involved in 30 Horizon projects in different fields and domains. Security is one of the largest of those domains, particularly on the application side in security-related projects in health, energy, border security, digital and visual intelligence and counter-terrorism, in which SIMAVI plays the role of coordinator, technology provider or integrator. The company is also involved in e-learning and e-training related to security, using a augmented reality and games. As a company, SIMAVI/SIVECO is looking forward to the potential to strengthen public-private collaboration as well policy makers, academia and practitioners in cybersecurity through the Centre. Brussels has always been Monica’s second home after Bucharest and doesn’t feel that there is a great distance between them.
If Bucharest is a long way from Brussels, Pittsburgh is even further away. Virgil Gligor also has his own unique perspective on the technology scene in Romania. He grew up in Romania but moved to the United States as a young man and although he has lived and worked there ever since, he has always maintained close professional links with Romania. He very much appreciates setting up the Centre in Bucharest, having once failed miserably (his words) in an attempt to set up something similar. It was not for lack of funding: it had been a political decision. Interest in security in Romania, as elsewhere, in the early seventies but with only a few experts. But it was only at the turn of the millennium that things really took off everywhere in cybersecurity including in Romania.
Virgil’s vision goes back to an anecdote about three axioms of cyberinsecurity.
- There will always be rapid innovation in information technology which always leads to cyberinsecurity – forever. Why? There are three reasons for this are zero cost of entry in the business, zero regulation and zero reliability. People don’t have the time to pay attention to the detail
- Zero days, no attacks
- Based on the above, there will always be adversaries.
Users don’t need security all the time, platforms should offer feasible recourse to breaches of their system – all of this should be as usable as possible.
In the future, we will have systems that cannot be attacked by individual hackers or nation states. We are now building systems that are unconditionally secure that no amount of quantum computing can breach.
What is the interest of the Competence Centre and Network in the United States? Plenty, many of the top experts in the US came from Europe. It doesn’t matter that the Centre is in Europe or in Bucharest – more important that Europe found the political will to crystalise its objectives. A big success!
In conclusion, it’s important that the Centre will be a vehicle for driving a vision but also when the time is right in cooperating beyond the borders of Europe. Cybersecurity is no longer a technical concern but, with the growing number of cyber attacks, it has become an eco-system. Establishing the Centre in Bucharest can act as a magnet for young people to get involved and carry out research in cybersecurity, as well as generating a lot on interaction across Europe, ultimately to a safe Europe for citizens and businesses. Europe is a leader in privacy but is secondary to security and this initiative will strengthen Europe’s ambition to establish digital capacity and digital sovereignty.
From all that was heard the future for cybersecurity in Europe looks bright.
See also https://cybersec4europe.eu/event/establishing-the-competence-centre-in-bucharest-and-building-the-network/ for a recording of the event.